blob: 0ff058cb0daf9718c9aadd985fef88c4ec3c44c3 [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
Willy Tarreau8d164dc2019-05-10 09:35:00 +020026/* Note: do NOT include openssl/xxx.h here, do it in openssl-compat.h */
Emeric Brun46591952012-05-18 15:47:34 +020027#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020028#include <ctype.h>
29#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020030#include <errno.h>
31#include <fcntl.h>
32#include <stdio.h>
33#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020034#include <string.h>
35#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020036
37#include <sys/socket.h>
38#include <sys/stat.h>
39#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020040#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020041#include <netinet/tcp.h>
42
Christopher Faulet31af49d2015-06-09 17:29:50 +020043#include <import/lru.h>
44#include <import/xxhash.h>
45
Emeric Brun46591952012-05-18 15:47:34 +020046#include <common/buffer.h>
Willy Tarreau843b7cb2018-07-13 10:54:26 +020047#include <common/chunk.h>
Emeric Brun46591952012-05-18 15:47:34 +020048#include <common/compat.h>
49#include <common/config.h>
50#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020051#include <common/errors.h>
Willy Tarreau0108d902018-11-25 19:14:37 +010052#include <common/initcall.h>
Willy Tarreau55994562019-05-09 14:52:44 +020053#include <common/openssl-compat.h>
Emeric Brun46591952012-05-18 15:47:34 +020054#include <common/standard.h>
55#include <common/ticks.h>
56#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010057#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010058#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020059
Emeric Brunfc0421f2012-09-07 17:30:07 +020060#include <ebsttree.h>
61
William Lallemand32af2032016-10-29 18:09:35 +020062#include <types/applet.h>
63#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020064#include <types/global.h>
65#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +020066#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020067
Willy Tarreau7875d092012-09-10 08:20:03 +020068#include <proto/acl.h>
69#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +020070#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +020071#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +020072#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +020073#include <proto/fd.h>
74#include <proto/freq_ctr.h>
75#include <proto/frontend.h>
Willy Tarreau61c112a2018-10-02 16:43:32 +020076#include <proto/http_rules.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020077#include <proto/listener.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010078#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020079#include <proto/proto_tcp.h>
Olivier Houchardccaa7de2017-10-02 11:51:03 +020080#include <proto/proto_http.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +020081#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +020082#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +020083#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +020084#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020085#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +020086#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +020087#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +020088#include <proto/task.h>
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010089#include <proto/vars.h>
Emeric Brun46591952012-05-18 15:47:34 +020090
Willy Tarreau9356dac2019-05-10 09:22:53 +020091/* ***** READ THIS before adding code here! *****
92 *
93 * Due to API incompatibilities between multiple OpenSSL versions and their
94 * derivatives, it's often tempting to add macros to (re-)define certain
95 * symbols. Please do not do this here, and do it in common/openssl-compat.h
96 * exclusively so that the whole code consistently uses the same macros.
97 *
98 * Whenever possible if a macro is missing in certain versions, it's better
99 * to conditionally define it in openssl-compat.h than using lots of ifdefs.
100 */
101
Willy Tarreau518cedd2014-02-17 15:43:01 +0100102/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200103#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100104#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100105#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200106#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
107
Emeric Brunf282a812012-09-21 15:27:54 +0200108/* bits 0xFFFF0000 are reserved to store verify errors */
109
110/* Verify errors macros */
111#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
112#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
113#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
114
115#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
116#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
117#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200118
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200119/* ssl_methods flags for ssl options */
120#define MC_SSL_O_ALL 0x0000
121#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
122#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
123#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
124#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200125#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200126
127/* ssl_methods versions */
128enum {
129 CONF_TLSV_NONE = 0,
130 CONF_TLSV_MIN = 1,
131 CONF_SSLV3 = 1,
132 CONF_TLSV10 = 2,
133 CONF_TLSV11 = 3,
134 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200135 CONF_TLSV13 = 5,
136 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200137};
138
Emeric Brun850efd52014-01-29 12:24:34 +0100139/* server and bind verify method, it uses a global value as default */
140enum {
141 SSL_SOCK_VERIFY_DEFAULT = 0,
142 SSL_SOCK_VERIFY_REQUIRED = 1,
143 SSL_SOCK_VERIFY_OPTIONAL = 2,
144 SSL_SOCK_VERIFY_NONE = 3,
145};
146
William Lallemand3f85c9a2017-10-09 16:30:50 +0200147
Willy Tarreau71b734c2014-01-28 15:19:44 +0100148int sslconns = 0;
149int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100150static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100151int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200152
Willy Tarreauef934602016-12-22 23:12:01 +0100153static struct {
154 char *crt_base; /* base directory path for certificates */
155 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000156 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100157
158 char *listen_default_ciphers;
159 char *connect_default_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200160#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200161 char *listen_default_ciphersuites;
162 char *connect_default_ciphersuites;
163#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100164 int listen_default_ssloptions;
165 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200166 struct tls_version_filter listen_default_sslmethods;
167 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100168
169 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
170 unsigned int life_time; /* SSL session lifetime in seconds */
171 unsigned int max_record; /* SSL max record size */
172 unsigned int default_dh_param; /* SSL maximum DH parameter size */
173 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100174 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100175} global_ssl = {
176#ifdef LISTEN_DEFAULT_CIPHERS
177 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
178#endif
179#ifdef CONNECT_DEFAULT_CIPHERS
180 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
181#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200182#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200183#ifdef LISTEN_DEFAULT_CIPHERSUITES
184 .listen_default_ciphersuites = LISTEN_DEFAULT_CIPHERSUITES,
185#endif
186#ifdef CONNECT_DEFAULT_CIPHERSUITES
187 .connect_default_ciphersuites = CONNECT_DEFAULT_CIPHERSUITES,
188#endif
189#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100190 .listen_default_ssloptions = BC_SSL_O_NONE,
191 .connect_default_ssloptions = SRV_SSL_O_NONE,
192
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200193 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
194 .listen_default_sslmethods.min = CONF_TLSV_NONE,
195 .listen_default_sslmethods.max = CONF_TLSV_NONE,
196 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
197 .connect_default_sslmethods.min = CONF_TLSV_NONE,
198 .connect_default_sslmethods.max = CONF_TLSV_NONE,
199
Willy Tarreauef934602016-12-22 23:12:01 +0100200#ifdef DEFAULT_SSL_MAX_RECORD
201 .max_record = DEFAULT_SSL_MAX_RECORD,
202#endif
203 .default_dh_param = SSL_DEFAULT_DH_PARAM,
204 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100205 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100206};
207
Olivier Houcharda8955d52019-04-07 22:00:38 +0200208static BIO_METHOD *ha_meth;
209
Olivier Houchard66ab4982019-02-26 18:37:15 +0100210struct ssl_sock_ctx {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200211 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100212 SSL *ssl;
Olivier Houcharda8955d52019-04-07 22:00:38 +0200213 BIO *bio;
Olivier Houchard5149b592019-05-23 17:47:36 +0200214 const struct xprt_ops *xprt;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100215 void *xprt_ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +0200216 struct wait_event wait_event;
217 struct wait_event *recv_wait;
218 struct wait_event *send_wait;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +0100219 int xprt_st; /* transport layer state, initialized to zero */
220 int tmp_early_data; /* 1st byte of early data, if any */
221 int sent_early_data; /* Amount of early data we sent so far */
222
Olivier Houchard66ab4982019-02-26 18:37:15 +0100223};
224
225DECLARE_STATIC_POOL(ssl_sock_ctx_pool, "ssl_sock_ctx_pool", sizeof(struct ssl_sock_ctx));
226
Olivier Houchardea8dd942019-05-20 14:02:16 +0200227static struct task *ssl_sock_io_cb(struct task *, void *, unsigned short);
Olivier Houchard000694c2019-05-23 14:45:12 +0200228static int ssl_sock_handshake(struct connection *conn, unsigned int flag);
Olivier Houchardea8dd942019-05-20 14:02:16 +0200229
Olivier Houcharda8955d52019-04-07 22:00:38 +0200230/* Methods to implement OpenSSL BIO */
231static int ha_ssl_write(BIO *h, const char *buf, int num)
232{
233 struct buffer tmpbuf;
234 struct ssl_sock_ctx *ctx;
235 int ret;
236
237 ctx = BIO_get_data(h);
238 tmpbuf.size = num;
239 tmpbuf.area = (void *)(uintptr_t)buf;
240 tmpbuf.data = num;
241 tmpbuf.head = 0;
242 ret = ctx->xprt->snd_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, num, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200243 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_WR_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200244 BIO_set_retry_write(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200245 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200246 } else if (ret == 0)
247 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200248 return ret;
249}
250
251static int ha_ssl_gets(BIO *h, char *buf, int size)
252{
253
254 return 0;
255}
256
257static int ha_ssl_puts(BIO *h, const char *str)
258{
259
260 return ha_ssl_write(h, str, strlen(str));
261}
262
263static int ha_ssl_read(BIO *h, char *buf, int size)
264{
265 struct buffer tmpbuf;
266 struct ssl_sock_ctx *ctx;
267 int ret;
268
269 ctx = BIO_get_data(h);
270 tmpbuf.size = size;
271 tmpbuf.area = buf;
272 tmpbuf.data = 0;
273 tmpbuf.head = 0;
274 ret = ctx->xprt->rcv_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, size, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200275 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_RD_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200276 BIO_set_retry_read(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200277 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200278 } else if (ret == 0)
279 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200280
281 return ret;
282}
283
284static long ha_ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2)
285{
286 int ret = 0;
287 switch (cmd) {
288 case BIO_CTRL_DUP:
289 case BIO_CTRL_FLUSH:
290 ret = 1;
291 break;
292 }
293 return ret;
294}
295
296static int ha_ssl_new(BIO *h)
297{
298 BIO_set_init(h, 1);
299 BIO_set_data(h, NULL);
300 BIO_clear_flags(h, ~0);
301 return 1;
302}
303
304static int ha_ssl_free(BIO *data)
305{
306
307 return 1;
308}
309
310
Willy Tarreau5db847a2019-05-09 14:13:35 +0200311#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100312
Emeric Brun821bb9b2017-06-15 16:37:39 +0200313static HA_RWLOCK_T *ssl_rwlocks;
314
315
316unsigned long ssl_id_function(void)
317{
318 return (unsigned long)tid;
319}
320
321void ssl_locking_function(int mode, int n, const char * file, int line)
322{
323 if (mode & CRYPTO_LOCK) {
324 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100325 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200326 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100327 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200328 }
329 else {
330 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100331 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200332 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100333 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200334 }
335}
336
337static int ssl_locking_init(void)
338{
339 int i;
340
341 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
342 if (!ssl_rwlocks)
343 return -1;
344
345 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100346 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200347
348 CRYPTO_set_id_callback(ssl_id_function);
349 CRYPTO_set_locking_callback(ssl_locking_function);
350
351 return 0;
352}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100353
Emeric Brun821bb9b2017-06-15 16:37:39 +0200354#endif
355
356
357
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100358/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100359struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100360 unsigned long long int xxh64;
361 unsigned char ciphersuite_len;
362 char ciphersuite[0];
363};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100364struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100365static int ssl_capture_ptr_index = -1;
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200366static int ssl_app_data_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100367
Emmanuel Hocdet96b78342017-10-31 15:46:07 +0100368static int ssl_pkey_info_index = -1;
369
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200370#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
371struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
372#endif
373
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200374#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000375static unsigned int openssl_engines_initialized;
376struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
377struct ssl_engine_list {
378 struct list list;
379 ENGINE *e;
380};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200381#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000382
Remi Gacogne8de54152014-07-15 11:36:40 +0200383#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200384static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200385static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200386static DH *local_dh_1024 = NULL;
387static DH *local_dh_2048 = NULL;
388static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100389static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200390#endif /* OPENSSL_NO_DH */
391
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100392#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200393/* X509V3 Extensions that will be added on generated certificates */
394#define X509V3_EXT_SIZE 5
395static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
396 "basicConstraints",
397 "nsComment",
398 "subjectKeyIdentifier",
399 "authorityKeyIdentifier",
400 "keyUsage",
401};
402static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
403 "CA:FALSE",
404 "\"OpenSSL Generated Certificate\"",
405 "hash",
406 "keyid,issuer:always",
407 "nonRepudiation,digitalSignature,keyEncipherment"
408};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200409/* LRU cache to store generated certificate */
410static struct lru64_head *ssl_ctx_lru_tree = NULL;
411static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200412static unsigned int ssl_ctx_serial;
Willy Tarreau86abe442018-11-25 20:12:18 +0100413__decl_rwlock(ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200414
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200415#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
416
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100417static struct ssl_bind_kw ssl_bind_kws[];
418
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200419#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhube2774d2015-12-10 15:07:30 -0500420/* The order here matters for picking a default context,
421 * keep the most common keytype at the bottom of the list
422 */
423const char *SSL_SOCK_KEYTYPE_NAMES[] = {
424 "dsa",
425 "ecdsa",
426 "rsa"
427};
428#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100429#else
430#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500431#endif
432
William Lallemandc3cd35f2017-11-28 11:04:43 +0100433static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100434static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
435
436#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
437
438#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
439 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
440
441#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
442 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200443
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100444/*
445 * This function gives the detail of the SSL error. It is used only
446 * if the debug mode and the verbose mode are activated. It dump all
447 * the SSL error until the stack was empty.
448 */
449static forceinline void ssl_sock_dump_errors(struct connection *conn)
450{
451 unsigned long ret;
452
453 if (unlikely(global.mode & MODE_DEBUG)) {
454 while(1) {
455 ret = ERR_get_error();
456 if (ret == 0)
457 return;
458 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200459 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100460 ERR_func_error_string(ret), ERR_reason_error_string(ret));
461 }
462 }
463}
464
yanbzhube2774d2015-12-10 15:07:30 -0500465
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200466#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000467static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
468{
469 int err_code = ERR_ABORT;
470 ENGINE *engine;
471 struct ssl_engine_list *el;
472
473 /* grab the structural reference to the engine */
474 engine = ENGINE_by_id(engine_id);
475 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100476 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000477 goto fail_get;
478 }
479
480 if (!ENGINE_init(engine)) {
481 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100482 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000483 goto fail_init;
484 }
485
486 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100487 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000488 goto fail_set_method;
489 }
490
491 el = calloc(1, sizeof(*el));
492 el->e = engine;
493 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100494 nb_engines++;
495 if (global_ssl.async)
496 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000497 return 0;
498
499fail_set_method:
500 /* release the functional reference from ENGINE_init() */
501 ENGINE_finish(engine);
502
503fail_init:
504 /* release the structural reference from ENGINE_by_id() */
505 ENGINE_free(engine);
506
507fail_get:
508 return err_code;
509}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200510#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000511
Willy Tarreau5db847a2019-05-09 14:13:35 +0200512#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200513/*
514 * openssl async fd handler
515 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200516void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000517{
Olivier Houchardea8dd942019-05-20 14:02:16 +0200518 struct ssl_sock_ctx *ctx = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000519
Emeric Brun3854e012017-05-17 20:42:48 +0200520 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000521 * to poll this fd until it is requested
522 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000523 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000524 fd_cant_recv(fd);
525
526 /* crypto engine is available, let's notify the associated
527 * connection that it can pursue its processing.
528 */
Olivier Houchard03abf2d2019-05-28 10:12:02 +0200529 ssl_sock_io_cb(NULL, ctx, 0);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000530}
531
Emeric Brun3854e012017-05-17 20:42:48 +0200532/*
533 * openssl async delayed SSL_free handler
534 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200535void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000536{
537 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200538 OSSL_ASYNC_FD all_fd[32];
539 size_t num_all_fds = 0;
540 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000541
Emeric Brun3854e012017-05-17 20:42:48 +0200542 /* We suppose that the async job for a same SSL *
543 * are serialized. So if we are awake it is
544 * because the running job has just finished
545 * and we can remove all async fds safely
546 */
547 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
548 if (num_all_fds > 32) {
549 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
550 return;
551 }
552
553 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
554 for (i=0 ; i < num_all_fds ; i++)
555 fd_remove(all_fd[i]);
556
557 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000558 SSL_free(ssl);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +0100559 _HA_ATOMIC_SUB(&sslconns, 1);
560 _HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000561}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000562/*
Emeric Brun3854e012017-05-17 20:42:48 +0200563 * function used to manage a returned SSL_ERROR_WANT_ASYNC
564 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000565 */
Olivier Houchardea8dd942019-05-20 14:02:16 +0200566static inline void ssl_async_process_fds(struct ssl_sock_ctx *ctx)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000567{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100568 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200569 OSSL_ASYNC_FD del_fd[32];
Olivier Houchardea8dd942019-05-20 14:02:16 +0200570 SSL *ssl = ctx->ssl;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000571 size_t num_add_fds = 0;
572 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200573 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000574
575 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
576 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200577 if (num_add_fds > 32 || num_del_fds > 32) {
578 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000579 return;
580 }
581
Emeric Brun3854e012017-05-17 20:42:48 +0200582 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000583
Emeric Brun3854e012017-05-17 20:42:48 +0200584 /* We remove unused fds from the fdtab */
585 for (i=0 ; i < num_del_fds ; i++)
586 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000587
Emeric Brun3854e012017-05-17 20:42:48 +0200588 /* We add new fds to the fdtab */
589 for (i=0 ; i < num_add_fds ; i++) {
Olivier Houchardea8dd942019-05-20 14:02:16 +0200590 fd_insert(add_fd[i], ctx, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000591 }
592
Emeric Brun3854e012017-05-17 20:42:48 +0200593 num_add_fds = 0;
594 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
595 if (num_add_fds > 32) {
596 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
597 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000598 }
Emeric Brun3854e012017-05-17 20:42:48 +0200599
600 /* We activate the polling for all known async fds */
601 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000602 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200603 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000604 /* To ensure that the fd cache won't be used
605 * We'll prefer to catch a real RD event
606 * because handling an EAGAIN on this fd will
607 * result in a context switch and also
608 * some engines uses a fd in blocking mode.
609 */
610 fd_cant_recv(add_fd[i]);
611 }
Emeric Brun3854e012017-05-17 20:42:48 +0200612
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000613}
614#endif
615
William Lallemandc33d83d2019-10-14 14:14:59 +0200616#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200617/*
618 * This function returns the number of seconds elapsed
619 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
620 * date presented un ASN1_GENERALIZEDTIME.
621 *
622 * In parsing error case, it returns -1.
623 */
624static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
625{
626 long epoch;
627 char *p, *end;
628 const unsigned short month_offset[12] = {
629 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
630 };
631 int year, month;
632
633 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
634
635 p = (char *)d->data;
636 end = p + d->length;
637
638 if (end - p < 4) return -1;
639 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
640 p += 4;
641 if (end - p < 2) return -1;
642 month = 10 * (p[0] - '0') + p[1] - '0';
643 if (month < 1 || month > 12) return -1;
644 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
645 We consider leap years and the current month (<marsh or not) */
646 epoch = ( ((year - 1970) * 365)
647 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
648 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
649 + month_offset[month-1]
650 ) * 24 * 60 * 60;
651 p += 2;
652 if (end - p < 2) return -1;
653 /* Add the number of seconds of completed days of current month */
654 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
655 p += 2;
656 if (end - p < 2) return -1;
657 /* Add the completed hours of the current day */
658 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
659 p += 2;
660 if (end - p < 2) return -1;
661 /* Add the completed minutes of the current hour */
662 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
663 p += 2;
664 if (p == end) return -1;
665 /* Test if there is available seconds */
666 if (p[0] < '0' || p[0] > '9')
667 goto nosec;
668 if (end - p < 2) return -1;
669 /* Add the seconds of the current minute */
670 epoch += 10 * (p[0] - '0') + p[1] - '0';
671 p += 2;
672 if (p == end) return -1;
673 /* Ignore seconds float part if present */
674 if (p[0] == '.') {
675 do {
676 if (++p == end) return -1;
677 } while (p[0] >= '0' && p[0] <= '9');
678 }
679
680nosec:
681 if (p[0] == 'Z') {
682 if (end - p != 1) return -1;
683 return epoch;
684 }
685 else if (p[0] == '+') {
686 if (end - p != 5) return -1;
687 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700688 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200689 }
690 else if (p[0] == '-') {
691 if (end - p != 5) return -1;
692 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700693 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200694 }
695
696 return -1;
697}
698
William Lallemandc33d83d2019-10-14 14:14:59 +0200699/*
700 * struct alignment works here such that the key.key is the same as key_data
701 * Do not change the placement of key_data
702 */
703struct certificate_ocsp {
704 struct ebmb_node key;
705 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
706 struct buffer response;
707 long expire;
708};
709
710struct ocsp_cbk_arg {
711 int is_single;
712 int single_kt;
713 union {
714 struct certificate_ocsp *s_ocsp;
715 /*
716 * m_ocsp will have multiple entries dependent on key type
717 * Entry 0 - DSA
718 * Entry 1 - ECDSA
719 * Entry 2 - RSA
720 */
721 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
722 };
723};
724
Emeric Brun1d3865b2014-06-20 15:37:32 +0200725static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200726
727/* This function starts to check if the OCSP response (in DER format) contained
728 * in chunk 'ocsp_response' is valid (else exits on error).
729 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
730 * contained in the OCSP Response and exits on error if no match.
731 * If it's a valid OCSP Response:
732 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
733 * pointed by 'ocsp'.
734 * If 'ocsp' is NULL, the function looks up into the OCSP response's
735 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
736 * from the response) and exits on error if not found. Finally, If an OCSP response is
737 * already present in the container, it will be overwritten.
738 *
739 * Note: OCSP response containing more than one OCSP Single response is not
740 * considered valid.
741 *
742 * Returns 0 on success, 1 in error case.
743 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200744static int ssl_sock_load_ocsp_response(struct buffer *ocsp_response,
745 struct certificate_ocsp *ocsp,
746 OCSP_CERTID *cid, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200747{
748 OCSP_RESPONSE *resp;
749 OCSP_BASICRESP *bs = NULL;
750 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200751 OCSP_CERTID *id;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200752 unsigned char *p = (unsigned char *) ocsp_response->area;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200753 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200754 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200755 int reason;
756 int ret = 1;
757
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200758 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p,
759 ocsp_response->data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200760 if (!resp) {
761 memprintf(err, "Unable to parse OCSP response");
762 goto out;
763 }
764
765 rc = OCSP_response_status(resp);
766 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
767 memprintf(err, "OCSP response status not successful");
768 goto out;
769 }
770
771 bs = OCSP_response_get1_basic(resp);
772 if (!bs) {
773 memprintf(err, "Failed to get basic response from OCSP Response");
774 goto out;
775 }
776
777 count_sr = OCSP_resp_count(bs);
778 if (count_sr > 1) {
779 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
780 goto out;
781 }
782
783 sr = OCSP_resp_get0(bs, 0);
784 if (!sr) {
785 memprintf(err, "Failed to get OCSP single response");
786 goto out;
787 }
788
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200789 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
790
Emeric Brun4147b2e2014-06-16 18:36:30 +0200791 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200792 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200793 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200794 goto out;
795 }
796
Emeric Brun13a6b482014-06-20 15:44:34 +0200797 if (!nextupd) {
798 memprintf(err, "OCSP single response: missing nextupdate");
799 goto out;
800 }
801
Emeric Brunc8b27b62014-06-19 14:16:17 +0200802 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200803 if (!rc) {
804 memprintf(err, "OCSP single response: no longer valid.");
805 goto out;
806 }
807
808 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200809 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200810 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
811 goto out;
812 }
813 }
814
815 if (!ocsp) {
816 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
817 unsigned char *p;
818
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200819 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200820 if (!rc) {
821 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
822 goto out;
823 }
824
825 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
826 memprintf(err, "OCSP single response: Certificate ID too long");
827 goto out;
828 }
829
830 p = key;
831 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200832 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200833 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
834 if (!ocsp) {
835 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
836 goto out;
837 }
838 }
839
840 /* According to comments on "chunk_dup", the
841 previous chunk buffer will be freed */
842 if (!chunk_dup(&ocsp->response, ocsp_response)) {
843 memprintf(err, "OCSP response: Memory allocation error");
844 goto out;
845 }
846
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200847 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
848
Emeric Brun4147b2e2014-06-16 18:36:30 +0200849 ret = 0;
850out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +0100851 ERR_clear_error();
852
Emeric Brun4147b2e2014-06-16 18:36:30 +0200853 if (bs)
854 OCSP_BASICRESP_free(bs);
855
856 if (resp)
857 OCSP_RESPONSE_free(resp);
858
859 return ret;
860}
861/*
862 * External function use to update the OCSP response in the OCSP response's
863 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
864 * to update in DER format.
865 *
866 * Returns 0 on success, 1 in error case.
867 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200868int ssl_sock_update_ocsp_response(struct buffer *ocsp_response, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200869{
870 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
871}
872
873/*
874 * This function load the OCSP Resonse in DER format contained in file at
875 * path 'ocsp_path' and call 'ssl_sock_load_ocsp_response'
876 *
877 * Returns 0 on success, 1 in error case.
878 */
879static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
880{
881 int fd = -1;
882 int r = 0;
883 int ret = 1;
884
885 fd = open(ocsp_path, O_RDONLY);
886 if (fd == -1) {
887 memprintf(err, "Error opening OCSP response file");
888 goto end;
889 }
890
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200891 trash.data = 0;
892 while (trash.data < trash.size) {
893 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200894 if (r < 0) {
895 if (errno == EINTR)
896 continue;
897
898 memprintf(err, "Error reading OCSP response from file");
899 goto end;
900 }
901 else if (r == 0) {
902 break;
903 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200904 trash.data += r;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200905 }
906
907 close(fd);
908 fd = -1;
909
910 ret = ssl_sock_load_ocsp_response(&trash, ocsp, cid, err);
911end:
912 if (fd != -1)
913 close(fd);
914
915 return ret;
916}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100917#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +0200918
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100919#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
920static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
921{
Christopher Faulet16f45c82018-02-16 11:23:49 +0100922 struct tls_keys_ref *ref;
Emeric Brun9e754772019-01-10 17:51:55 +0100923 union tls_sess_key *keys;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100924 struct connection *conn;
925 int head;
926 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100927 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100928
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200929 conn = SSL_get_ex_data(s, ssl_app_data_index);
Willy Tarreau07d94e42018-09-20 10:57:52 +0200930 ref = __objt_listener(conn->target)->bind_conf->keys_ref;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100931 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
932
933 keys = ref->tlskeys;
934 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100935
936 if (enc) {
937 memcpy(key_name, keys[head].name, 16);
938
939 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100940 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100941
Emeric Brun9e754772019-01-10 17:51:55 +0100942 if (ref->key_size_bits == 128) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100943
Emeric Brun9e754772019-01-10 17:51:55 +0100944 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].key_128.aes_key, iv))
945 goto end;
946
Willy Tarreau9356dac2019-05-10 09:22:53 +0200947 HMAC_Init_ex(hctx, keys[head].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100948 ret = 1;
949 }
950 else if (ref->key_size_bits == 256 ) {
951
952 if(!EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[head].key_256.aes_key, iv))
953 goto end;
954
Willy Tarreau9356dac2019-05-10 09:22:53 +0200955 HMAC_Init_ex(hctx, keys[head].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100956 ret = 1;
957 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100958 } else {
959 for (i = 0; i < TLS_TICKETS_NO; i++) {
960 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
961 goto found;
962 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100963 ret = 0;
964 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100965
Christopher Faulet16f45c82018-02-16 11:23:49 +0100966 found:
Emeric Brun9e754772019-01-10 17:51:55 +0100967 if (ref->key_size_bits == 128) {
Willy Tarreau9356dac2019-05-10 09:22:53 +0200968 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100969 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_128.aes_key, iv))
970 goto end;
971 /* 2 for key renewal, 1 if current key is still valid */
972 ret = i ? 2 : 1;
973 }
974 else if (ref->key_size_bits == 256) {
Willy Tarreau9356dac2019-05-10 09:22:53 +0200975 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100976 if(!EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_256.aes_key, iv))
977 goto end;
978 /* 2 for key renewal, 1 if current key is still valid */
979 ret = i ? 2 : 1;
980 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100981 }
Emeric Brun9e754772019-01-10 17:51:55 +0100982
Christopher Faulet16f45c82018-02-16 11:23:49 +0100983 end:
984 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
985 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200986}
987
988struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
989{
990 struct tls_keys_ref *ref;
991
992 list_for_each_entry(ref, &tlskeys_reference, list)
993 if (ref->filename && strcmp(filename, ref->filename) == 0)
994 return ref;
995 return NULL;
996}
997
998struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
999{
1000 struct tls_keys_ref *ref;
1001
1002 list_for_each_entry(ref, &tlskeys_reference, list)
1003 if (ref->unique_id == unique_id)
1004 return ref;
1005 return NULL;
1006}
1007
Emeric Brun9e754772019-01-10 17:51:55 +01001008/* Update the key into ref: if keysize doesnt
1009 * match existing ones, this function returns -1
1010 * else it returns 0 on success.
1011 */
1012int ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref,
Willy Tarreau83061a82018-07-13 11:56:34 +02001013 struct buffer *tlskey)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001014{
Emeric Brun9e754772019-01-10 17:51:55 +01001015 if (ref->key_size_bits == 128) {
1016 if (tlskey->data != sizeof(struct tls_sess_key_128))
1017 return -1;
1018 }
1019 else if (ref->key_size_bits == 256) {
1020 if (tlskey->data != sizeof(struct tls_sess_key_256))
1021 return -1;
1022 }
1023 else
1024 return -1;
1025
Christopher Faulet16f45c82018-02-16 11:23:49 +01001026 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001027 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)),
1028 tlskey->area, tlskey->data);
Christopher Faulet16f45c82018-02-16 11:23:49 +01001029 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
1030 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Emeric Brun9e754772019-01-10 17:51:55 +01001031
1032 return 0;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001033}
1034
Willy Tarreau83061a82018-07-13 11:56:34 +02001035int ssl_sock_update_tlskey(char *filename, struct buffer *tlskey, char **err)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001036{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001037 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
1038
1039 if(!ref) {
1040 memprintf(err, "Unable to locate the referenced filename: %s", filename);
1041 return 1;
1042 }
Emeric Brun9e754772019-01-10 17:51:55 +01001043 if (ssl_sock_update_tlskey_ref(ref, tlskey) < 0) {
1044 memprintf(err, "Invalid key size");
1045 return 1;
1046 }
1047
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001048 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001049}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001050
1051/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +01001052 * automatic ids. It's called just after the basic checks. It returns
1053 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001054 */
Willy Tarreaud1c57502016-12-22 22:46:15 +01001055static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001056{
1057 int i = 0;
1058 struct tls_keys_ref *ref, *ref2, *ref3;
1059 struct list tkr = LIST_HEAD_INIT(tkr);
1060
1061 list_for_each_entry(ref, &tlskeys_reference, list) {
1062 if (ref->unique_id == -1) {
1063 /* Look for the first free id. */
1064 while (1) {
1065 list_for_each_entry(ref2, &tlskeys_reference, list) {
1066 if (ref2->unique_id == i) {
1067 i++;
1068 break;
1069 }
1070 }
1071 if (&ref2->list == &tlskeys_reference)
1072 break;
1073 }
1074
1075 /* Uses the unique id and increment it for the next entry. */
1076 ref->unique_id = i;
1077 i++;
1078 }
1079 }
1080
1081 /* This sort the reference list by id. */
1082 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
1083 LIST_DEL(&ref->list);
1084 list_for_each_entry(ref3, &tkr, list) {
1085 if (ref->unique_id < ref3->unique_id) {
1086 LIST_ADDQ(&ref3->list, &ref->list);
1087 break;
1088 }
1089 }
1090 if (&ref3->list == &tkr)
1091 LIST_ADDQ(&tkr, &ref->list);
1092 }
1093
1094 /* swap root */
1095 LIST_ADD(&tkr, &tlskeys_reference);
1096 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +01001097 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001098}
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001099#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
1100
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001101#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -05001102int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
1103{
1104 switch (evp_keytype) {
1105 case EVP_PKEY_RSA:
1106 return 2;
1107 case EVP_PKEY_DSA:
1108 return 0;
1109 case EVP_PKEY_EC:
1110 return 1;
1111 }
1112
1113 return -1;
1114}
1115
Emeric Brun4147b2e2014-06-16 18:36:30 +02001116/*
1117 * Callback used to set OCSP status extension content in server hello.
1118 */
1119int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
1120{
yanbzhube2774d2015-12-10 15:07:30 -05001121 struct certificate_ocsp *ocsp;
1122 struct ocsp_cbk_arg *ocsp_arg;
1123 char *ssl_buf;
1124 EVP_PKEY *ssl_pkey;
1125 int key_type;
1126 int index;
1127
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001128 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -05001129
1130 ssl_pkey = SSL_get_privatekey(ssl);
1131 if (!ssl_pkey)
1132 return SSL_TLSEXT_ERR_NOACK;
1133
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001134 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001135
1136 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
1137 ocsp = ocsp_arg->s_ocsp;
1138 else {
1139 /* For multiple certs per context, we have to find the correct OCSP response based on
1140 * the certificate type
1141 */
1142 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
1143
1144 if (index < 0)
1145 return SSL_TLSEXT_ERR_NOACK;
1146
1147 ocsp = ocsp_arg->m_ocsp[index];
1148
1149 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001150
1151 if (!ocsp ||
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001152 !ocsp->response.area ||
1153 !ocsp->response.data ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001154 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001155 return SSL_TLSEXT_ERR_NOACK;
1156
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001157 ssl_buf = OPENSSL_malloc(ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001158 if (!ssl_buf)
1159 return SSL_TLSEXT_ERR_NOACK;
1160
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001161 memcpy(ssl_buf, ocsp->response.area, ocsp->response.data);
1162 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001163
1164 return SSL_TLSEXT_ERR_OK;
1165}
1166
1167/*
1168 * This function enables the handling of OCSP status extension on 'ctx' if a
1169 * file name 'cert_path' suffixed using ".ocsp" is present.
1170 * To enable OCSP status extension, the issuer's certificate is mandatory.
1171 * It should be present in the certificate's extra chain builded from file
1172 * 'cert_path'. If not found, the issuer certificate is loaded from a file
1173 * named 'cert_path' suffixed using '.issuer'.
1174 *
1175 * In addition, ".ocsp" file content is loaded as a DER format of an OCSP
1176 * response. If file is empty or content is not a valid OCSP response,
1177 * OCSP status extension is enabled but OCSP response is ignored (a warning
1178 * is displayed).
1179 *
1180 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
Joseph Herlant017b3da2018-11-15 09:07:59 -08001181 * successfully enabled, or -1 in other error case.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001182 */
1183static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
1184{
1185
1186 BIO *in = NULL;
1187 X509 *x, *xi = NULL, *issuer = NULL;
1188 STACK_OF(X509) *chain = NULL;
1189 OCSP_CERTID *cid = NULL;
1190 SSL *ssl;
1191 char ocsp_path[MAXPATHLEN+1];
1192 int i, ret = -1;
1193 struct stat st;
1194 struct certificate_ocsp *ocsp = NULL, *iocsp;
1195 char *warn = NULL;
1196 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001197 pem_password_cb *passwd_cb;
1198 void *passwd_cb_userdata;
1199 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001200
1201 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1202
1203 if (stat(ocsp_path, &st))
1204 return 1;
1205
1206 ssl = SSL_new(ctx);
1207 if (!ssl)
1208 goto out;
1209
1210 x = SSL_get_certificate(ssl);
1211 if (!x)
1212 goto out;
1213
1214 /* Try to lookup for issuer in certificate extra chain */
Emeric Brun4147b2e2014-06-16 18:36:30 +02001215 SSL_CTX_get_extra_chain_certs(ctx, &chain);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001216 for (i = 0; i < sk_X509_num(chain); i++) {
1217 issuer = sk_X509_value(chain, i);
1218 if (X509_check_issued(issuer, x) == X509_V_OK)
1219 break;
1220 else
1221 issuer = NULL;
1222 }
1223
1224 /* If not found try to load issuer from a suffixed file */
1225 if (!issuer) {
1226 char issuer_path[MAXPATHLEN+1];
1227
1228 in = BIO_new(BIO_s_file());
1229 if (!in)
1230 goto out;
1231
1232 snprintf(issuer_path, MAXPATHLEN+1, "%s.issuer", cert_path);
1233 if (BIO_read_filename(in, issuer_path) <= 0)
1234 goto out;
1235
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001236 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
1237 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
1238
1239 xi = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001240 if (!xi)
1241 goto out;
1242
1243 if (X509_check_issued(xi, x) != X509_V_OK)
1244 goto out;
1245
1246 issuer = xi;
1247 }
1248
1249 cid = OCSP_cert_to_id(0, x, issuer);
1250 if (!cid)
1251 goto out;
1252
1253 i = i2d_OCSP_CERTID(cid, NULL);
1254 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1255 goto out;
1256
Vincent Bernat02779b62016-04-03 13:48:43 +02001257 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001258 if (!ocsp)
1259 goto out;
1260
1261 p = ocsp->key_data;
1262 i2d_OCSP_CERTID(cid, &p);
1263
1264 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1265 if (iocsp == ocsp)
1266 ocsp = NULL;
1267
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001268#ifndef SSL_CTX_get_tlsext_status_cb
1269# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1270 *cb = (void (*) (void))ctx->tlsext_status_cb;
1271#endif
1272 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1273
1274 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001275 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001276 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001277
1278 cb_arg->is_single = 1;
1279 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001280
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001281 pkey = X509_get_pubkey(x);
1282 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1283 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001284
1285 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1286 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1287 } else {
1288 /*
1289 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1290 * Update that cb_arg with the new cert's staple
1291 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001292 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001293 struct certificate_ocsp *tmp_ocsp;
1294 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001295 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001296 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001297
1298#ifdef SSL_CTX_get_tlsext_status_arg
1299 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1300#else
1301 cb_arg = ctx->tlsext_status_arg;
1302#endif
yanbzhube2774d2015-12-10 15:07:30 -05001303
1304 /*
1305 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1306 * the order of operations below matter, take care when changing it
1307 */
1308 tmp_ocsp = cb_arg->s_ocsp;
1309 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1310 cb_arg->s_ocsp = NULL;
1311 cb_arg->m_ocsp[index] = tmp_ocsp;
1312 cb_arg->is_single = 0;
1313 cb_arg->single_kt = 0;
1314
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001315 pkey = X509_get_pubkey(x);
1316 key_type = EVP_PKEY_base_id(pkey);
1317 EVP_PKEY_free(pkey);
1318
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001319 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001320 if (index >= 0 && !cb_arg->m_ocsp[index])
1321 cb_arg->m_ocsp[index] = iocsp;
1322
1323 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001324
1325 ret = 0;
1326
1327 warn = NULL;
1328 if (ssl_sock_load_ocsp_response_from_file(ocsp_path, iocsp, cid, &warn)) {
1329 memprintf(&warn, "Loading '%s': %s. Content will be ignored", ocsp_path, warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001330 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001331 }
1332
1333out:
1334 if (ssl)
1335 SSL_free(ssl);
1336
1337 if (in)
1338 BIO_free(in);
1339
1340 if (xi)
1341 X509_free(xi);
1342
1343 if (cid)
1344 OCSP_CERTID_free(cid);
1345
1346 if (ocsp)
1347 free(ocsp);
1348
1349 if (warn)
1350 free(warn);
1351
1352
1353 return ret;
1354}
1355
1356#endif
1357
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001358#ifdef OPENSSL_IS_BORINGSSL
1359static int ssl_sock_set_ocsp_response_from_file(SSL_CTX *ctx, const char *cert_path)
1360{
1361 char ocsp_path[MAXPATHLEN+1];
1362 struct stat st;
1363 int fd = -1, r = 0;
1364
1365 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1366 if (stat(ocsp_path, &st))
1367 return 0;
1368
1369 fd = open(ocsp_path, O_RDONLY);
1370 if (fd == -1) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01001371 ha_warning("Error opening OCSP response file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001372 return -1;
1373 }
1374
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001375 trash.data = 0;
1376 while (trash.data < trash.size) {
1377 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001378 if (r < 0) {
1379 if (errno == EINTR)
1380 continue;
Christopher Faulet767a84b2017-11-24 16:50:31 +01001381 ha_warning("Error reading OCSP response from file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001382 close(fd);
1383 return -1;
1384 }
1385 else if (r == 0) {
1386 break;
1387 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001388 trash.data += r;
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001389 }
1390 close(fd);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001391 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *) trash.area,
1392 trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001393}
1394#endif
1395
Willy Tarreau5db847a2019-05-09 14:13:35 +02001396#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001397
1398#define CT_EXTENSION_TYPE 18
1399
1400static int sctl_ex_index = -1;
1401
1402/*
1403 * Try to parse Signed Certificate Timestamp List structure. This function
1404 * makes only basic test if the data seems like SCTL. No signature validation
1405 * is performed.
1406 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001407static int ssl_sock_parse_sctl(struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001408{
1409 int ret = 1;
1410 int len, pos, sct_len;
1411 unsigned char *data;
1412
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001413 if (sctl->data < 2)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001414 goto out;
1415
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001416 data = (unsigned char *) sctl->area;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001417 len = (data[0] << 8) | data[1];
1418
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001419 if (len + 2 != sctl->data)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001420 goto out;
1421
1422 data = data + 2;
1423 pos = 0;
1424 while (pos < len) {
1425 if (len - pos < 2)
1426 goto out;
1427
1428 sct_len = (data[pos] << 8) | data[pos + 1];
1429 if (pos + sct_len + 2 > len)
1430 goto out;
1431
1432 pos += sct_len + 2;
1433 }
1434
1435 ret = 0;
1436
1437out:
1438 return ret;
1439}
1440
Willy Tarreau83061a82018-07-13 11:56:34 +02001441static int ssl_sock_load_sctl_from_file(const char *sctl_path,
1442 struct buffer **sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001443{
1444 int fd = -1;
1445 int r = 0;
1446 int ret = 1;
1447
1448 *sctl = NULL;
1449
1450 fd = open(sctl_path, O_RDONLY);
1451 if (fd == -1)
1452 goto end;
1453
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001454 trash.data = 0;
1455 while (trash.data < trash.size) {
1456 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001457 if (r < 0) {
1458 if (errno == EINTR)
1459 continue;
1460
1461 goto end;
1462 }
1463 else if (r == 0) {
1464 break;
1465 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001466 trash.data += r;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001467 }
1468
1469 ret = ssl_sock_parse_sctl(&trash);
1470 if (ret)
1471 goto end;
1472
Vincent Bernat02779b62016-04-03 13:48:43 +02001473 *sctl = calloc(1, sizeof(**sctl));
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001474 if (!chunk_dup(*sctl, &trash)) {
1475 free(*sctl);
1476 *sctl = NULL;
1477 goto end;
1478 }
1479
1480end:
1481 if (fd != -1)
1482 close(fd);
1483
1484 return ret;
1485}
1486
1487int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1488{
Willy Tarreau83061a82018-07-13 11:56:34 +02001489 struct buffer *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001490
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001491 *out = (unsigned char *) sctl->area;
1492 *outlen = sctl->data;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001493
1494 return 1;
1495}
1496
1497int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1498{
1499 return 1;
1500}
1501
1502static int ssl_sock_load_sctl(SSL_CTX *ctx, const char *cert_path)
1503{
1504 char sctl_path[MAXPATHLEN+1];
1505 int ret = -1;
1506 struct stat st;
Willy Tarreau83061a82018-07-13 11:56:34 +02001507 struct buffer *sctl = NULL;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001508
1509 snprintf(sctl_path, MAXPATHLEN+1, "%s.sctl", cert_path);
1510
1511 if (stat(sctl_path, &st))
1512 return 1;
1513
1514 if (ssl_sock_load_sctl_from_file(sctl_path, &sctl))
1515 goto out;
1516
1517 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL)) {
1518 free(sctl);
1519 goto out;
1520 }
1521
1522 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1523
1524 ret = 0;
1525
1526out:
1527 return ret;
1528}
1529
1530#endif
1531
Emeric Brune1f38db2012-09-03 20:36:47 +02001532void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1533{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001534 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001535 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001536 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001537 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001538
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001539#ifndef SSL_OP_NO_RENEGOTIATION
1540 /* Please note that BoringSSL defines this macro to zero so don't
1541 * change this to #if and do not assign a default value to this macro!
1542 */
Emeric Brune1f38db2012-09-03 20:36:47 +02001543 if (where & SSL_CB_HANDSHAKE_START) {
1544 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001545 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001546 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001547 conn->err_code = CO_ER_SSL_RENEG;
1548 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001549 }
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001550#endif
Emeric Brund8b2bb52014-01-28 15:43:53 +01001551
1552 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001553 if (!(ctx->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
Emeric Brund8b2bb52014-01-28 15:43:53 +01001554 /* Long certificate chains optimz
1555 If write and read bios are differents, we
1556 consider that the buffering was activated,
1557 so we rise the output buffer size from 4k
1558 to 16k */
1559 write_bio = SSL_get_wbio(ssl);
1560 if (write_bio != SSL_get_rbio(ssl)) {
1561 BIO_set_write_buffer_size(write_bio, 16384);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001562 ctx->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001563 }
1564 }
1565 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001566}
1567
Emeric Brune64aef12012-09-21 13:15:06 +02001568/* Callback is called for each certificate of the chain during a verify
1569 ok is set to 1 if preverify detect no error on current certificate.
1570 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001571int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001572{
1573 SSL *ssl;
1574 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001575 struct ssl_sock_ctx *ctx;
Emeric Brun81c00f02012-09-21 14:31:21 +02001576 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001577
1578 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001579 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001580
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001581 ctx = conn->xprt_ctx;
1582
1583 ctx->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001584
Emeric Brun81c00f02012-09-21 14:31:21 +02001585 if (ok) /* no errors */
1586 return ok;
1587
1588 depth = X509_STORE_CTX_get_error_depth(x_store);
1589 err = X509_STORE_CTX_get_error(x_store);
1590
1591 /* check if CA error needs to be ignored */
1592 if (depth > 0) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001593 if (!SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st)) {
1594 ctx->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1595 ctx->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001596 }
1597
Willy Tarreau07d94e42018-09-20 10:57:52 +02001598 if (__objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001599 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001600 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001601 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001602 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001603
Willy Tarreau20879a02012-12-03 16:32:10 +01001604 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001605 return 0;
1606 }
1607
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001608 if (!SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st))
1609 ctx->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001610
Emeric Brun81c00f02012-09-21 14:31:21 +02001611 /* check if certificate error needs to be ignored */
Willy Tarreau07d94e42018-09-20 10:57:52 +02001612 if (__objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001613 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001614 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001615 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001616 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001617
Willy Tarreau20879a02012-12-03 16:32:10 +01001618 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001619 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001620}
1621
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001622static inline
1623void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001624 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001625{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001626 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001627 unsigned char *msg;
1628 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001629 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001630
1631 /* This function is called for "from client" and "to server"
1632 * connections. The combination of write_p == 0 and content_type == 22
Joseph Herlant017b3da2018-11-15 09:07:59 -08001633 * is only available during "from client" connection.
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001634 */
1635
1636 /* "write_p" is set to 0 is the bytes are received messages,
1637 * otherwise it is set to 1.
1638 */
1639 if (write_p != 0)
1640 return;
1641
1642 /* content_type contains the type of message received or sent
1643 * according with the SSL/TLS protocol spec. This message is
1644 * encoded with one byte. The value 256 (two bytes) is used
1645 * for designing the SSL/TLS record layer. According with the
1646 * rfc6101, the expected message (other than 256) are:
1647 * - change_cipher_spec(20)
1648 * - alert(21)
1649 * - handshake(22)
1650 * - application_data(23)
1651 * - (255)
1652 * We are interessed by the handshake and specially the client
1653 * hello.
1654 */
1655 if (content_type != 22)
1656 return;
1657
1658 /* The message length is at least 4 bytes, containing the
1659 * message type and the message length.
1660 */
1661 if (len < 4)
1662 return;
1663
1664 /* First byte of the handshake message id the type of
1665 * message. The konwn types are:
1666 * - hello_request(0)
1667 * - client_hello(1)
1668 * - server_hello(2)
1669 * - certificate(11)
1670 * - server_key_exchange (12)
1671 * - certificate_request(13)
1672 * - server_hello_done(14)
1673 * We are interested by the client hello.
1674 */
1675 msg = (unsigned char *)buf;
1676 if (msg[0] != 1)
1677 return;
1678
1679 /* Next three bytes are the length of the message. The total length
1680 * must be this decoded length + 4. If the length given as argument
1681 * is not the same, we abort the protocol dissector.
1682 */
1683 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1684 if (len < rec_len + 4)
1685 return;
1686 msg += 4;
1687 end = msg + rec_len;
1688 if (end < msg)
1689 return;
1690
1691 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1692 * for minor, the random, composed by 4 bytes for the unix time and
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001693 * 28 bytes for unix payload. So we jump 1 + 1 + 4 + 28.
1694 */
1695 msg += 1 + 1 + 4 + 28;
1696 if (msg > end)
1697 return;
1698
1699 /* Next, is session id:
1700 * if present, we have to jump by length + 1 for the size information
1701 * if not present, we have to jump by 1 only
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001702 */
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001703 if (msg[0] > 0)
1704 msg += msg[0];
1705 msg += 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001706 if (msg > end)
1707 return;
1708
1709 /* Next two bytes are the ciphersuite length. */
1710 if (msg + 2 > end)
1711 return;
1712 rec_len = (msg[0] << 8) + msg[1];
1713 msg += 2;
1714 if (msg + rec_len > end || msg + rec_len < msg)
1715 return;
1716
Willy Tarreaubafbe012017-11-24 17:34:44 +01001717 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001718 if (!capture)
1719 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001720 /* Compute the xxh64 of the ciphersuite. */
1721 capture->xxh64 = XXH64(msg, rec_len, 0);
1722
1723 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001724 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1725 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001726 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001727
1728 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001729}
1730
Emeric Brun29f037d2014-04-25 19:05:36 +02001731/* Callback is called for ssl protocol analyse */
1732void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1733{
Emeric Brun29f037d2014-04-25 19:05:36 +02001734#ifdef TLS1_RT_HEARTBEAT
1735 /* test heartbeat received (write_p is set to 0
1736 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001737 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001738 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
William Lallemand7e1770b2019-05-13 14:31:34 +02001739 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001740 const unsigned char *p = buf;
1741 unsigned int payload;
1742
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001743 ctx->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001744
1745 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1746 if (*p != TLS1_HB_REQUEST)
1747 return;
1748
Willy Tarreauaeed6722014-04-25 23:59:58 +02001749 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001750 goto kill_it;
1751
1752 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001753 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001754 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001755 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001756 /* We have a clear heartbleed attack (CVE-2014-0160), the
1757 * advertised payload is larger than the advertised packet
1758 * length, so we have garbage in the buffer between the
1759 * payload and the end of the buffer (p+len). We can't know
1760 * if the SSL stack is patched, and we don't know if we can
1761 * safely wipe out the area between p+3+len and payload.
1762 * So instead, we prevent the response from being sent by
1763 * setting the max_send_fragment to 0 and we report an SSL
1764 * error, which will kill this connection. It will be reported
1765 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001766 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1767 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001768 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001769 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1770 return;
1771 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001772#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001773 if (global_ssl.capture_cipherlist > 0)
1774 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001775}
1776
Bernard Spil13c53f82018-02-15 13:34:58 +01001777#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchardc7566002018-11-20 23:33:50 +01001778static int ssl_sock_srv_select_protos(SSL *s, unsigned char **out, unsigned char *outlen,
1779 const unsigned char *in, unsigned int inlen,
1780 void *arg)
1781{
1782 struct server *srv = arg;
1783
1784 if (SSL_select_next_proto(out, outlen, in, inlen, (unsigned char *)srv->ssl_ctx.npn_str,
1785 srv->ssl_ctx.npn_len) == OPENSSL_NPN_NEGOTIATED)
1786 return SSL_TLSEXT_ERR_OK;
1787 return SSL_TLSEXT_ERR_NOACK;
1788}
1789#endif
1790
1791#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001792/* This callback is used so that the server advertises the list of
1793 * negociable protocols for NPN.
1794 */
1795static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1796 unsigned int *len, void *arg)
1797{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001798 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001799
1800 *data = (const unsigned char *)conf->npn_str;
1801 *len = conf->npn_len;
1802 return SSL_TLSEXT_ERR_OK;
1803}
1804#endif
1805
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001806#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001807/* This callback is used so that the server advertises the list of
1808 * negociable protocols for ALPN.
1809 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001810static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1811 unsigned char *outlen,
1812 const unsigned char *server,
1813 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001814{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001815 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001816
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001817 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1818 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1819 return SSL_TLSEXT_ERR_NOACK;
1820 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001821 return SSL_TLSEXT_ERR_OK;
1822}
1823#endif
1824
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001825#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001826#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001827
Christopher Faulet30548802015-06-11 13:39:32 +02001828/* Create a X509 certificate with the specified servername and serial. This
1829 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001830static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001831ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001832{
Christopher Faulet7969a332015-10-09 11:15:03 +02001833 X509 *cacert = bind_conf->ca_sign_cert;
1834 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001835 SSL_CTX *ssl_ctx = NULL;
1836 X509 *newcrt = NULL;
1837 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001838 SSL *tmp_ssl = NULL;
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001839 CONF *ctmp = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001840 X509_NAME *name;
1841 const EVP_MD *digest;
1842 X509V3_CTX ctx;
1843 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001844 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001845
Christopher Faulet48a83322017-07-28 16:56:09 +02001846 /* Get the private key of the default certificate and use it */
Willy Tarreau5db847a2019-05-09 14:13:35 +02001847#if (HA_OPENSSL_VERSION_NUMBER >= 0x10002000L)
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001848 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1849#else
1850 tmp_ssl = SSL_new(bind_conf->default_ctx);
1851 if (tmp_ssl)
1852 pkey = SSL_get_privatekey(tmp_ssl);
1853#endif
1854 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001855 goto mkcert_error;
1856
1857 /* Create the certificate */
1858 if (!(newcrt = X509_new()))
1859 goto mkcert_error;
1860
1861 /* Set version number for the certificate (X509v3) and the serial
1862 * number */
1863 if (X509_set_version(newcrt, 2L) != 1)
1864 goto mkcert_error;
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01001865 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), _HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001866
1867 /* Set duration for the certificate */
Rosen Penev68185952018-12-14 08:47:02 -08001868 if (!X509_gmtime_adj(X509_getm_notBefore(newcrt), (long)-60*60*24) ||
1869 !X509_gmtime_adj(X509_getm_notAfter(newcrt),(long)60*60*24*365))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001870 goto mkcert_error;
1871
1872 /* set public key in the certificate */
1873 if (X509_set_pubkey(newcrt, pkey) != 1)
1874 goto mkcert_error;
1875
1876 /* Set issuer name from the CA */
1877 if (!(name = X509_get_subject_name(cacert)))
1878 goto mkcert_error;
1879 if (X509_set_issuer_name(newcrt, name) != 1)
1880 goto mkcert_error;
1881
1882 /* Set the subject name using the same, but the CN */
1883 name = X509_NAME_dup(name);
1884 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
1885 (const unsigned char *)servername,
1886 -1, -1, 0) != 1) {
1887 X509_NAME_free(name);
1888 goto mkcert_error;
1889 }
1890 if (X509_set_subject_name(newcrt, name) != 1) {
1891 X509_NAME_free(name);
1892 goto mkcert_error;
1893 }
1894 X509_NAME_free(name);
1895
1896 /* Add x509v3 extensions as specified */
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001897 ctmp = NCONF_new(NULL);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001898 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
1899 for (i = 0; i < X509V3_EXT_SIZE; i++) {
1900 X509_EXTENSION *ext;
1901
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001902 if (!(ext = X509V3_EXT_nconf(ctmp, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001903 goto mkcert_error;
1904 if (!X509_add_ext(newcrt, ext, -1)) {
1905 X509_EXTENSION_free(ext);
1906 goto mkcert_error;
1907 }
1908 X509_EXTENSION_free(ext);
1909 }
1910
1911 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001912
1913 key_type = EVP_PKEY_base_id(capkey);
1914
1915 if (key_type == EVP_PKEY_DSA)
1916 digest = EVP_sha1();
1917 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001918 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001919 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02001920 digest = EVP_sha256();
1921 else {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02001922#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000000fL) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet7969a332015-10-09 11:15:03 +02001923 int nid;
1924
1925 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
1926 goto mkcert_error;
1927 if (!(digest = EVP_get_digestbynid(nid)))
1928 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02001929#else
1930 goto mkcert_error;
1931#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02001932 }
1933
Christopher Faulet31af49d2015-06-09 17:29:50 +02001934 if (!(X509_sign(newcrt, capkey, digest)))
1935 goto mkcert_error;
1936
1937 /* Create and set the new SSL_CTX */
1938 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
1939 goto mkcert_error;
1940 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1941 goto mkcert_error;
1942 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
1943 goto mkcert_error;
1944 if (!SSL_CTX_check_private_key(ssl_ctx))
1945 goto mkcert_error;
1946
1947 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02001948
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001949#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001950 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001951#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001952#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
1953 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001954 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001955 EC_KEY *ecc;
1956 int nid;
1957
1958 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
1959 goto end;
1960 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
1961 goto end;
1962 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
1963 EC_KEY_free(ecc);
1964 }
1965#endif
1966 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02001967 return ssl_ctx;
1968
1969 mkcert_error:
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001970 if (ctmp) NCONF_free(ctmp);
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001971 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001972 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
1973 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001974 return NULL;
1975}
1976
Christopher Faulet7969a332015-10-09 11:15:03 +02001977SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001978ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02001979{
Willy Tarreau07d94e42018-09-20 10:57:52 +02001980 struct bind_conf *bind_conf = __objt_listener(conn->target)->bind_conf;
Olivier Houchard66ab4982019-02-26 18:37:15 +01001981 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001982
Olivier Houchard66ab4982019-02-26 18:37:15 +01001983 return ssl_sock_do_create_cert(servername, bind_conf, ctx->ssl);
Christopher Faulet7969a332015-10-09 11:15:03 +02001984}
1985
Christopher Faulet30548802015-06-11 13:39:32 +02001986/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02001987 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02001988SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02001989ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02001990{
1991 struct lru64 *lru = NULL;
1992
1993 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001994 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001995 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001996 if (lru && lru->domain) {
1997 if (ssl)
1998 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001999 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002000 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002001 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002002 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002003 }
2004 return NULL;
2005}
2006
Emeric Brun821bb9b2017-06-15 16:37:39 +02002007/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
2008 * function is not thread-safe, it should only be used to check if a certificate
2009 * exists in the lru cache (with no warranty it will not be removed by another
2010 * thread). It is kept for backward compatibility. */
2011SSL_CTX *
2012ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
2013{
2014 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
2015}
2016
Christopher Fauletd2cab922015-07-28 16:03:47 +02002017/* Set a certificate int the LRU cache used to store generated
2018 * certificate. Return 0 on success, otherwise -1 */
2019int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002020ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02002021{
2022 struct lru64 *lru = NULL;
2023
2024 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002025 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002026 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02002027 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002028 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002029 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002030 }
Christopher Faulet30548802015-06-11 13:39:32 +02002031 if (lru->domain && lru->data)
2032 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02002033 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002034 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002035 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02002036 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02002037 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02002038}
2039
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002040/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02002041unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002042ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02002043{
2044 return XXH32(data, len, ssl_ctx_lru_seed);
2045}
2046
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002047/* Generate a cert and immediately assign it to the SSL session so that the cert's
2048 * refcount is maintained regardless of the cert's presence in the LRU cache.
2049 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002050static int
Christopher Faulet7969a332015-10-09 11:15:03 +02002051ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02002052{
2053 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002054 SSL_CTX *ssl_ctx = NULL;
2055 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002056 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002057
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002058 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02002059 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002060 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002061 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002062 if (lru && lru->domain)
2063 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02002064 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002065 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002066 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002067 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002068 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002069 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002070 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002071 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002072 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002073 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002074 SSL_set_SSL_CTX(ssl, ssl_ctx);
2075 /* No LRU cache, this CTX will be released as soon as the session dies */
2076 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002077 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002078 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002079 return 0;
2080}
2081static int
2082ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
2083{
2084 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002085 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002086
2087 conn_get_to_addr(conn);
2088 if (conn->flags & CO_FL_ADDR_TO_SET) {
2089 key = ssl_sock_generated_cert_key(&conn->addr.to, get_addr_len(&conn->addr.to));
Emeric Brun821bb9b2017-06-15 16:37:39 +02002090 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002091 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002092 }
2093 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002094}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002095#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002096
Willy Tarreau9a1ab082019-05-09 13:26:41 +02002097#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002098typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
2099
2100static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002101{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002102#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002103 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002104 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
2105#endif
2106}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002107static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2108 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002109 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
2110}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002111static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002112#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002113 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002114 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
2115#endif
2116}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002117static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002118#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002119 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002120 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
2121#endif
2122}
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002123/* TLSv1.2 is the last supported version in this context. */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002124static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
2125/* Unusable in this context. */
2126static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
2127static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
2128static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
2129static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
2130static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002131#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002132typedef enum { SET_MIN, SET_MAX } set_context_func;
2133
2134static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2135 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002136 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2137}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002138static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2139 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2140 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2141}
2142static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2143 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002144 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2145}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002146static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2147 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2148 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2149}
2150static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2151 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002152 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2153}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002154static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2155 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2156 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2157}
2158static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2159 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002160 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2161}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002162static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2163 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2164 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2165}
2166static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002167#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002168 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002169 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2170#endif
2171}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002172static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2173#if SSL_OP_NO_TLSv1_3
2174 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2175 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002176#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002177}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002178#endif
2179static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2180static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002181
2182static struct {
2183 int option;
2184 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002185 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2186 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002187 const char *name;
2188} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002189 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2190 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2191 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2192 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2193 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2194 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002195};
2196
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002197static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2198{
2199 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2200 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2201 SSL_set_SSL_CTX(ssl, ctx);
2202}
2203
Willy Tarreau5db847a2019-05-09 14:13:35 +02002204#if ((HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL))
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002205
2206static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2207{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002208 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002209 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002210
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002211 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2212 return SSL_TLSEXT_ERR_OK;
2213 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002214}
2215
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002216#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002217static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2218{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002219 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002220#else
2221static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2222{
2223#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002224 struct connection *conn;
2225 struct bind_conf *s;
2226 const uint8_t *extension_data;
2227 size_t extension_len;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002228 int has_rsa_sig = 0, has_ecdsa_sig = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002229
2230 char *wildp = NULL;
2231 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002232 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002233 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002234 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002235 int i;
2236
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002237 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreaua8825522018-10-15 13:20:07 +02002238 s = __objt_listener(conn->target)->bind_conf;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002239
Olivier Houchard9679ac92017-10-27 14:58:08 +02002240 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002241 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002242#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002243 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2244 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002245#else
2246 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2247#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002248 /*
2249 * The server_name extension was given too much extensibility when it
2250 * was written, so parsing the normal case is a bit complex.
2251 */
2252 size_t len;
2253 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002254 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002255 /* Extract the length of the supplied list of names. */
2256 len = (*extension_data++) << 8;
2257 len |= *extension_data++;
2258 if (len + 2 != extension_len)
2259 goto abort;
2260 /*
2261 * The list in practice only has a single element, so we only consider
2262 * the first one.
2263 */
2264 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2265 goto abort;
2266 extension_len = len - 1;
2267 /* Now we can finally pull out the byte array with the actual hostname. */
2268 if (extension_len <= 2)
2269 goto abort;
2270 len = (*extension_data++) << 8;
2271 len |= *extension_data++;
2272 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2273 || memchr(extension_data, 0, len) != NULL)
2274 goto abort;
2275 servername = extension_data;
2276 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002277 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002278#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2279 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002280 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002281 }
2282#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002283 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002284 if (!s->strict_sni) {
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002285 ssl_sock_switchctx_set(ssl, s->default_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002286 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002287 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002288 goto abort;
2289 }
2290
2291 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002292#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002293 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002294#else
2295 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2296#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002297 uint8_t sign;
2298 size_t len;
2299 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002300 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002301 len = (*extension_data++) << 8;
2302 len |= *extension_data++;
2303 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002304 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002305 if (len % 2 != 0)
2306 goto abort;
2307 for (; len > 0; len -= 2) {
2308 extension_data++; /* hash */
2309 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002310 switch (sign) {
2311 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002312 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002313 break;
2314 case TLSEXT_signature_ecdsa:
2315 has_ecdsa_sig = 1;
2316 break;
2317 default:
2318 continue;
2319 }
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002320 if (has_ecdsa_sig && has_rsa_sig)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002321 break;
2322 }
2323 } else {
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002324 /* without TLSEXT_TYPE_signature_algorithms extension (< TLSv1.2) */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002325 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002326 }
2327 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002328 const SSL_CIPHER *cipher;
2329 size_t len;
2330 const uint8_t *cipher_suites;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002331 has_ecdsa_sig = 0;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002332#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002333 len = ctx->cipher_suites_len;
2334 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002335#else
2336 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2337#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002338 if (len % 2 != 0)
2339 goto abort;
2340 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002341#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002342 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002343 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002344#else
2345 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2346#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002347 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002348 has_ecdsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002349 break;
2350 }
2351 }
2352 }
2353
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002354 for (i = 0; i < trash.size && i < servername_len; i++) {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002355 trash.area[i] = tolower(servername[i]);
2356 if (!wildp && (trash.area[i] == '.'))
2357 wildp = &trash.area[i];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002358 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002359 trash.area[i] = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002360
2361 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002362 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002363
2364 /* lookup a not neg filter */
2365 for (n = node; n; n = ebmb_next_dup(n)) {
2366 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002367 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002368 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002369 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002370 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002371 break;
2372 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002373 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002374 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002375 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002376 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002377 if (!node_anonymous)
2378 node_anonymous = n;
2379 break;
2380 }
2381 }
2382 }
2383 if (wildp) {
2384 /* lookup in wildcards names */
2385 node = ebst_lookup(&s->sni_w_ctx, wildp);
2386 for (n = node; n; n = ebmb_next_dup(n)) {
2387 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002388 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002389 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002390 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002391 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002392 break;
2393 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002394 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002395 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002396 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002397 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002398 if (!node_anonymous)
2399 node_anonymous = n;
2400 break;
2401 }
2402 }
2403 }
2404 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002405 /* select by key_signature priority order */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002406 node = (has_ecdsa_sig && node_ecdsa) ? node_ecdsa
2407 : ((has_rsa_sig && node_rsa) ? node_rsa
2408 : (node_anonymous ? node_anonymous
2409 : (node_ecdsa ? node_ecdsa /* no ecdsa signature case (< TLSv1.2) */
2410 : node_rsa /* no rsa signature case (far far away) */
2411 )));
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002412 if (node) {
2413 /* switch ctx */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02002414 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002415 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002416 if (conf) {
2417 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2418 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2419 if (conf->early_data)
2420 allow_early = 1;
2421 }
2422 goto allow_early;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002423 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002424#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002425 if (s->generate_certs && ssl_sock_generate_certificate(trash.area, s, ssl)) {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002426 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002427 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002428 }
2429#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002430 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002431 /* no certificate match, is the default_ctx */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002432 ssl_sock_switchctx_set(ssl, s->default_ctx);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002433 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002434allow_early:
2435#ifdef OPENSSL_IS_BORINGSSL
2436 if (allow_early)
2437 SSL_set_early_data_enabled(ssl, 1);
2438#else
2439 if (!allow_early)
2440 SSL_set_max_early_data(ssl, 0);
2441#endif
2442 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002443 abort:
2444 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2445 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002446#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002447 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002448#else
2449 *al = SSL_AD_UNRECOGNIZED_NAME;
2450 return 0;
2451#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002452}
2453
2454#else /* OPENSSL_IS_BORINGSSL */
2455
Emeric Brunfc0421f2012-09-07 17:30:07 +02002456/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2457 * warning when no match is found, which implies the default (first) cert
2458 * will keep being used.
2459 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002460static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002461{
2462 const char *servername;
2463 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002464 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002465 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002466 int i;
2467 (void)al; /* shut gcc stupid warning */
2468
2469 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002470 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002471#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002472 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2473 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002474#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002475 if (s->strict_sni)
2476 return SSL_TLSEXT_ERR_ALERT_FATAL;
2477 ssl_sock_switchctx_set(ssl, s->default_ctx);
2478 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002479 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002480
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002481 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002482 if (!servername[i])
2483 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002484 trash.area[i] = tolower(servername[i]);
2485 if (!wildp && (trash.area[i] == '.'))
2486 wildp = &trash.area[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002487 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002488 trash.area[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002489
2490 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002491 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002492
2493 /* lookup a not neg filter */
2494 for (n = node; n; n = ebmb_next_dup(n)) {
2495 if (!container_of(n, struct sni_ctx, name)->neg) {
2496 node = n;
2497 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002498 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002499 }
2500 if (!node && wildp) {
2501 /* lookup in wildcards names */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002502 node = ebst_lookup(&s->sni_w_ctx, wildp);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002503 }
2504 if (!node || container_of(node, struct sni_ctx, name)->neg) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002505#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002506 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2507 /* switch ctx done in ssl_sock_generate_certificate */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002508 return SSL_TLSEXT_ERR_OK;
2509 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002510#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002511 if (s->strict_sni)
2512 return SSL_TLSEXT_ERR_ALERT_FATAL;
2513 ssl_sock_switchctx_set(ssl, s->default_ctx);
2514 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002515 }
2516
2517 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002518 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002519 return SSL_TLSEXT_ERR_OK;
2520}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002521#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002522#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2523
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002524#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002525
2526static DH * ssl_get_dh_1024(void)
2527{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002528 static unsigned char dh1024_p[]={
2529 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2530 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2531 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2532 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2533 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2534 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2535 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2536 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2537 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2538 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2539 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2540 };
2541 static unsigned char dh1024_g[]={
2542 0x02,
2543 };
2544
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002545 BIGNUM *p;
2546 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002547 DH *dh = DH_new();
2548 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002549 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2550 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002551
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002552 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002553 DH_free(dh);
2554 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002555 } else {
2556 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002557 }
2558 }
2559 return dh;
2560}
2561
2562static DH *ssl_get_dh_2048(void)
2563{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002564 static unsigned char dh2048_p[]={
2565 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2566 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2567 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2568 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2569 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2570 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2571 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2572 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2573 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2574 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2575 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2576 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2577 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2578 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2579 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2580 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2581 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2582 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2583 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2584 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2585 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2586 0xB7,0x1F,0x77,0xF3,
2587 };
2588 static unsigned char dh2048_g[]={
2589 0x02,
2590 };
2591
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002592 BIGNUM *p;
2593 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002594 DH *dh = DH_new();
2595 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002596 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2597 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002598
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002599 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002600 DH_free(dh);
2601 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002602 } else {
2603 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002604 }
2605 }
2606 return dh;
2607}
2608
2609static DH *ssl_get_dh_4096(void)
2610{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002611 static unsigned char dh4096_p[]={
2612 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2613 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2614 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2615 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2616 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2617 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2618 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2619 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2620 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2621 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2622 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2623 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2624 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2625 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2626 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2627 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2628 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2629 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2630 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2631 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2632 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2633 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2634 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2635 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2636 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2637 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2638 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2639 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2640 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2641 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2642 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2643 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2644 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2645 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2646 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2647 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2648 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2649 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2650 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2651 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2652 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2653 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2654 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002655 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002656 static unsigned char dh4096_g[]={
2657 0x02,
2658 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002659
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002660 BIGNUM *p;
2661 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002662 DH *dh = DH_new();
2663 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002664 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2665 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002666
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002667 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002668 DH_free(dh);
2669 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002670 } else {
2671 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002672 }
2673 }
2674 return dh;
2675}
2676
2677/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002678 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002679static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2680{
2681 DH *dh = NULL;
2682 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002683 int type;
2684
2685 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002686
2687 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2688 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2689 */
2690 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2691 keylen = EVP_PKEY_bits(pkey);
2692 }
2693
Willy Tarreauef934602016-12-22 23:12:01 +01002694 if (keylen > global_ssl.default_dh_param) {
2695 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002696 }
2697
Remi Gacogned3a341a2015-05-29 16:26:17 +02002698 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002699 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002700 }
2701 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002702 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002703 }
2704 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002705 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002706 }
2707
2708 return dh;
2709}
2710
Remi Gacogne47783ef2015-05-29 15:53:22 +02002711static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002712{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002713 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002714 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002715
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002716 if (in == NULL)
2717 goto end;
2718
Remi Gacogne47783ef2015-05-29 15:53:22 +02002719 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002720 goto end;
2721
Remi Gacogne47783ef2015-05-29 15:53:22 +02002722 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2723
2724end:
2725 if (in)
2726 BIO_free(in);
2727
Emeric Brune1b4ed42018-08-16 15:14:12 +02002728 ERR_clear_error();
2729
Remi Gacogne47783ef2015-05-29 15:53:22 +02002730 return dh;
2731}
2732
2733int ssl_sock_load_global_dh_param_from_file(const char *filename)
2734{
2735 global_dh = ssl_sock_get_dh_from_file(filename);
2736
2737 if (global_dh) {
2738 return 0;
2739 }
2740
2741 return -1;
2742}
2743
2744/* Loads Diffie-Hellman parameter from a file. Returns 1 if loaded, else -1
Joseph Herlant017b3da2018-11-15 09:07:59 -08002745 if an error occurred, and 0 if parameter not found. */
Remi Gacogne47783ef2015-05-29 15:53:22 +02002746int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file)
2747{
2748 int ret = -1;
2749 DH *dh = ssl_sock_get_dh_from_file(file);
2750
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002751 if (dh) {
2752 ret = 1;
2753 SSL_CTX_set_tmp_dh(ctx, dh);
Remi Gacogne4f902b82015-05-28 16:23:00 +02002754
2755 if (ssl_dh_ptr_index >= 0) {
2756 /* store a pointer to the DH params to avoid complaining about
2757 ssl-default-dh-param not being set for this SSL_CTX */
2758 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
2759 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002760 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02002761 else if (global_dh) {
2762 SSL_CTX_set_tmp_dh(ctx, global_dh);
2763 ret = 0; /* DH params not found */
2764 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002765 else {
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002766 /* Clear openssl global errors stack */
2767 ERR_clear_error();
2768
Willy Tarreauef934602016-12-22 23:12:01 +01002769 if (global_ssl.default_dh_param <= 1024) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002770 /* we are limited to DH parameter of 1024 bits anyway */
Remi Gacognec7e12632016-07-02 16:26:10 +02002771 if (local_dh_1024 == NULL)
2772 local_dh_1024 = ssl_get_dh_1024();
2773
Remi Gacogne8de54152014-07-15 11:36:40 +02002774 if (local_dh_1024 == NULL)
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002775 goto end;
Willy Tarreau6e774b42014-04-25 21:35:23 +02002776
Remi Gacogne8de54152014-07-15 11:36:40 +02002777 SSL_CTX_set_tmp_dh(ctx, local_dh_1024);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002778 }
2779 else {
2780 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
2781 }
Willy Tarreau6e774b42014-04-25 21:35:23 +02002782
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002783 ret = 0; /* DH params not found */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002784 }
Emeric Brun644cde02012-12-14 11:21:13 +01002785
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002786end:
2787 if (dh)
2788 DH_free(dh);
2789
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002790 return ret;
2791}
2792#endif
2793
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002794static int ssl_sock_add_cert_sni(SSL_CTX *ctx, struct bind_conf *s, struct ssl_bind_conf *conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002795 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002796{
2797 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002798 int wild = 0, neg = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002799 struct ebmb_node *node;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002800
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002801 if (*name == '!') {
2802 neg = 1;
2803 name++;
2804 }
2805 if (*name == '*') {
2806 wild = 1;
2807 name++;
2808 }
2809 /* !* filter is a nop */
2810 if (neg && wild)
2811 return order;
2812 if (*name) {
2813 int j, len;
2814 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002815 for (j = 0; j < len && j < trash.size; j++)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002816 trash.area[j] = tolower(name[j]);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002817 if (j >= trash.size)
William Lallemand24e292c2019-10-03 23:46:33 +02002818 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002819 trash.area[j] = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002820
2821 /* Check for duplicates. */
2822 if (wild)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002823 node = ebst_lookup(&s->sni_w_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002824 else
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002825 node = ebst_lookup(&s->sni_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002826 for (; node; node = ebmb_next_dup(node)) {
2827 sc = ebmb_entry(node, struct sni_ctx, name);
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002828 if (sc->ctx == ctx && sc->conf == conf && sc->neg == neg)
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002829 return order;
2830 }
2831
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002832 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002833 if (!sc)
William Lallemand24e292c2019-10-03 23:46:33 +02002834 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002835 memcpy(sc->name.key, trash.area, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002836 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002837 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002838 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002839 sc->order = order++;
2840 sc->neg = neg;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01002841 if (kinfo.sig != TLSEXT_signature_anonymous)
2842 SSL_CTX_set_ex_data(ctx, ssl_pkey_info_index, &sc->kinfo);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002843 if (wild)
2844 ebst_insert(&s->sni_w_ctx, &sc->name);
2845 else
2846 ebst_insert(&s->sni_ctx, &sc->name);
2847 }
2848 return order;
2849}
2850
yanbzhu488a4d22015-12-01 15:16:07 -05002851
2852/* The following code is used for loading multiple crt files into
2853 * SSL_CTX's based on CN/SAN
2854 */
Willy Tarreau5db847a2019-05-09 14:13:35 +02002855#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu488a4d22015-12-01 15:16:07 -05002856/* This is used to preload the certifcate, private key
2857 * and Cert Chain of a file passed in via the crt
2858 * argument
2859 *
2860 * This way, we do not have to read the file multiple times
2861 */
2862struct cert_key_and_chain {
2863 X509 *cert;
2864 EVP_PKEY *key;
2865 unsigned int num_chain_certs;
2866 /* This is an array of X509 pointers */
2867 X509 **chain_certs;
2868};
2869
yanbzhu08ce6ab2015-12-02 13:01:29 -05002870#define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
2871
2872struct key_combo_ctx {
2873 SSL_CTX *ctx;
2874 int order;
2875};
2876
2877/* Map used for processing multiple keypairs for a single purpose
2878 *
2879 * This maps CN/SNI name to certificate type
2880 */
2881struct sni_keytype {
2882 int keytypes; /* BITMASK for keytypes */
2883 struct ebmb_node name; /* node holding the servername value */
2884};
2885
2886
yanbzhu488a4d22015-12-01 15:16:07 -05002887/* Frees the contents of a cert_key_and_chain
2888 */
2889static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
2890{
2891 int i;
2892
2893 if (!ckch)
2894 return;
2895
2896 /* Free the certificate and set pointer to NULL */
2897 if (ckch->cert)
2898 X509_free(ckch->cert);
2899 ckch->cert = NULL;
2900
2901 /* Free the key and set pointer to NULL */
2902 if (ckch->key)
2903 EVP_PKEY_free(ckch->key);
2904 ckch->key = NULL;
2905
2906 /* Free each certificate in the chain */
2907 for (i = 0; i < ckch->num_chain_certs; i++) {
2908 if (ckch->chain_certs[i])
2909 X509_free(ckch->chain_certs[i]);
2910 }
2911
2912 /* Free the chain obj itself and set to NULL */
2913 if (ckch->num_chain_certs > 0) {
2914 free(ckch->chain_certs);
2915 ckch->num_chain_certs = 0;
2916 ckch->chain_certs = NULL;
2917 }
2918
2919}
2920
2921/* checks if a key and cert exists in the ckch
2922 */
2923static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
2924{
2925 return (ckch->cert != NULL && ckch->key != NULL);
2926}
2927
2928
2929/* Loads the contents of a crt file (path) into a cert_key_and_chain
2930 * This allows us to carry the contents of the file without having to
2931 * read the file multiple times.
2932 *
2933 * returns:
2934 * 0 on Success
2935 * 1 on SSL Failure
2936 * 2 on file not found
2937 */
2938static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
2939{
2940
2941 BIO *in;
2942 X509 *ca = NULL;
2943 int ret = 1;
2944
2945 ssl_sock_free_cert_key_and_chain_contents(ckch);
2946
2947 in = BIO_new(BIO_s_file());
2948 if (in == NULL)
2949 goto end;
2950
2951 if (BIO_read_filename(in, path) <= 0)
2952 goto end;
2953
yanbzhu488a4d22015-12-01 15:16:07 -05002954 /* Read Private Key */
2955 ckch->key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
2956 if (ckch->key == NULL) {
2957 memprintf(err, "%sunable to load private key from file '%s'.\n",
2958 err && *err ? *err : "", path);
2959 goto end;
2960 }
2961
Willy Tarreaubb137a82016-04-06 19:02:38 +02002962 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02002963 if (BIO_reset(in) == -1) {
2964 memprintf(err, "%san error occurred while reading the file '%s'.\n",
2965 err && *err ? *err : "", path);
2966 goto end;
2967 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02002968
2969 /* Read Certificate */
2970 ckch->cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
2971 if (ckch->cert == NULL) {
2972 memprintf(err, "%sunable to load certificate from file '%s'.\n",
2973 err && *err ? *err : "", path);
2974 goto end;
2975 }
2976
yanbzhu488a4d22015-12-01 15:16:07 -05002977 /* Read Certificate Chain */
2978 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
2979 /* Grow the chain certs */
2980 ckch->num_chain_certs++;
2981 ckch->chain_certs = realloc(ckch->chain_certs, (ckch->num_chain_certs * sizeof(X509 *)));
2982
2983 /* use - 1 here since we just incremented it above */
2984 ckch->chain_certs[ckch->num_chain_certs - 1] = ca;
2985 }
2986 ret = ERR_get_error();
2987 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
2988 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
2989 err && *err ? *err : "", path);
2990 ret = 1;
2991 goto end;
2992 }
2993
2994 ret = 0;
2995
2996end:
2997
2998 ERR_clear_error();
2999 if (in)
3000 BIO_free(in);
3001
3002 /* Something went wrong in one of the reads */
3003 if (ret != 0)
3004 ssl_sock_free_cert_key_and_chain_contents(ckch);
3005
3006 return ret;
3007}
3008
3009/* Loads the info in ckch into ctx
3010 * Currently, this does not process any information about ocsp, dhparams or
3011 * sctl
3012 * Returns
3013 * 0 on success
3014 * 1 on failure
3015 */
3016static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
3017{
3018 int i = 0;
3019
3020 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
3021 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
3022 err && *err ? *err : "", path);
3023 return 1;
3024 }
3025
3026 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
3027 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
3028 err && *err ? *err : "", path);
3029 return 1;
3030 }
3031
yanbzhu488a4d22015-12-01 15:16:07 -05003032 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
3033 for (i = 0; i < ckch->num_chain_certs; i++) {
3034 if (!SSL_CTX_add1_chain_cert(ctx, ckch->chain_certs[i])) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003035 memprintf(err, "%sunable to load chain certificate #%d into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
3036 err && *err ? *err : "", (i+1), path);
yanbzhu488a4d22015-12-01 15:16:07 -05003037 return 1;
3038 }
3039 }
3040
3041 if (SSL_CTX_check_private_key(ctx) <= 0) {
3042 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3043 err && *err ? *err : "", path);
3044 return 1;
3045 }
3046
3047 return 0;
3048}
3049
yanbzhu08ce6ab2015-12-02 13:01:29 -05003050
William Lallemand4801c702019-10-04 17:36:55 +02003051static int ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003052{
3053 struct sni_keytype *s_kt = NULL;
3054 struct ebmb_node *node;
3055 int i;
3056
3057 for (i = 0; i < trash.size; i++) {
3058 if (!str[i])
3059 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003060 trash.area[i] = tolower(str[i]);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003061 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003062 trash.area[i] = 0;
3063 node = ebst_lookup(sni_keytypes, trash.area);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003064 if (!node) {
3065 /* CN not found in tree */
3066 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
3067 /* Using memcpy here instead of strncpy.
3068 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
3069 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
3070 */
William Lallemand4801c702019-10-04 17:36:55 +02003071 if (!s_kt)
3072 return -1;
3073
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003074 memcpy(s_kt->name.key, trash.area, i+1);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003075 s_kt->keytypes = 0;
3076 ebst_insert(sni_keytypes, &s_kt->name);
3077 } else {
3078 /* CN found in tree */
3079 s_kt = container_of(node, struct sni_keytype, name);
3080 }
3081
3082 /* Mark that this CN has the keytype of key_index via keytypes mask */
3083 s_kt->keytypes |= 1<<key_index;
3084
William Lallemand4801c702019-10-04 17:36:55 +02003085 return 0;
3086
yanbzhu08ce6ab2015-12-02 13:01:29 -05003087}
3088
3089
3090/* Given a path that does not exist, try to check for path.rsa, path.dsa and path.ecdsa files.
3091 * If any are found, group these files into a set of SSL_CTX*
3092 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
3093 *
Joseph Herlant017b3da2018-11-15 09:07:59 -08003094 * This will allow the user to explicitly group multiple cert/keys for a single purpose
yanbzhu08ce6ab2015-12-02 13:01:29 -05003095 *
3096 * Returns
3097 * 0 on success
3098 * 1 on failure
3099 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003100static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3101 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003102{
3103 char fp[MAXPATHLEN+1] = {0};
3104 int n = 0;
3105 int i = 0;
3106 struct cert_key_and_chain certs_and_keys[SSL_SOCK_NUM_KEYTYPES] = { {0} };
3107 struct eb_root sni_keytypes_map = { {0} };
3108 struct ebmb_node *node;
3109 struct ebmb_node *next;
3110 /* Array of SSL_CTX pointers corresponding to each possible combo
3111 * of keytypes
3112 */
3113 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
3114 int rv = 0;
3115 X509_NAME *xname = NULL;
3116 char *str = NULL;
3117#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3118 STACK_OF(GENERAL_NAME) *names = NULL;
3119#endif
3120
3121 /* Load all possible certs and keys */
3122 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3123 struct stat buf;
3124
3125 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3126 if (stat(fp, &buf) == 0) {
3127 if (ssl_sock_load_crt_file_into_ckch(fp, &certs_and_keys[n], err) == 1) {
3128 rv = 1;
3129 goto end;
3130 }
3131 }
3132 }
3133
3134 /* Process each ckch and update keytypes for each CN/SAN
3135 * for example, if CN/SAN www.a.com is associated with
3136 * certs with keytype 0 and 2, then at the end of the loop,
3137 * www.a.com will have:
3138 * keyindex = 0 | 1 | 4 = 5
3139 */
3140 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
William Lallemand4801c702019-10-04 17:36:55 +02003141 int ret;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003142
3143 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3144 continue;
3145
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003146 if (fcount) {
William Lallemand4801c702019-10-04 17:36:55 +02003147 for (i = 0; i < fcount; i++) {
3148 ret = ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3149 if (ret < 0) {
3150 memprintf(err, "%sunable to allocate SSL context.\n",
3151 err && *err ? *err : "");
3152 rv = 1;
3153 goto end;
3154 }
3155 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003156 } else {
3157 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3158 * so the line that contains logic is marked via comments
3159 */
3160 xname = X509_get_subject_name(certs_and_keys[n].cert);
3161 i = -1;
3162 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3163 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003164 ASN1_STRING *value;
3165 value = X509_NAME_ENTRY_get_data(entry);
3166 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003167 /* Important line is here */
William Lallemand4801c702019-10-04 17:36:55 +02003168 ret = ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003169
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003170 OPENSSL_free(str);
3171 str = NULL;
William Lallemand4801c702019-10-04 17:36:55 +02003172 if (ret < 0) {
3173 memprintf(err, "%sunable to allocate SSL context.\n",
3174 err && *err ? *err : "");
3175 rv = 1;
3176 goto end;
3177 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003178 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003179 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003180
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003181 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003182#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003183 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3184 if (names) {
3185 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3186 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003187
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003188 if (name->type == GEN_DNS) {
3189 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3190 /* Important line is here */
William Lallemand4801c702019-10-04 17:36:55 +02003191 ret = ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003192
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003193 OPENSSL_free(str);
3194 str = NULL;
William Lallemand4801c702019-10-04 17:36:55 +02003195 if (ret < 0) {
3196 memprintf(err, "%sunable to allocate SSL context.\n",
3197 err && *err ? *err : "");
3198 rv = 1;
3199 goto end;
3200 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003201 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003202 }
3203 }
3204 }
3205 }
3206#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3207 }
3208
3209 /* If no files found, return error */
3210 if (eb_is_empty(&sni_keytypes_map)) {
3211 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3212 err && *err ? *err : "", path);
3213 rv = 1;
3214 goto end;
3215 }
3216
3217 /* We now have a map of CN/SAN to keytypes that are loaded in
3218 * Iterate through the map to create the SSL_CTX's (if needed)
3219 * and add each CTX to the SNI tree
3220 *
3221 * Some math here:
Joseph Herlant017b3da2018-11-15 09:07:59 -08003222 * There are 2^n - 1 possible combinations, each unique
yanbzhu08ce6ab2015-12-02 13:01:29 -05003223 * combination is denoted by the key in the map. Each key
3224 * has a value between 1 and 2^n - 1. Conveniently, the array
3225 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3226 * entry in the array to correspond to the unique combo (key)
3227 * associated with i. This unique key combo (i) will be associated
3228 * with combos[i-1]
3229 */
3230
3231 node = ebmb_first(&sni_keytypes_map);
3232 while (node) {
3233 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003234 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003235 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003236
3237 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3238 i = container_of(node, struct sni_keytype, name)->keytypes;
3239 cur_ctx = key_combos[i-1].ctx;
3240
3241 if (cur_ctx == NULL) {
3242 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003243 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003244 if (cur_ctx == NULL) {
3245 memprintf(err, "%sunable to allocate SSL context.\n",
3246 err && *err ? *err : "");
3247 rv = 1;
3248 goto end;
3249 }
3250
yanbzhube2774d2015-12-10 15:07:30 -05003251 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003252 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3253 if (i & (1<<n)) {
3254 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003255 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3256 if (ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err) != 0) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003257 SSL_CTX_free(cur_ctx);
3258 rv = 1;
3259 goto end;
3260 }
yanbzhube2774d2015-12-10 15:07:30 -05003261
3262#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
3263 /* Load OCSP Info into context */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003264 if (ssl_sock_load_ocsp(cur_ctx, cur_file) < 0) {
yanbzhube2774d2015-12-10 15:07:30 -05003265 if (err)
3266 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
Bertrand Jacquin5424ee02016-11-13 16:37:14 +00003267 *err ? *err : "", cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003268 SSL_CTX_free(cur_ctx);
3269 rv = 1;
3270 goto end;
3271 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003272#elif (defined OPENSSL_IS_BORINGSSL)
3273 ssl_sock_set_ocsp_response_from_file(cur_ctx, cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003274#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05003275 }
3276 }
3277
3278 /* Load DH params into the ctx to support DHE keys */
3279#ifndef OPENSSL_NO_DH
3280 if (ssl_dh_ptr_index >= 0)
3281 SSL_CTX_set_ex_data(cur_ctx, ssl_dh_ptr_index, NULL);
3282
3283 rv = ssl_sock_load_dh_params(cur_ctx, NULL);
3284 if (rv < 0) {
3285 if (err)
3286 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3287 *err ? *err : "", path);
3288 rv = 1;
3289 goto end;
3290 }
3291#endif
3292
3293 /* Update key_combos */
3294 key_combos[i-1].ctx = cur_ctx;
3295 }
3296
3297 /* Update SNI Tree */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003298 key_combos[i-1].order = ssl_sock_add_cert_sni(cur_ctx, bind_conf, ssl_conf,
William Lallemand24e292c2019-10-03 23:46:33 +02003299 kinfo, str, key_combos[i-1].order);
3300 if (key_combos[i-1].order < 0) {
3301 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
3302 rv = 1;
3303 goto end;
3304 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003305 node = ebmb_next(node);
3306 }
3307
3308
3309 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3310 if (!bind_conf->default_ctx) {
3311 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3312 if (key_combos[i].ctx) {
3313 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003314 bind_conf->default_ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003315 break;
3316 }
3317 }
3318 }
3319
3320end:
3321
3322 if (names)
3323 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
3324
3325 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
3326 ssl_sock_free_cert_key_and_chain_contents(&certs_and_keys[n]);
3327
3328 node = ebmb_first(&sni_keytypes_map);
3329 while (node) {
3330 next = ebmb_next(node);
3331 ebmb_delete(node);
William Lallemande92c0302019-10-04 17:24:39 +02003332 free(ebmb_entry(node, struct sni_keytype, name));
yanbzhu08ce6ab2015-12-02 13:01:29 -05003333 node = next;
3334 }
3335
3336 return rv;
3337}
3338#else
3339/* This is a dummy, that just logs an error and returns error */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003340static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3341 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003342{
3343 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3344 err && *err ? *err : "", path, strerror(errno));
3345 return 1;
3346}
3347
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003348#endif /* #if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
yanbzhu488a4d22015-12-01 15:16:07 -05003349
Emeric Brunfc0421f2012-09-07 17:30:07 +02003350/* Loads a certificate key and CA chain from a file. Returns 0 on error, -1 if
3351 * an early error happens and the caller must call SSL_CTX_free() by itelf.
3352 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003353static int ssl_sock_load_cert_chain_file(SSL_CTX *ctx, const char *file, struct bind_conf *s,
3354 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003355{
3356 BIO *in;
3357 X509 *x = NULL, *ca;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003358 int i, err;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003359 int ret = -1;
3360 int order = 0;
3361 X509_NAME *xname;
3362 char *str;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003363 pem_password_cb *passwd_cb;
3364 void *passwd_cb_userdata;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003365 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003366 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003367
Emeric Brunfc0421f2012-09-07 17:30:07 +02003368#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3369 STACK_OF(GENERAL_NAME) *names;
3370#endif
3371
3372 in = BIO_new(BIO_s_file());
3373 if (in == NULL)
3374 goto end;
3375
3376 if (BIO_read_filename(in, file) <= 0)
3377 goto end;
3378
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003379
3380 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
3381 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
3382
3383 x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003384 if (x == NULL)
3385 goto end;
3386
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003387 pkey = X509_get_pubkey(x);
3388 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003389 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003390 switch(EVP_PKEY_base_id(pkey)) {
3391 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003392 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003393 break;
3394 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003395 kinfo.sig = TLSEXT_signature_ecdsa;
3396 break;
3397 case EVP_PKEY_DSA:
3398 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003399 break;
3400 }
3401 EVP_PKEY_free(pkey);
3402 }
3403
Emeric Brun50bcecc2013-04-22 13:05:23 +02003404 if (fcount) {
William Lallemand24e292c2019-10-03 23:46:33 +02003405 while (fcount--) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003406 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, sni_filter[fcount], order);
William Lallemand24e292c2019-10-03 23:46:33 +02003407 if (order < 0)
3408 goto end;
3409 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003410 }
3411 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003412#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003413 names = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
3414 if (names) {
3415 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3416 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
3417 if (name->type == GEN_DNS) {
3418 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003419 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003420 OPENSSL_free(str);
William Lallemand24e292c2019-10-03 23:46:33 +02003421 if (order < 0)
3422 goto end;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003423 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003424 }
3425 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003426 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003427 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003428#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003429 xname = X509_get_subject_name(x);
3430 i = -1;
3431 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3432 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003433 ASN1_STRING *value;
3434
3435 value = X509_NAME_ENTRY_get_data(entry);
3436 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003437 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003438 OPENSSL_free(str);
William Lallemand24e292c2019-10-03 23:46:33 +02003439 if (order < 0)
3440 goto end;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003441 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003442 }
3443 }
3444
3445 ret = 0; /* the caller must not free the SSL_CTX argument anymore */
3446 if (!SSL_CTX_use_certificate(ctx, x))
3447 goto end;
3448
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003449#ifdef SSL_CTX_clear_extra_chain_certs
3450 SSL_CTX_clear_extra_chain_certs(ctx);
3451#else
Emeric Brunfc0421f2012-09-07 17:30:07 +02003452 if (ctx->extra_certs != NULL) {
3453 sk_X509_pop_free(ctx->extra_certs, X509_free);
3454 ctx->extra_certs = NULL;
3455 }
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003456#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003457
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003458 while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_cb_userdata))) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003459 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3460 X509_free(ca);
3461 goto end;
3462 }
3463 }
3464
3465 err = ERR_get_error();
3466 if (!err || (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
3467 /* we successfully reached the last cert in the file */
3468 ret = 1;
3469 }
3470 ERR_clear_error();
3471
3472end:
3473 if (x)
3474 X509_free(x);
3475
3476 if (in)
3477 BIO_free(in);
3478
3479 return ret;
3480}
3481
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003482static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3483 char **sni_filter, int fcount, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003484{
3485 int ret;
3486 SSL_CTX *ctx;
3487
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003488 ctx = SSL_CTX_new(SSLv23_server_method());
Emeric Brunfc0421f2012-09-07 17:30:07 +02003489 if (!ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003490 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3491 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003492 return 1;
3493 }
3494
3495 if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003496 memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n",
3497 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003498 SSL_CTX_free(ctx);
3499 return 1;
3500 }
3501
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003502 ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, ssl_conf, sni_filter, fcount);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003503 if (ret <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003504 memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n",
3505 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003506 if (ret < 0) /* serious error, must do that ourselves */
3507 SSL_CTX_free(ctx);
3508 return 1;
3509 }
Emeric Brun61694ab2012-10-26 13:35:33 +02003510
3511 if (SSL_CTX_check_private_key(ctx) <= 0) {
3512 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3513 err && *err ? *err : "", path);
3514 return 1;
3515 }
3516
Emeric Brunfc0421f2012-09-07 17:30:07 +02003517 /* we must not free the SSL_CTX anymore below, since it's already in
3518 * the tree, so it will be discovered and cleaned in time.
3519 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003520#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +02003521 /* store a NULL pointer to indicate we have not yet loaded
3522 a custom DH param file */
3523 if (ssl_dh_ptr_index >= 0) {
3524 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3525 }
3526
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003527 ret = ssl_sock_load_dh_params(ctx, path);
3528 if (ret < 0) {
3529 if (err)
3530 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3531 *err ? *err : "", path);
3532 return 1;
3533 }
3534#endif
3535
Lukas Tribuse4e30f72014-12-09 16:32:51 +01003536#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +02003537 ret = ssl_sock_load_ocsp(ctx, path);
3538 if (ret < 0) {
3539 if (err)
3540 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3541 *err ? *err : "", path);
3542 return 1;
3543 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003544#elif (defined OPENSSL_IS_BORINGSSL)
3545 ssl_sock_set_ocsp_response_from_file(ctx, path);
Emeric Brun4147b2e2014-06-16 18:36:30 +02003546#endif
3547
Willy Tarreau5db847a2019-05-09 14:13:35 +02003548#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01003549 if (sctl_ex_index >= 0) {
3550 ret = ssl_sock_load_sctl(ctx, path);
3551 if (ret < 0) {
3552 if (err)
3553 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3554 *err ? *err : "", path);
3555 return 1;
3556 }
3557 }
3558#endif
3559
Emeric Brunfc0421f2012-09-07 17:30:07 +02003560#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003561 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003562 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
3563 err && *err ? *err : "");
Emeric Brunfc0421f2012-09-07 17:30:07 +02003564 return 1;
3565 }
3566#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003567 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003568 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003569 bind_conf->default_ssl_conf = ssl_conf;
3570 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003571
3572 return 0;
3573}
3574
Willy Tarreau03209342016-12-22 17:08:28 +01003575int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003576{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003577 struct dirent **de_list;
3578 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003579 DIR *dir;
3580 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01003581 char *end;
3582 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02003583 int cfgerr = 0;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003584#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05003585 int is_bundle;
3586 int j;
3587#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003588
yanbzhu08ce6ab2015-12-02 13:01:29 -05003589 if (stat(path, &buf) == 0) {
3590 dir = opendir(path);
3591 if (!dir)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003592 return ssl_sock_load_cert_file(path, bind_conf, NULL, NULL, 0, err);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003593
yanbzhu08ce6ab2015-12-02 13:01:29 -05003594 /* strip trailing slashes, including first one */
3595 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
3596 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003597
yanbzhu08ce6ab2015-12-02 13:01:29 -05003598 n = scandir(path, &de_list, 0, alphasort);
3599 if (n < 0) {
3600 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
3601 err && *err ? *err : "", path, strerror(errno));
3602 cfgerr++;
3603 }
3604 else {
3605 for (i = 0; i < n; i++) {
3606 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02003607
yanbzhu08ce6ab2015-12-02 13:01:29 -05003608 end = strrchr(de->d_name, '.');
3609 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
3610 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003611
yanbzhu08ce6ab2015-12-02 13:01:29 -05003612 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
3613 if (stat(fp, &buf) != 0) {
3614 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3615 err && *err ? *err : "", fp, strerror(errno));
3616 cfgerr++;
3617 goto ignore_entry;
3618 }
3619 if (!S_ISREG(buf.st_mode))
3620 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05003621
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003622#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05003623 is_bundle = 0;
3624 /* Check if current entry in directory is part of a multi-cert bundle */
3625
3626 if (end) {
3627 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
3628 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
3629 is_bundle = 1;
3630 break;
3631 }
3632 }
3633
3634 if (is_bundle) {
3635 char dp[MAXPATHLEN+1] = {0}; /* this will be the filename w/o the keytype */
3636 int dp_len;
3637
3638 dp_len = end - de->d_name;
3639 snprintf(dp, dp_len + 1, "%s", de->d_name);
3640
3641 /* increment i and free de until we get to a non-bundle cert
3642 * Note here that we look at de_list[i + 1] before freeing de
3643 * this is important since ignore_entry will free de
3644 */
3645 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, dp, dp_len)) {
3646 free(de);
3647 i++;
3648 de = de_list[i];
3649 }
3650
3651 snprintf(fp, sizeof(fp), "%s/%s", path, dp);
Emeric Bruneb155b62018-08-16 15:11:12 +02003652 cfgerr += ssl_sock_load_multi_cert(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05003653
3654 /* Successfully processed the bundle */
3655 goto ignore_entry;
3656 }
3657 }
3658
3659#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003660 cfgerr += ssl_sock_load_cert_file(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003661ignore_entry:
3662 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003663 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003664 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003665 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003666 closedir(dir);
3667 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003668 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003669
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003670 cfgerr = ssl_sock_load_multi_cert(path, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003671
Emeric Brunfc0421f2012-09-07 17:30:07 +02003672 return cfgerr;
3673}
3674
Thierry Fournier383085f2013-01-24 14:15:43 +01003675/* Make sure openssl opens /dev/urandom before the chroot. The work is only
3676 * done once. Zero is returned if the operation fails. No error is returned
3677 * if the random is said as not implemented, because we expect that openssl
3678 * will use another method once needed.
3679 */
3680static int ssl_initialize_random()
3681{
3682 unsigned char random;
3683 static int random_initialized = 0;
3684
3685 if (!random_initialized && RAND_bytes(&random, 1) != 0)
3686 random_initialized = 1;
3687
3688 return random_initialized;
3689}
3690
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003691/* release ssl bind conf */
3692void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003693{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003694 if (conf) {
Bernard Spil13c53f82018-02-15 13:34:58 +01003695#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003696 free(conf->npn_str);
3697 conf->npn_str = NULL;
3698#endif
3699#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
3700 free(conf->alpn_str);
3701 conf->alpn_str = NULL;
3702#endif
3703 free(conf->ca_file);
3704 conf->ca_file = NULL;
3705 free(conf->crl_file);
3706 conf->crl_file = NULL;
3707 free(conf->ciphers);
3708 conf->ciphers = NULL;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02003709#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02003710 free(conf->ciphersuites);
3711 conf->ciphersuites = NULL;
3712#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01003713 free(conf->curves);
3714 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003715 free(conf->ecdhe);
3716 conf->ecdhe = NULL;
3717 }
3718}
3719
3720int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
3721{
3722 char thisline[CRT_LINESIZE];
3723 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003724 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05003725 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003726 int linenum = 0;
3727 int cfgerr = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003728
Willy Tarreauad1731d2013-04-02 17:35:58 +02003729 if ((f = fopen(file, "r")) == NULL) {
3730 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003731 return 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003732 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003733
3734 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003735 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003736 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003737 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003738 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003739 char *crt_path;
3740 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003741
3742 linenum++;
3743 end = line + strlen(line);
3744 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
3745 /* Check if we reached the limit and the last char is not \n.
3746 * Watch out for the last line without the terminating '\n'!
3747 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02003748 memprintf(err, "line %d too long in file '%s', limit is %d characters",
3749 linenum, file, (int)sizeof(thisline)-1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003750 cfgerr = 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003751 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003752 }
3753
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003754 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02003755 newarg = 1;
3756 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003757 if (*line == '#' || *line == '\n' || *line == '\r') {
3758 /* end of string, end of loop */
3759 *line = 0;
3760 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003761 } else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02003762 newarg = 1;
3763 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003764 } else if (*line == '[') {
3765 if (ssl_b) {
3766 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
3767 cfgerr = 1;
3768 break;
3769 }
3770 if (!arg) {
3771 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
3772 cfgerr = 1;
3773 break;
3774 }
3775 ssl_b = arg;
3776 newarg = 1;
3777 *line = 0;
3778 } else if (*line == ']') {
3779 if (ssl_e) {
3780 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Emeric Brun50bcecc2013-04-22 13:05:23 +02003781 cfgerr = 1;
3782 break;
3783 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003784 if (!ssl_b) {
3785 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
3786 cfgerr = 1;
3787 break;
3788 }
3789 ssl_e = arg;
3790 newarg = 1;
3791 *line = 0;
3792 } else if (newarg) {
3793 if (arg == MAX_CRT_ARGS) {
3794 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
3795 cfgerr = 1;
3796 break;
3797 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003798 newarg = 0;
3799 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003800 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003801 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003802 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003803 if (cfgerr)
3804 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003805 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003806
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003807 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003808 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003809 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003810
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003811 crt_path = args[0];
3812 if (*crt_path != '/' && global_ssl.crt_base) {
3813 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
3814 memprintf(err, "'%s' : path too long on line %d in file '%s'",
3815 crt_path, linenum, file);
3816 cfgerr = 1;
3817 break;
3818 }
3819 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
3820 crt_path = path;
3821 }
3822
3823 ssl_conf = calloc(1, sizeof *ssl_conf);
3824 cur_arg = ssl_b ? ssl_b : 1;
3825 while (cur_arg < ssl_e) {
3826 newarg = 0;
3827 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
3828 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
3829 newarg = 1;
3830 cfgerr = ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
3831 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
3832 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
3833 args[cur_arg], linenum, file);
3834 cfgerr = 1;
3835 }
3836 cur_arg += 1 + ssl_bind_kws[i].skip;
3837 break;
3838 }
3839 }
3840 if (!cfgerr && !newarg) {
3841 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
3842 args[cur_arg], linenum, file);
3843 cfgerr = 1;
3844 break;
3845 }
3846 }
3847 if (cfgerr) {
3848 ssl_sock_free_ssl_conf(ssl_conf);
3849 free(ssl_conf);
3850 ssl_conf = NULL;
3851 break;
3852 }
3853
3854 if (stat(crt_path, &buf) == 0) {
3855 cfgerr = ssl_sock_load_cert_file(crt_path, bind_conf, ssl_conf,
3856 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003857 } else {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003858 cfgerr = ssl_sock_load_multi_cert(crt_path, bind_conf, ssl_conf,
3859 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003860 }
3861
Willy Tarreauad1731d2013-04-02 17:35:58 +02003862 if (cfgerr) {
3863 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003864 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003865 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003866 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003867 fclose(f);
3868 return cfgerr;
3869}
3870
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003871/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003872static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003873ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003874{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003875 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003876 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003877 SSL_OP_ALL | /* all known workarounds for bugs */
3878 SSL_OP_NO_SSLv2 |
3879 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003880 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02003881 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003882 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02003883 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003884 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003885 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003886 SSL_MODE_ENABLE_PARTIAL_WRITE |
3887 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01003888 SSL_MODE_RELEASE_BUFFERS |
3889 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02003890 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003891 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003892 int flags = MC_SSL_O_ALL;
3893 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003894
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003895 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003896 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003897
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003898 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01003899 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
3900 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3901 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003902 else
3903 flags = conf_ssl_methods->flags;
3904
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003905 min = conf_ssl_methods->min;
3906 max = conf_ssl_methods->max;
3907 /* start with TLSv10 to remove SSLv3 per default */
3908 if (!min && (!max || max >= CONF_TLSV10))
3909 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003910 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003911 if (min)
3912 flags |= (methodVersions[min].flag - 1);
3913 if (max)
3914 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003915 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003916 min = max = CONF_TLSV_NONE;
3917 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003918 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003919 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003920 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003921 if (min) {
3922 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003923 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
3924 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3925 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
3926 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003927 hole = 0;
3928 }
3929 max = i;
3930 }
3931 else {
3932 min = max = i;
3933 }
3934 }
3935 else {
3936 if (min)
3937 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003938 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003939 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003940 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
3941 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003942 cfgerr += 1;
3943 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02003944 /* save real min/max in bind_conf */
3945 conf_ssl_methods->min = min;
3946 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003947
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003948#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003949 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08003950 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003951 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003952 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003953 else
3954 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
3955 if (flags & methodVersions[i].flag)
3956 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003957#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003958 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003959 methodVersions[min].ctx_set_version(ctx, SET_MIN);
3960 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02003961#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003962
3963 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
3964 options |= SSL_OP_NO_TICKET;
3965 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
3966 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
Dirkjan Bussink526894f2019-01-21 09:35:03 -08003967
3968#ifdef SSL_OP_NO_RENEGOTIATION
3969 options |= SSL_OP_NO_RENEGOTIATION;
3970#endif
3971
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003972 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003973
Willy Tarreau5db847a2019-05-09 14:13:35 +02003974#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003975 if (global_ssl.async)
3976 mode |= SSL_MODE_ASYNC;
3977#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003978 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003979 if (global_ssl.life_time)
3980 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003981
3982#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3983#ifdef OPENSSL_IS_BORINGSSL
3984 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
3985 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Willy Tarreau5db847a2019-05-09 14:13:35 +02003986#elif (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard51088ce2019-01-02 18:46:41 +01003987 if (bind_conf->ssl_conf.early_data) {
3988 SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
3989 SSL_CTX_set_max_early_data(ctx, global.tune.bufsize - global.tune.maxrewrite);
3990 }
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02003991 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
3992 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003993#else
3994 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003995#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02003996 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003997#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003998 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003999}
4000
William Lallemand4f45bb92017-10-30 20:08:51 +01004001
4002static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
4003{
4004 if (first == block) {
4005 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4006 if (first->len > 0)
4007 sh_ssl_sess_tree_delete(sh_ssl_sess);
4008 }
4009}
4010
4011/* return first block from sh_ssl_sess */
4012static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
4013{
4014 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
4015
4016}
4017
4018/* store a session into the cache
4019 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
4020 * data: asn1 encoded session
4021 * data_len: asn1 encoded session length
4022 * Returns 1 id session was stored (else 0)
4023 */
4024static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
4025{
4026 struct shared_block *first;
4027 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
4028
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004029 first = shctx_row_reserve_hot(ssl_shctx, NULL, data_len + sizeof(struct sh_ssl_sess_hdr));
William Lallemand4f45bb92017-10-30 20:08:51 +01004030 if (!first) {
4031 /* Could not retrieve enough free blocks to store that session */
4032 return 0;
4033 }
4034
4035 /* STORE the key in the first elem */
4036 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4037 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
4038 first->len = sizeof(struct sh_ssl_sess_hdr);
4039
4040 /* it returns the already existing node
4041 or current node if none, never returns null */
4042 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
4043 if (oldsh_ssl_sess != sh_ssl_sess) {
4044 /* NOTE: Row couldn't be in use because we lock read & write function */
4045 /* release the reserved row */
4046 shctx_row_dec_hot(ssl_shctx, first);
4047 /* replace the previous session already in the tree */
4048 sh_ssl_sess = oldsh_ssl_sess;
4049 /* ignore the previous session data, only use the header */
4050 first = sh_ssl_sess_first_block(sh_ssl_sess);
4051 shctx_row_inc_hot(ssl_shctx, first);
4052 first->len = sizeof(struct sh_ssl_sess_hdr);
4053 }
4054
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004055 if (shctx_row_data_append(ssl_shctx, first, NULL, data, data_len) < 0) {
William Lallemand99b90af2018-01-03 19:15:51 +01004056 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004057 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01004058 }
4059
4060 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004061
4062 return 1;
4063}
William Lallemanded0b5ad2017-10-30 19:36:36 +01004064
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004065/* SSL callback used when a new session is created while connecting to a server */
4066static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
4067{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004068 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004069 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004070
Willy Tarreau07d94e42018-09-20 10:57:52 +02004071 s = __objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004072
Olivier Houcharde6060c52017-11-16 17:42:52 +01004073 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
4074 int len;
4075 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004076
Olivier Houcharde6060c52017-11-16 17:42:52 +01004077 len = i2d_SSL_SESSION(sess, NULL);
4078 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
4079 ptr = s->ssl_ctx.reused_sess[tid].ptr;
4080 } else {
4081 free(s->ssl_ctx.reused_sess[tid].ptr);
4082 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
4083 s->ssl_ctx.reused_sess[tid].allocated_size = len;
4084 }
4085 if (s->ssl_ctx.reused_sess[tid].ptr) {
4086 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
4087 &ptr);
4088 }
4089 } else {
4090 free(s->ssl_ctx.reused_sess[tid].ptr);
4091 s->ssl_ctx.reused_sess[tid].ptr = NULL;
4092 }
4093
4094 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004095}
4096
Olivier Houcharde6060c52017-11-16 17:42:52 +01004097
William Lallemanded0b5ad2017-10-30 19:36:36 +01004098/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01004099int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004100{
4101 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
4102 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
4103 unsigned char *p;
4104 int data_len;
4105 unsigned int sid_length, sid_ctx_length;
4106 const unsigned char *sid_data;
4107 const unsigned char *sid_ctx_data;
4108
4109 /* Session id is already stored in to key and session id is known
4110 * so we dont store it to keep size.
4111 */
4112
4113 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4114 sid_ctx_data = SSL_SESSION_get0_id_context(sess, &sid_ctx_length);
4115 SSL_SESSION_set1_id(sess, sid_data, 0);
4116 SSL_SESSION_set1_id_context(sess, sid_ctx_data, 0);
4117
4118 /* check if buffer is large enough for the ASN1 encoded session */
4119 data_len = i2d_SSL_SESSION(sess, NULL);
4120 if (data_len > SHSESS_MAX_DATA_LEN)
4121 goto err;
4122
4123 p = encsess;
4124
4125 /* process ASN1 session encoding before the lock */
4126 i2d_SSL_SESSION(sess, &p);
4127
4128 memcpy(encid, sid_data, sid_length);
4129 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
4130 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
4131
William Lallemanda3c77cf2017-10-30 23:44:40 +01004132 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004133 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004134 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01004135 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004136err:
4137 /* reset original length values */
4138 SSL_SESSION_set1_id(sess, sid_data, sid_length);
4139 SSL_SESSION_set1_id_context(sess, sid_ctx_data, sid_ctx_length);
4140
4141 return 0; /* do not increment session reference count */
4142}
4143
4144/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004145SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004146{
William Lallemand4f45bb92017-10-30 20:08:51 +01004147 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004148 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
4149 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01004150 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01004151 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004152
4153 global.shctx_lookups++;
4154
4155 /* allow the session to be freed automatically by openssl */
4156 *do_copy = 0;
4157
4158 /* tree key is zeros padded sessionid */
4159 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4160 memcpy(tmpkey, key, key_len);
4161 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
4162 key = tmpkey;
4163 }
4164
4165 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004166 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004167
4168 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004169 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
4170 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004171 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004172 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004173 global.shctx_misses++;
4174 return NULL;
4175 }
4176
William Lallemand4f45bb92017-10-30 20:08:51 +01004177 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
4178 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004179
William Lallemand4f45bb92017-10-30 20:08:51 +01004180 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004181
William Lallemanda3c77cf2017-10-30 23:44:40 +01004182 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004183
4184 /* decode ASN1 session */
4185 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004186 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004187 /* Reset session id and session id contenxt */
4188 if (sess) {
4189 SSL_SESSION_set1_id(sess, key, key_len);
4190 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4191 }
4192
4193 return sess;
4194}
4195
William Lallemand4f45bb92017-10-30 20:08:51 +01004196
William Lallemanded0b5ad2017-10-30 19:36:36 +01004197/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004198void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004199{
William Lallemand4f45bb92017-10-30 20:08:51 +01004200 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004201 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4202 unsigned int sid_length;
4203 const unsigned char *sid_data;
4204 (void)ctx;
4205
4206 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4207 /* tree key is zeros padded sessionid */
4208 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4209 memcpy(tmpkey, sid_data, sid_length);
4210 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4211 sid_data = tmpkey;
4212 }
4213
William Lallemanda3c77cf2017-10-30 23:44:40 +01004214 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004215
4216 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004217 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4218 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004219 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004220 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004221 }
4222
4223 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004224 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004225}
4226
4227/* Set session cache mode to server and disable openssl internal cache.
4228 * Set shared cache callbacks on an ssl context.
4229 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004230void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004231{
4232 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4233
4234 if (!ssl_shctx) {
4235 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4236 return;
4237 }
4238
4239 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4240 SSL_SESS_CACHE_NO_INTERNAL |
4241 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4242
4243 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004244 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4245 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4246 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004247}
4248
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004249int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx)
4250{
4251 struct proxy *curproxy = bind_conf->frontend;
4252 int cfgerr = 0;
4253 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004254 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004255 const char *conf_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004256#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004257 const char *conf_ciphersuites;
4258#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004259 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004260
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004261 if (ssl_conf) {
4262 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4263 int i, min, max;
4264 int flags = MC_SSL_O_ALL;
4265
4266 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004267 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4268 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004269 if (min)
4270 flags |= (methodVersions[min].flag - 1);
4271 if (max)
4272 flags |= ~((methodVersions[max].flag << 1) - 1);
4273 min = max = CONF_TLSV_NONE;
4274 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4275 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4276 if (min)
4277 max = i;
4278 else
4279 min = max = i;
4280 }
4281 /* save real min/max */
4282 conf_ssl_methods->min = min;
4283 conf_ssl_methods->max = max;
4284 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004285 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4286 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004287 cfgerr += 1;
4288 }
4289 }
4290
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004291 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01004292 case SSL_SOCK_VERIFY_NONE:
4293 verify = SSL_VERIFY_NONE;
4294 break;
4295 case SSL_SOCK_VERIFY_OPTIONAL:
4296 verify = SSL_VERIFY_PEER;
4297 break;
4298 case SSL_SOCK_VERIFY_REQUIRED:
4299 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
4300 break;
4301 }
4302 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
4303 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004304 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
4305 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
4306 if (ca_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004307 /* load CAfile to verify */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004308 if (!SSL_CTX_load_verify_locations(ctx, ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004309 ha_alert("Proxy '%s': unable to load CA file '%s' for bind '%s' at [%s:%d].\n",
4310 curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004311 cfgerr++;
4312 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02004313 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
4314 /* set CA names for client cert request, function returns void */
4315 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(ca_file));
4316 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004317 }
Emeric Brun850efd52014-01-29 12:24:34 +01004318 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004319 ha_alert("Proxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
4320 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun850efd52014-01-29 12:24:34 +01004321 cfgerr++;
4322 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004323#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004324 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004325 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
4326
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004327 if (!store || !X509_STORE_load_locations(store, crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004328 ha_alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
4329 curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004330 cfgerr++;
4331 }
Emeric Brun561e5742012-10-02 15:20:55 +02004332 else {
4333 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4334 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004335 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004336#endif
Emeric Brun644cde02012-12-14 11:21:13 +01004337 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02004338 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004339#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02004340 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004341 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004342 ha_alert("Proxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
4343 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004344 cfgerr++;
4345 }
4346 }
4347#endif
4348
William Lallemand4f45bb92017-10-30 20:08:51 +01004349 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004350 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
4351 if (conf_ciphers &&
4352 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004353 ha_alert("Proxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
4354 curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004355 cfgerr++;
4356 }
4357
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004358#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004359 conf_ciphersuites = (ssl_conf && ssl_conf->ciphersuites) ? ssl_conf->ciphersuites : bind_conf->ssl_conf.ciphersuites;
4360 if (conf_ciphersuites &&
4361 !SSL_CTX_set_ciphersuites(ctx, conf_ciphersuites)) {
4362 ha_alert("Proxy '%s': unable to set TLS 1.3 cipher suites to '%s' for bind '%s' at [%s:%d].\n",
4363 curproxy->id, conf_ciphersuites, bind_conf->arg, bind_conf->file, bind_conf->line);
4364 cfgerr++;
4365 }
4366#endif
4367
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004368#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02004369 /* If tune.ssl.default-dh-param has not been set,
4370 neither has ssl-default-dh-file and no static DH
4371 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01004372 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02004373 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02004374 (ssl_dh_ptr_index == -1 ||
4375 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004376 STACK_OF(SSL_CIPHER) * ciphers = NULL;
4377 const SSL_CIPHER * cipher = NULL;
4378 char cipher_description[128];
4379 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
4380 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
4381 which is not ephemeral DH. */
4382 const char dhe_description[] = " Kx=DH ";
4383 const char dhe_export_description[] = " Kx=DH(";
4384 int idx = 0;
4385 int dhe_found = 0;
4386 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004387
Remi Gacogne23d5d372014-10-10 17:04:26 +02004388 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004389
Remi Gacogne23d5d372014-10-10 17:04:26 +02004390 if (ssl) {
4391 ciphers = SSL_get_ciphers(ssl);
4392
4393 if (ciphers) {
4394 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
4395 cipher = sk_SSL_CIPHER_value(ciphers, idx);
4396 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
4397 if (strstr(cipher_description, dhe_description) != NULL ||
4398 strstr(cipher_description, dhe_export_description) != NULL) {
4399 dhe_found = 1;
4400 break;
4401 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02004402 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004403 }
4404 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02004405 SSL_free(ssl);
4406 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004407 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004408
Lukas Tribus90132722014-08-18 00:56:33 +02004409 if (dhe_found) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004410 ha_warning("Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n");
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004411 }
4412
Willy Tarreauef934602016-12-22 23:12:01 +01004413 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004414 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004415
Willy Tarreauef934602016-12-22 23:12:01 +01004416 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004417 if (local_dh_1024 == NULL) {
4418 local_dh_1024 = ssl_get_dh_1024();
4419 }
Willy Tarreauef934602016-12-22 23:12:01 +01004420 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004421 if (local_dh_2048 == NULL) {
4422 local_dh_2048 = ssl_get_dh_2048();
4423 }
Willy Tarreauef934602016-12-22 23:12:01 +01004424 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004425 if (local_dh_4096 == NULL) {
4426 local_dh_4096 = ssl_get_dh_4096();
4427 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004428 }
4429 }
4430 }
4431#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004432
Emeric Brunfc0421f2012-09-07 17:30:07 +02004433 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004434#if HA_OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02004435 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004436#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02004437
Bernard Spil13c53f82018-02-15 13:34:58 +01004438#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004439 ssl_conf_cur = NULL;
4440 if (ssl_conf && ssl_conf->npn_str)
4441 ssl_conf_cur = ssl_conf;
4442 else if (bind_conf->ssl_conf.npn_str)
4443 ssl_conf_cur = &bind_conf->ssl_conf;
4444 if (ssl_conf_cur)
4445 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004446#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004447#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004448 ssl_conf_cur = NULL;
4449 if (ssl_conf && ssl_conf->alpn_str)
4450 ssl_conf_cur = ssl_conf;
4451 else if (bind_conf->ssl_conf.alpn_str)
4452 ssl_conf_cur = &bind_conf->ssl_conf;
4453 if (ssl_conf_cur)
4454 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02004455#endif
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004456#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004457 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
4458 if (conf_curves) {
4459 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004460 ha_alert("Proxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
4461 curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004462 cfgerr++;
4463 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01004464#if defined(SSL_CTX_set_ecdh_auto)
4465 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
4466#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004467 }
4468#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004469#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004470 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02004471 int i;
4472 EC_KEY *ecdh;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004473#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004474 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02004475 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4476 NULL);
4477
4478 if (ecdhe == NULL) {
4479 SSL_CTX_set_dh_auto(ctx, 1);
4480 return cfgerr;
4481 }
4482#else
4483 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
4484 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4485 ECDHE_DEFAULT_CURVE);
4486#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004487
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004488 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02004489 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004490 ha_alert("Proxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
4491 curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun2b58d042012-09-20 17:10:03 +02004492 cfgerr++;
4493 }
4494 else {
4495 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
4496 EC_KEY_free(ecdh);
4497 }
4498 }
4499#endif
4500
Emeric Brunfc0421f2012-09-07 17:30:07 +02004501 return cfgerr;
4502}
4503
Evan Broderbe554312013-06-27 00:05:25 -07004504static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
4505{
4506 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
4507 size_t prefixlen, suffixlen;
4508
4509 /* Trivial case */
4510 if (strcmp(pattern, hostname) == 0)
4511 return 1;
4512
Evan Broderbe554312013-06-27 00:05:25 -07004513 /* The rest of this logic is based on RFC 6125, section 6.4.3
4514 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
4515
Emeric Bruna848dae2013-10-08 11:27:28 +02004516 pattern_wildcard = NULL;
4517 pattern_left_label_end = pattern;
4518 while (*pattern_left_label_end != '.') {
4519 switch (*pattern_left_label_end) {
4520 case 0:
4521 /* End of label not found */
4522 return 0;
4523 case '*':
4524 /* If there is more than one wildcards */
4525 if (pattern_wildcard)
4526 return 0;
4527 pattern_wildcard = pattern_left_label_end;
4528 break;
4529 }
4530 pattern_left_label_end++;
4531 }
4532
4533 /* If it's not trivial and there is no wildcard, it can't
4534 * match */
4535 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07004536 return 0;
4537
4538 /* Make sure all labels match except the leftmost */
4539 hostname_left_label_end = strchr(hostname, '.');
4540 if (!hostname_left_label_end
4541 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
4542 return 0;
4543
4544 /* Make sure the leftmost label of the hostname is long enough
4545 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02004546 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07004547 return 0;
4548
4549 /* Finally compare the string on either side of the
4550 * wildcard */
4551 prefixlen = pattern_wildcard - pattern;
4552 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02004553 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
4554 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07004555 return 0;
4556
4557 return 1;
4558}
4559
4560static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
4561{
4562 SSL *ssl;
4563 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01004564 struct ssl_sock_ctx *ssl_ctx;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004565 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02004566 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07004567
4568 int depth;
4569 X509 *cert;
4570 STACK_OF(GENERAL_NAME) *alt_names;
4571 int i;
4572 X509_NAME *cert_subject;
4573 char *str;
4574
4575 if (ok == 0)
4576 return ok;
4577
4578 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004579 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard66ab4982019-02-26 18:37:15 +01004580 ssl_ctx = conn->xprt_ctx;
Evan Broderbe554312013-06-27 00:05:25 -07004581
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004582 /* We're checking if the provided hostnames match the desired one. The
4583 * desired hostname comes from the SNI we presented if any, or if not
4584 * provided then it may have been explicitly stated using a "verifyhost"
4585 * directive. If neither is set, we don't care about the name so the
4586 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02004587 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01004588 servername = SSL_get_servername(ssl_ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02004589 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004590 if (!servername) {
Willy Tarreau07d94e42018-09-20 10:57:52 +02004591 servername = __objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004592 if (!servername)
4593 return ok;
4594 }
Evan Broderbe554312013-06-27 00:05:25 -07004595
4596 /* We only need to verify the CN on the actual server cert,
4597 * not the indirect CAs */
4598 depth = X509_STORE_CTX_get_error_depth(ctx);
4599 if (depth != 0)
4600 return ok;
4601
4602 /* At this point, the cert is *not* OK unless we can find a
4603 * hostname match */
4604 ok = 0;
4605
4606 cert = X509_STORE_CTX_get_current_cert(ctx);
4607 /* It seems like this might happen if verify peer isn't set */
4608 if (!cert)
4609 return ok;
4610
4611 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
4612 if (alt_names) {
4613 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
4614 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
4615 if (name->type == GEN_DNS) {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004616#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Emeric Bruna33410c2013-09-17 15:47:48 +02004617 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
4618#else
Evan Broderbe554312013-06-27 00:05:25 -07004619 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004620#endif
Evan Broderbe554312013-06-27 00:05:25 -07004621 ok = ssl_sock_srv_hostcheck(str, servername);
4622 OPENSSL_free(str);
4623 }
4624 }
4625 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02004626 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07004627 }
4628
4629 cert_subject = X509_get_subject_name(cert);
4630 i = -1;
4631 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
4632 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02004633 ASN1_STRING *value;
4634 value = X509_NAME_ENTRY_get_data(entry);
4635 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07004636 ok = ssl_sock_srv_hostcheck(str, servername);
4637 OPENSSL_free(str);
4638 }
4639 }
4640
Willy Tarreau71d058c2017-07-26 20:09:56 +02004641 /* report the mismatch and indicate if SNI was used or not */
4642 if (!ok && !conn->err_code)
4643 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07004644 return ok;
4645}
4646
Emeric Brun94324a42012-10-11 14:00:19 +02004647/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01004648int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02004649{
Willy Tarreau03209342016-12-22 17:08:28 +01004650 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02004651 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004652 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02004653 SSL_OP_ALL | /* all known workarounds for bugs */
4654 SSL_OP_NO_SSLv2 |
4655 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004656 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02004657 SSL_MODE_ENABLE_PARTIAL_WRITE |
4658 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004659 SSL_MODE_RELEASE_BUFFERS |
4660 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01004661 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004662 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004663 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004664 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004665 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02004666
Thierry Fournier383085f2013-01-24 14:15:43 +01004667 /* Make sure openssl opens /dev/urandom before the chroot */
4668 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004669 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01004670 cfgerr++;
4671 }
4672
Willy Tarreaufce03112015-01-15 21:32:40 +01004673 /* Automatic memory computations need to know we use SSL there */
4674 global.ssl_used_backend = 1;
4675
4676 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02004677 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01004678 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004679 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
4680 curproxy->id, srv->id,
4681 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004682 cfgerr++;
4683 return cfgerr;
4684 }
4685 }
Emeric Brun94324a42012-10-11 14:00:19 +02004686 if (srv->use_ssl)
4687 srv->xprt = &ssl_sock;
4688 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01004689 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02004690
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004691 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004692 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004693 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
4694 proxy_type_str(curproxy), curproxy->id,
4695 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02004696 cfgerr++;
4697 return cfgerr;
4698 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004699
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004700 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004701 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
4702 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4703 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004704 else
4705 flags = conf_ssl_methods->flags;
4706
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004707 /* Real min and max should be determinate with configuration and openssl's capabilities */
4708 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004709 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004710 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004711 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004712
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004713 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004714 min = max = CONF_TLSV_NONE;
4715 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004716 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004717 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004718 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004719 if (min) {
4720 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004721 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
4722 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4723 proxy_type_str(curproxy), curproxy->id, srv->id,
4724 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004725 hole = 0;
4726 }
4727 max = i;
4728 }
4729 else {
4730 min = max = i;
4731 }
4732 }
4733 else {
4734 if (min)
4735 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004736 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004737 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004738 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
4739 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004740 cfgerr += 1;
4741 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004742
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004743#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004744 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08004745 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004746 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004747 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004748 else
4749 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4750 if (flags & methodVersions[i].flag)
4751 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004752#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004753 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004754 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4755 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004756#endif
4757
4758 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
4759 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004760 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004761
Willy Tarreau5db847a2019-05-09 14:13:35 +02004762#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004763 if (global_ssl.async)
4764 mode |= SSL_MODE_ASYNC;
4765#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004766 SSL_CTX_set_mode(ctx, mode);
4767 srv->ssl_ctx.ctx = ctx;
4768
Emeric Bruna7aa3092012-10-26 12:58:00 +02004769 if (srv->ssl_ctx.client_crt) {
4770 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004771 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
4772 proxy_type_str(curproxy), curproxy->id,
4773 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004774 cfgerr++;
4775 }
4776 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004777 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
4778 proxy_type_str(curproxy), curproxy->id,
4779 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004780 cfgerr++;
4781 }
4782 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004783 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
4784 proxy_type_str(curproxy), curproxy->id,
4785 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004786 cfgerr++;
4787 }
4788 }
Emeric Brun94324a42012-10-11 14:00:19 +02004789
Emeric Brun850efd52014-01-29 12:24:34 +01004790 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
4791 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01004792 switch (srv->ssl_ctx.verify) {
4793 case SSL_SOCK_VERIFY_NONE:
4794 verify = SSL_VERIFY_NONE;
4795 break;
4796 case SSL_SOCK_VERIFY_REQUIRED:
4797 verify = SSL_VERIFY_PEER;
4798 break;
4799 }
Evan Broderbe554312013-06-27 00:05:25 -07004800 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01004801 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02004802 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01004803 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02004804 if (srv->ssl_ctx.ca_file) {
4805 /* load CAfile to verify */
4806 if (!SSL_CTX_load_verify_locations(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004807 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to load CA file '%s'.\n",
4808 curproxy->id, srv->id,
4809 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004810 cfgerr++;
4811 }
4812 }
Emeric Brun850efd52014-01-29 12:24:34 +01004813 else {
4814 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01004815 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
4816 curproxy->id, srv->id,
4817 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004818 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01004819 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
4820 curproxy->id, srv->id,
4821 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004822 cfgerr++;
4823 }
Emeric Brunef42d922012-10-11 16:11:36 +02004824#ifdef X509_V_FLAG_CRL_CHECK
4825 if (srv->ssl_ctx.crl_file) {
4826 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
4827
4828 if (!store || !X509_STORE_load_locations(store, srv->ssl_ctx.crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004829 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
4830 curproxy->id, srv->id,
4831 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004832 cfgerr++;
4833 }
4834 else {
4835 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4836 }
4837 }
4838#endif
4839 }
4840
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004841 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
4842 SSL_SESS_CACHE_NO_INTERNAL_STORE);
4843 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02004844 if (srv->ssl_ctx.ciphers &&
4845 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004846 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
4847 curproxy->id, srv->id,
4848 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02004849 cfgerr++;
4850 }
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004851
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004852#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004853 if (srv->ssl_ctx.ciphersuites &&
Pierre Cheynierbc34cd12019-03-21 16:15:47 +00004854 !SSL_CTX_set_ciphersuites(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphersuites)) {
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004855 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set TLS 1.3 cipher suites to '%s'.\n",
4856 curproxy->id, srv->id,
4857 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphersuites);
4858 cfgerr++;
4859 }
4860#endif
Olivier Houchardc7566002018-11-20 23:33:50 +01004861#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
4862 if (srv->ssl_ctx.npn_str)
4863 SSL_CTX_set_next_proto_select_cb(ctx, ssl_sock_srv_select_protos, srv);
4864#endif
4865#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4866 if (srv->ssl_ctx.alpn_str)
4867 SSL_CTX_set_alpn_protos(ctx, (unsigned char *)srv->ssl_ctx.alpn_str, srv->ssl_ctx.alpn_len);
4868#endif
4869
Emeric Brun94324a42012-10-11 14:00:19 +02004870
4871 return cfgerr;
4872}
4873
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004874/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004875 * be NULL, in which case nothing is done. Returns the number of errors
4876 * encountered.
4877 */
Willy Tarreau03209342016-12-22 17:08:28 +01004878int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004879{
4880 struct ebmb_node *node;
4881 struct sni_ctx *sni;
4882 int err = 0;
4883
Willy Tarreaufce03112015-01-15 21:32:40 +01004884 /* Automatic memory computations need to know we use SSL there */
4885 global.ssl_used_frontend = 1;
4886
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004887 /* Make sure openssl opens /dev/urandom before the chroot */
4888 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004889 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004890 err++;
4891 }
4892 /* Create initial_ctx used to start the ssl connection before do switchctx */
4893 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004894 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004895 /* It should not be necessary to call this function, but it's
4896 necessary first to check and move all initialisation related
4897 to initial_ctx in ssl_sock_initial_ctx. */
4898 err += ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx);
4899 }
Emeric Brun0bed9942014-10-30 19:25:24 +01004900 if (bind_conf->default_ctx)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004901 err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx);
Emeric Brun0bed9942014-10-30 19:25:24 +01004902
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004903 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004904 while (node) {
4905 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004906 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4907 /* only initialize the CTX on its first occurrence and
4908 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004909 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004910 node = ebmb_next(node);
4911 }
4912
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004913 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004914 while (node) {
4915 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004916 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4917 /* only initialize the CTX on its first occurrence and
4918 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004919 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004920 node = ebmb_next(node);
4921 }
4922 return err;
4923}
4924
Willy Tarreau55d37912016-12-21 23:38:39 +01004925/* Prepares all the contexts for a bind_conf and allocates the shared SSL
4926 * context if needed. Returns < 0 on error, 0 on success. The warnings and
4927 * alerts are directly emitted since the rest of the stack does it below.
4928 */
4929int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
4930{
4931 struct proxy *px = bind_conf->frontend;
4932 int alloc_ctx;
4933 int err;
4934
4935 if (!bind_conf->is_ssl) {
4936 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004937 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
4938 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01004939 }
4940 return 0;
4941 }
4942 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004943 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004944 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
4945 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004946 }
4947 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004948 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
4949 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004950 return -1;
4951 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004952 }
William Lallemandc61c0b32017-12-04 18:46:39 +01004953 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01004954 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
Frédéric Lécailleb7838af2018-10-22 16:21:39 +02004955 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE, -1,
William Lallemandc3cd35f2017-11-28 11:04:43 +01004956 sizeof(*sh_ssl_sess_tree),
4957 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
Frédéric Lécaille4c8aa112018-10-25 20:22:46 +02004958 if (alloc_ctx <= 0) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01004959 if (alloc_ctx == SHCTX_E_INIT_LOCK)
4960 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
4961 else
4962 ha_alert("Unable to allocate SSL session cache.\n");
4963 return -1;
4964 }
4965 /* free block callback */
4966 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
4967 /* init the root tree within the extra space */
4968 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
4969 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01004970 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004971 err = 0;
4972 /* initialize all certificate contexts */
4973 err += ssl_sock_prepare_all_ctx(bind_conf);
4974
4975 /* initialize CA variables if the certificates generation is enabled */
4976 err += ssl_sock_load_ca(bind_conf);
4977
4978 return -err;
4979}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02004980
4981/* release ssl context allocated for servers. */
4982void ssl_sock_free_srv_ctx(struct server *srv)
4983{
Olivier Houchardc7566002018-11-20 23:33:50 +01004984#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4985 if (srv->ssl_ctx.alpn_str)
4986 free(srv->ssl_ctx.alpn_str);
4987#endif
Lukas Tribusda95fd92018-11-25 13:21:27 +01004988#ifdef OPENSSL_NPN_NEGOTIATED
Olivier Houchardc7566002018-11-20 23:33:50 +01004989 if (srv->ssl_ctx.npn_str)
4990 free(srv->ssl_ctx.npn_str);
Lukas Tribus7706b852018-11-26 22:57:17 +01004991#endif
Christopher Faulet77fe80c2015-07-29 13:02:40 +02004992 if (srv->ssl_ctx.ctx)
4993 SSL_CTX_free(srv->ssl_ctx.ctx);
4994}
4995
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004996/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004997 * be NULL, in which case nothing is done. The default_ctx is nullified too.
4998 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004999void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02005000{
5001 struct ebmb_node *node, *back;
5002 struct sni_ctx *sni;
5003
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005004 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005005 while (node) {
5006 sni = ebmb_entry(node, struct sni_ctx, name);
5007 back = ebmb_next(node);
5008 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005009 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005010 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005011 ssl_sock_free_ssl_conf(sni->conf);
5012 free(sni->conf);
5013 sni->conf = NULL;
5014 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005015 free(sni);
5016 node = back;
5017 }
5018
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005019 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005020 while (node) {
5021 sni = ebmb_entry(node, struct sni_ctx, name);
5022 back = ebmb_next(node);
5023 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005024 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005025 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005026 ssl_sock_free_ssl_conf(sni->conf);
5027 free(sni->conf);
5028 sni->conf = NULL;
5029 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005030 free(sni);
5031 node = back;
5032 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005033 SSL_CTX_free(bind_conf->initial_ctx);
5034 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005035 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005036 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02005037}
5038
Willy Tarreau795cdab2016-12-22 17:30:54 +01005039/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
5040void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
5041{
5042 ssl_sock_free_ca(bind_conf);
5043 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005044 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01005045 free(bind_conf->ca_sign_file);
5046 free(bind_conf->ca_sign_pass);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02005047 if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) {
Willy Tarreau795cdab2016-12-22 17:30:54 +01005048 free(bind_conf->keys_ref->filename);
5049 free(bind_conf->keys_ref->tlskeys);
5050 LIST_DEL(&bind_conf->keys_ref->list);
5051 free(bind_conf->keys_ref);
5052 }
5053 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005054 bind_conf->ca_sign_pass = NULL;
5055 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005056}
5057
Christopher Faulet31af49d2015-06-09 17:29:50 +02005058/* Load CA cert file and private key used to generate certificates */
5059int
Willy Tarreau03209342016-12-22 17:08:28 +01005060ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005061{
Willy Tarreau03209342016-12-22 17:08:28 +01005062 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005063 FILE *fp;
5064 X509 *cacert = NULL;
5065 EVP_PKEY *capkey = NULL;
5066 int err = 0;
5067
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02005068 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005069 return err;
5070
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005071#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02005072 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01005073 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005074 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02005075 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005076 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02005077#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02005078
Christopher Faulet31af49d2015-06-09 17:29:50 +02005079 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005080 ha_alert("Proxy '%s': cannot enable certificate generation, "
5081 "no CA certificate File configured at [%s:%d].\n",
5082 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005083 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005084 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005085
5086 /* read in the CA certificate */
5087 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005088 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5089 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005090 goto load_error;
5091 }
5092 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005093 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5094 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005095 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005096 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005097 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005098 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005099 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
5100 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005101 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005102 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005103
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005104 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005105 bind_conf->ca_sign_cert = cacert;
5106 bind_conf->ca_sign_pkey = capkey;
5107 return err;
5108
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005109 read_error:
5110 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005111 if (capkey) EVP_PKEY_free(capkey);
5112 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005113 load_error:
5114 bind_conf->generate_certs = 0;
5115 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005116 return err;
5117}
5118
5119/* Release CA cert and private key used to generate certificated */
5120void
5121ssl_sock_free_ca(struct bind_conf *bind_conf)
5122{
Christopher Faulet31af49d2015-06-09 17:29:50 +02005123 if (bind_conf->ca_sign_pkey)
5124 EVP_PKEY_free(bind_conf->ca_sign_pkey);
5125 if (bind_conf->ca_sign_cert)
5126 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01005127 bind_conf->ca_sign_pkey = NULL;
5128 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005129}
5130
Emeric Brun46591952012-05-18 15:47:34 +02005131/*
5132 * This function is called if SSL * context is not yet allocated. The function
5133 * is designed to be called before any other data-layer operation and sets the
5134 * handshake flag on the connection. It is safe to call it multiple times.
5135 * It returns 0 on success and -1 in error case.
5136 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005137static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005138{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005139 struct ssl_sock_ctx *ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005140 /* already initialized */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005141 if (*xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005142 return 0;
5143
Willy Tarreau3c728722014-01-23 13:50:42 +01005144 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005145 return 0;
5146
Olivier Houchard66ab4982019-02-26 18:37:15 +01005147 ctx = pool_alloc(ssl_sock_ctx_pool);
5148 if (!ctx) {
5149 conn->err_code = CO_ER_SSL_NO_MEM;
5150 return -1;
5151 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005152 ctx->wait_event.tasklet = tasklet_new();
5153 if (!ctx->wait_event.tasklet) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005154 conn->err_code = CO_ER_SSL_NO_MEM;
5155 pool_free(ssl_sock_ctx_pool, ctx);
5156 return -1;
5157 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005158 ctx->wait_event.tasklet->process = ssl_sock_io_cb;
5159 ctx->wait_event.tasklet->context = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005160 ctx->wait_event.events = 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005161 ctx->sent_early_data = 0;
5162 ctx->tmp_early_data = -1;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005163 ctx->conn = conn;
Olivier Houchard81284e62019-06-06 13:21:23 +02005164 ctx->send_wait = NULL;
5165 ctx->recv_wait = NULL;
Emeric Brun87cfd662019-09-06 15:36:02 +02005166 ctx->xprt_st = 0;
5167 ctx->xprt_ctx = NULL;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005168
5169 /* Only work with sockets for now, this should be adapted when we'll
5170 * add QUIC support.
5171 */
5172 ctx->xprt = xprt_get(XPRT_RAW);
Olivier Houchard19afb272019-05-23 18:24:07 +02005173 if (ctx->xprt->init) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005174 if (ctx->xprt->init(conn, &ctx->xprt_ctx) != 0)
5175 goto err;
Olivier Houchard19afb272019-05-23 18:24:07 +02005176 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005177
Willy Tarreau20879a02012-12-03 16:32:10 +01005178 if (global.maxsslconn && sslconns >= global.maxsslconn) {
5179 conn->err_code = CO_ER_SSL_TOO_MANY;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005180 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005181 }
Willy Tarreau403edff2012-09-06 11:58:37 +02005182
Emeric Brun46591952012-05-18 15:47:34 +02005183 /* If it is in client mode initiate SSL session
5184 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005185 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005186 int may_retry = 1;
5187
5188 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02005189 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005190 ctx->ssl = SSL_new(__objt_server(conn->target)->ssl_ctx.ctx);
5191 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005192 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005193 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005194 goto retry_connect;
5195 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005196 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005197 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005198 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005199 ctx->bio = BIO_new(ha_meth);
5200 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005201 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005202 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005203 goto retry_connect;
5204 }
Emeric Brun55476152014-11-12 17:35:37 +01005205 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005206 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005207 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005208 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005209 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005210
Evan Broderbe554312013-06-27 00:05:25 -07005211 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005212 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5213 SSL_free(ctx->ssl);
5214 ctx->ssl = NULL;
Emeric Brun55476152014-11-12 17:35:37 +01005215 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005216 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005217 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005218 goto retry_connect;
5219 }
Emeric Brun55476152014-11-12 17:35:37 +01005220 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005221 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005222 }
5223
Olivier Houchard66ab4982019-02-26 18:37:15 +01005224 SSL_set_connect_state(ctx->ssl);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005225 if (__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5226 const unsigned char *ptr = __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
5227 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, __objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005228 if (sess && !SSL_set_session(ctx->ssl, sess)) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005229 SSL_SESSION_free(sess);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005230 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5231 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Olivier Houcharde6060c52017-11-16 17:42:52 +01005232 } else if (sess) {
5233 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01005234 }
5235 }
Evan Broderbe554312013-06-27 00:05:25 -07005236
Emeric Brun46591952012-05-18 15:47:34 +02005237 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005238 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02005239
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005240 _HA_ATOMIC_ADD(&sslconns, 1);
5241 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005242 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005243 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005244 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005245 if (conn->flags & CO_FL_ERROR)
5246 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005247 return 0;
5248 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005249 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005250 int may_retry = 1;
5251
5252 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02005253 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005254 ctx->ssl = SSL_new(__objt_listener(conn->target)->bind_conf->initial_ctx);
5255 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005256 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005257 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005258 goto retry_accept;
5259 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005260 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005261 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005262 }
Emeric Brun46591952012-05-18 15:47:34 +02005263
Olivier Houcharda8955d52019-04-07 22:00:38 +02005264 ctx->bio = BIO_new(ha_meth);
5265 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005266 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005267 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005268 goto retry_accept;
5269 }
Emeric Brun55476152014-11-12 17:35:37 +01005270 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005271 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005272 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005273 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005274 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005275
Emeric Brune1f38db2012-09-03 20:36:47 +02005276 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005277 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5278 SSL_free(ctx->ssl);
5279 ctx->ssl = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005280 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005281 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005282 goto retry_accept;
5283 }
Emeric Brun55476152014-11-12 17:35:37 +01005284 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005285 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005286 }
5287
Olivier Houchard66ab4982019-02-26 18:37:15 +01005288 SSL_set_accept_state(ctx->ssl);
Emeric Brune1f38db2012-09-03 20:36:47 +02005289
Emeric Brun46591952012-05-18 15:47:34 +02005290 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005291 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Emmanuel Hocdet510fce52019-08-05 18:04:16 +02005292#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005293 conn->flags |= CO_FL_EARLY_SSL_HS;
5294#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02005295
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005296 _HA_ATOMIC_ADD(&sslconns, 1);
5297 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005298 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005299 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005300 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005301 if (conn->flags & CO_FL_ERROR)
5302 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005303 return 0;
5304 }
5305 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01005306 conn->err_code = CO_ER_SSL_NO_TARGET;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005307err:
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005308 if (ctx && ctx->wait_event.tasklet)
5309 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005310 pool_free(ssl_sock_ctx_pool, ctx);
Emeric Brun46591952012-05-18 15:47:34 +02005311 return -1;
5312}
5313
5314
5315/* This is the callback which is used when an SSL handshake is pending. It
5316 * updates the FD status if it wants some polling before being called again.
5317 * It returns 0 if it fails in a fatal way or needs to poll to go further,
5318 * otherwise it returns non-zero and removes itself from the connection's
5319 * flags (the bit is provided in <flag> by the caller).
5320 */
Olivier Houchard000694c2019-05-23 14:45:12 +02005321static int ssl_sock_handshake(struct connection *conn, unsigned int flag)
Emeric Brun46591952012-05-18 15:47:34 +02005322{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005323 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005324 int ret;
5325
Willy Tarreau3c728722014-01-23 13:50:42 +01005326 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005327 return 0;
5328
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005329 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005330 goto out_error;
5331
Willy Tarreau5db847a2019-05-09 14:13:35 +02005332#if HA_OPENSSL_VERSION_NUMBER >= 0x10101000L
Olivier Houchardc2aae742017-09-22 18:26:28 +02005333 /*
5334 * Check if we have early data. If we do, we have to read them
5335 * before SSL_do_handshake() is called, And there's no way to
5336 * detect early data, except to try to read them
5337 */
5338 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5339 size_t read_data;
5340
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005341 ret = SSL_read_early_data(ctx->ssl, &ctx->tmp_early_data,
Olivier Houchardc2aae742017-09-22 18:26:28 +02005342 1, &read_data);
5343 if (ret == SSL_READ_EARLY_DATA_ERROR)
5344 goto check_error;
5345 if (ret == SSL_READ_EARLY_DATA_SUCCESS) {
5346 conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
5347 return 1;
5348 } else
5349 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5350 }
5351#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005352 /* If we use SSL_do_handshake to process a reneg initiated by
5353 * the remote peer, it sometimes returns SSL_ERROR_SSL.
5354 * Usually SSL_write and SSL_read are used and process implicitly
5355 * the reneg handshake.
5356 * Here we use SSL_peek as a workaround for reneg.
5357 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005358 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005359 char c;
5360
Olivier Houchard66ab4982019-02-26 18:37:15 +01005361 ret = SSL_peek(ctx->ssl, &c, 1);
Emeric Brun674b7432012-11-08 19:21:55 +01005362 if (ret <= 0) {
5363 /* handshake may have not been completed, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005364 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005365
Emeric Brun674b7432012-11-08 19:21:55 +01005366 if (ret == SSL_ERROR_WANT_WRITE) {
5367 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005368 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005369 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01005370 return 0;
5371 }
5372 else if (ret == SSL_ERROR_WANT_READ) {
5373 /* handshake may have been completed but we have
5374 * no more data to read.
5375 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005376 if (!SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005377 ret = 1;
5378 goto reneg_ok;
5379 }
5380 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005381 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005382 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01005383 return 0;
5384 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005385#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005386 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005387 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005388 return 0;
5389 }
5390#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005391 else if (ret == SSL_ERROR_SYSCALL) {
5392 /* if errno is null, then connection was successfully established */
5393 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5394 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01005395 if (!conn->err_code) {
Lukas Tribus5db881f2019-07-08 14:29:15 +02005396#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
5397 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005398 conn->err_code = CO_ER_SSL_HANDSHAKE;
5399#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005400 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005401#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus5db881f2019-07-08 14:29:15 +02005402 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005403 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)ctx->ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005404 empty_handshake = state == TLS_ST_BEFORE;
5405#else
Lukas Tribus5db881f2019-07-08 14:29:15 +02005406 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
5407 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005408#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005409 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02005410 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005411 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005412 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5413 else
5414 conn->err_code = CO_ER_SSL_EMPTY;
5415 }
5416 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005417 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005418 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5419 else
5420 conn->err_code = CO_ER_SSL_ABORT;
5421 }
5422 }
5423 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005424 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005425 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01005426 else
Emeric Brun29f037d2014-04-25 19:05:36 +02005427 conn->err_code = CO_ER_SSL_HANDSHAKE;
5428 }
Lukas Tribus5db881f2019-07-08 14:29:15 +02005429#endif /* BoringSSL or LibreSSL */
Willy Tarreau20879a02012-12-03 16:32:10 +01005430 }
Emeric Brun674b7432012-11-08 19:21:55 +01005431 goto out_error;
5432 }
5433 else {
5434 /* Fail on all other handshake errors */
5435 /* Note: OpenSSL may leave unread bytes in the socket's
5436 * buffer, causing an RST to be emitted upon close() on
5437 * TCP sockets. We first try to drain possibly pending
5438 * data to avoid this as much as possible.
5439 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005440 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005441 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005442 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02005443 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01005444 goto out_error;
5445 }
5446 }
5447 /* read some data: consider handshake completed */
5448 goto reneg_ok;
5449 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005450 ret = SSL_do_handshake(ctx->ssl);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005451check_error:
Emeric Brun46591952012-05-18 15:47:34 +02005452 if (ret != 1) {
5453 /* handshake did not complete, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005454 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005455
5456 if (ret == SSL_ERROR_WANT_WRITE) {
5457 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005458 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005459 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02005460 return 0;
5461 }
5462 else if (ret == SSL_ERROR_WANT_READ) {
5463 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchardea8dd942019-05-20 14:02:16 +02005464 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005465 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
5466 SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02005467 return 0;
5468 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005469#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005470 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005471 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005472 return 0;
5473 }
5474#endif
Willy Tarreau89230192012-09-28 20:22:13 +02005475 else if (ret == SSL_ERROR_SYSCALL) {
5476 /* if errno is null, then connection was successfully established */
5477 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5478 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005479 if (!conn->err_code) {
Lukas Tribus5db881f2019-07-08 14:29:15 +02005480#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
5481 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005482 conn->err_code = CO_ER_SSL_HANDSHAKE;
5483#else
5484 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005485#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus5db881f2019-07-08 14:29:15 +02005486 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005487 OSSL_HANDSHAKE_STATE state = SSL_get_state(ctx->ssl);
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005488 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005489#else
Lukas Tribus5db881f2019-07-08 14:29:15 +02005490 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
5491 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005492#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005493 if (empty_handshake) {
5494 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005495 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005496 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5497 else
5498 conn->err_code = CO_ER_SSL_EMPTY;
5499 }
5500 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005501 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005502 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5503 else
5504 conn->err_code = CO_ER_SSL_ABORT;
5505 }
Emeric Brun29f037d2014-04-25 19:05:36 +02005506 }
5507 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005508 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005509 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5510 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005511 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02005512 }
Lukas Tribus5db881f2019-07-08 14:29:15 +02005513#endif /* BoringSSL or LibreSSL */
Emeric Brun29f037d2014-04-25 19:05:36 +02005514 }
Willy Tarreau89230192012-09-28 20:22:13 +02005515 goto out_error;
5516 }
Emeric Brun46591952012-05-18 15:47:34 +02005517 else {
5518 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02005519 /* Note: OpenSSL may leave unread bytes in the socket's
5520 * buffer, causing an RST to be emitted upon close() on
5521 * TCP sockets. We first try to drain possibly pending
5522 * data to avoid this as much as possible.
5523 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005524 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005525 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005526 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02005527 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005528 goto out_error;
5529 }
5530 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005531#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard522eea72017-11-03 16:27:47 +01005532 else {
5533 /*
5534 * If the server refused the early data, we have to send a
5535 * 425 to the client, as we no longer have the data to sent
5536 * them again.
5537 */
5538 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005539 if (SSL_get_early_data_status(ctx->ssl) == SSL_EARLY_DATA_REJECTED) {
Olivier Houchard522eea72017-11-03 16:27:47 +01005540 conn->err_code = CO_ER_SSL_EARLY_FAILED;
5541 goto out_error;
5542 }
5543 }
5544 }
5545#endif
5546
Emeric Brun46591952012-05-18 15:47:34 +02005547
Emeric Brun674b7432012-11-08 19:21:55 +01005548reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00005549
Willy Tarreau5db847a2019-05-09 14:13:35 +02005550#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005551 /* ASYNC engine API doesn't support moving read/write
5552 * buffers. So we disable ASYNC mode right after
5553 * the handshake to avoid buffer oveflows.
5554 */
5555 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005556 SSL_clear_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005557#endif
Emeric Brun46591952012-05-18 15:47:34 +02005558 /* Handshake succeeded */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005559 if (!SSL_session_reused(ctx->ssl)) {
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005560 if (objt_server(conn->target)) {
5561 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
5562 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
5563 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02005564 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005565 else {
5566 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
5567 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
5568 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
5569 }
Emeric Brun46591952012-05-18 15:47:34 +02005570 }
5571
5572 /* The connection is now established at both layers, it's time to leave */
5573 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
5574 return 1;
5575
5576 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005577 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005578 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005579 ERR_clear_error();
5580
Emeric Brun9fa89732012-10-04 17:09:56 +02005581 /* free resumed session if exists */
Willy Tarreau07d94e42018-09-20 10:57:52 +02005582 if (objt_server(conn->target) && __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5583 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5584 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02005585 }
5586
Emeric Brun46591952012-05-18 15:47:34 +02005587 /* Fail on all other handshake errors */
5588 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01005589 if (!conn->err_code)
5590 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005591 return 0;
5592}
5593
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005594static int ssl_subscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01005595{
Olivier Houchardea8dd942019-05-20 14:02:16 +02005596 struct wait_event *sw;
5597 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005598
Olivier Houcharda37eb6a2019-06-24 18:57:39 +02005599 if (!ctx)
5600 return -1;
5601
Olivier Houchardea8dd942019-05-20 14:02:16 +02005602 if (event_type & SUB_RETRY_RECV) {
5603 sw = param;
5604 BUG_ON(ctx->recv_wait != NULL || (sw->events & SUB_RETRY_RECV));
5605 sw->events |= SUB_RETRY_RECV;
5606 ctx->recv_wait = sw;
5607 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
5608 !(ctx->wait_event.events & SUB_RETRY_RECV))
5609 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
5610 event_type &= ~SUB_RETRY_RECV;
5611 }
5612 if (event_type & SUB_RETRY_SEND) {
5613sw = param;
5614 BUG_ON(ctx->send_wait != NULL || (sw->events & SUB_RETRY_SEND));
5615 sw->events |= SUB_RETRY_SEND;
5616 ctx->send_wait = sw;
5617 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
5618 !(ctx->wait_event.events & SUB_RETRY_SEND))
5619 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
5620 event_type &= ~SUB_RETRY_SEND;
5621
5622 }
5623 if (event_type != 0)
5624 return -1;
5625 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01005626}
5627
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005628static int ssl_unsubscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01005629{
Olivier Houchardea8dd942019-05-20 14:02:16 +02005630 struct wait_event *sw;
5631 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005632
Olivier Houchardea8dd942019-05-20 14:02:16 +02005633 if (event_type & SUB_RETRY_RECV) {
5634 sw = param;
5635 BUG_ON(ctx->recv_wait != sw);
5636 ctx->recv_wait = NULL;
5637 sw->events &= ~SUB_RETRY_RECV;
5638 /* If we subscribed, and we're not doing the handshake,
5639 * then we subscribed because the upper layer asked for it,
5640 * as the upper layer is no longer interested, we can
5641 * unsubscribe too.
5642 */
5643 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
5644 (ctx->wait_event.events & SUB_RETRY_RECV))
5645 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV,
5646 &ctx->wait_event);
5647 }
5648 if (event_type & SUB_RETRY_SEND) {
5649 sw = param;
5650 BUG_ON(ctx->send_wait != sw);
5651 ctx->send_wait = NULL;
5652 sw->events &= ~SUB_RETRY_SEND;
5653 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
5654 (ctx->wait_event.events & SUB_RETRY_SEND))
5655 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND,
5656 &ctx->wait_event);
5657
5658 }
5659
5660 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01005661}
5662
Olivier Houchard2e055482019-05-27 19:50:12 +02005663/* Use the provided XPRT as an underlying XPRT, and provide the old one.
5664 * Returns 0 on success, and non-zero on failure.
5665 */
5666static int ssl_add_xprt(struct connection *conn, void *xprt_ctx, void *toadd_ctx, const struct xprt_ops *toadd_ops, void **oldxprt_ctx, const struct xprt_ops **oldxprt_ops)
5667{
5668 struct ssl_sock_ctx *ctx = xprt_ctx;
5669
5670 if (oldxprt_ops != NULL)
5671 *oldxprt_ops = ctx->xprt;
5672 if (oldxprt_ctx != NULL)
5673 *oldxprt_ctx = ctx->xprt_ctx;
5674 ctx->xprt = toadd_ops;
5675 ctx->xprt_ctx = toadd_ctx;
5676 return 0;
5677}
5678
Olivier Houchard5149b592019-05-23 17:47:36 +02005679/* Remove the specified xprt. If if it our underlying XPRT, remove it and
5680 * return 0, otherwise just call the remove_xprt method from the underlying
5681 * XPRT.
5682 */
5683static int ssl_remove_xprt(struct connection *conn, void *xprt_ctx, void *toremove_ctx, const struct xprt_ops *newops, void *newctx)
5684{
5685 struct ssl_sock_ctx *ctx = xprt_ctx;
5686
5687 if (ctx->xprt_ctx == toremove_ctx) {
5688 ctx->xprt_ctx = newctx;
5689 ctx->xprt = newops;
5690 return 0;
5691 }
5692 return (ctx->xprt->remove_xprt(conn, ctx->xprt_ctx, toremove_ctx, newops, newctx));
5693}
5694
Olivier Houchardea8dd942019-05-20 14:02:16 +02005695static struct task *ssl_sock_io_cb(struct task *t, void *context, unsigned short state)
5696{
5697 struct ssl_sock_ctx *ctx = context;
5698
5699 /* First if we're doing an handshake, try that */
5700 if (ctx->conn->flags & CO_FL_SSL_WAIT_HS)
5701 ssl_sock_handshake(ctx->conn, CO_FL_SSL_WAIT_HS);
5702 /* If we had an error, or the handshake is done and I/O is available,
5703 * let the upper layer know.
5704 * If no mux was set up yet, and nobody subscribed, then call
5705 * xprt_done_cb() ourself if it's set, or destroy the connection,
5706 * we can't be sure conn_fd_handler() will be called again.
5707 */
5708 if ((ctx->conn->flags & CO_FL_ERROR) ||
5709 !(ctx->conn->flags & CO_FL_SSL_WAIT_HS)) {
5710 int ret = 0;
5711 int woke = 0;
5712
5713 /* On error, wake any waiter */
5714 if (ctx->recv_wait) {
5715 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005716 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005717 ctx->recv_wait = NULL;
5718 woke = 1;
5719 }
5720 if (ctx->send_wait) {
5721 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005722 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005723 ctx->send_wait = NULL;
5724 woke = 1;
5725 }
5726 /* If we're the first xprt for the connection, let the
5727 * upper layers know. If xprt_done_cb() is set, call it,
5728 * otherwise, we should have a mux, so call its wake
5729 * method if we didn't woke a tasklet already.
5730 */
5731 if (ctx->conn->xprt_ctx == ctx) {
5732 if (ctx->conn->xprt_done_cb)
5733 ret = ctx->conn->xprt_done_cb(ctx->conn);
5734 if (ret >= 0 && !woke && ctx->conn->mux && ctx->conn->mux->wake)
5735 ctx->conn->mux->wake(ctx->conn);
5736 return NULL;
5737 }
5738 }
5739 return NULL;
5740}
5741
Emeric Brun46591952012-05-18 15:47:34 +02005742/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01005743 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02005744 * buffer wraps, in which case a second call may be performed. The connection's
5745 * flags are updated with whatever special event is detected (error, read0,
5746 * empty). The caller is responsible for taking care of those events and
5747 * avoiding the call if inappropriate. The function does not call the
5748 * connection's polling update function, so the caller is responsible for this.
5749 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005750static size_t ssl_sock_to_buf(struct connection *conn, void *xprt_ctx, struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005751{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005752 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreaubfc4d772018-07-18 11:22:03 +02005753 ssize_t ret;
5754 size_t try, done = 0;
Emeric Brun46591952012-05-18 15:47:34 +02005755
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005756 conn_refresh_polling_flags(conn);
5757
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005758 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005759 goto out_error;
5760
5761 if (conn->flags & CO_FL_HANDSHAKE)
5762 /* a handshake was requested */
5763 return 0;
5764
Emeric Brun46591952012-05-18 15:47:34 +02005765 /* read the largest possible block. For this, we perform only one call
5766 * to recv() unless the buffer wraps and we exactly fill the first hunk,
5767 * in which case we accept to do it once again. A new attempt is made on
5768 * EINTR too.
5769 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01005770 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005771 int need_out = 0;
5772
Willy Tarreau591d4452018-06-15 17:21:00 +02005773 try = b_contig_space(buf);
5774 if (!try)
5775 break;
5776
Willy Tarreauabf08d92014-01-14 11:31:27 +01005777 if (try > count)
5778 try = count;
Willy Tarreau591d4452018-06-15 17:21:00 +02005779
Olivier Houchardc2aae742017-09-22 18:26:28 +02005780 if (((conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_EARLY_SSL_HS) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005781 ctx->tmp_early_data != -1) {
5782 *b_tail(buf) = ctx->tmp_early_data;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005783 done++;
5784 try--;
5785 count--;
Olivier Houchardacd14032018-06-28 18:17:23 +02005786 b_add(buf, 1);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005787 ctx->tmp_early_data = -1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005788 continue;
5789 }
Willy Tarreauabf08d92014-01-14 11:31:27 +01005790
Willy Tarreau5db847a2019-05-09 14:13:35 +02005791#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005792 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5793 size_t read_length;
5794
Olivier Houchard66ab4982019-02-26 18:37:15 +01005795 ret = SSL_read_early_data(ctx->ssl,
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005796 b_tail(buf), try, &read_length);
Olivier Houchard522eea72017-11-03 16:27:47 +01005797 if (ret == SSL_READ_EARLY_DATA_SUCCESS &&
5798 read_length > 0)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005799 conn->flags |= CO_FL_EARLY_DATA;
5800 if (ret == SSL_READ_EARLY_DATA_SUCCESS ||
5801 ret == SSL_READ_EARLY_DATA_FINISH) {
5802 if (ret == SSL_READ_EARLY_DATA_FINISH) {
5803 /*
5804 * We're done reading the early data,
5805 * let's make the handshake
5806 */
5807 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5808 conn->flags |= CO_FL_SSL_WAIT_HS;
5809 need_out = 1;
Olivier Houchard965e84e2019-06-15 20:59:30 +02005810 /* Now initiate the handshake */
5811 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005812 if (read_length == 0)
5813 break;
5814 }
5815 ret = read_length;
5816 }
5817 } else
5818#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01005819 ret = SSL_read(ctx->ssl, b_tail(buf), try);
Emmanuel Hocdet510fce52019-08-05 18:04:16 +02005820
Emeric Brune1f38db2012-09-03 20:36:47 +02005821 if (conn->flags & CO_FL_ERROR) {
5822 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005823 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005824 }
Emeric Brun46591952012-05-18 15:47:34 +02005825 if (ret > 0) {
Olivier Houchardacd14032018-06-28 18:17:23 +02005826 b_add(buf, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005827 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005828 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005829 }
Emeric Brun46591952012-05-18 15:47:34 +02005830 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005831 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005832 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005833 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02005834 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005835 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02005836#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005837 /* Async mode can be re-enabled, because we're leaving data state.*/
5838 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005839 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005840#endif
Emeric Brun46591952012-05-18 15:47:34 +02005841 break;
5842 }
5843 else if (ret == SSL_ERROR_WANT_READ) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005844 if (SSL_renegotiate_pending(ctx->ssl)) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005845 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
5846 SUB_RETRY_RECV,
5847 &ctx->wait_event);
Emeric Brun282a76a2012-11-08 18:02:56 +01005848 /* handshake is running, and it may need to re-enable read */
5849 conn->flags |= CO_FL_SSL_WAIT_HS;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005850#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005851 /* Async mode can be re-enabled, because we're leaving data state.*/
5852 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005853 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005854#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005855 break;
5856 }
Emeric Brun46591952012-05-18 15:47:34 +02005857 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005858 } else if (ret == SSL_ERROR_ZERO_RETURN)
5859 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005860 /* For SSL_ERROR_SYSCALL, make sure to clear the error
5861 * stack before shutting down the connection for
5862 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005863 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
5864 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02005865 /* otherwise it's a real error */
5866 goto out_error;
5867 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005868 if (need_out)
5869 break;
Emeric Brun46591952012-05-18 15:47:34 +02005870 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005871 leave:
Emeric Brun46591952012-05-18 15:47:34 +02005872 return done;
5873
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005874 clear_ssl_error:
5875 /* Clear openssl global errors stack */
5876 ssl_sock_dump_errors(conn);
5877 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02005878 read0:
5879 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005880 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005881
Emeric Brun46591952012-05-18 15:47:34 +02005882 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005883 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01005884 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005885 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005886 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005887 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005888}
5889
5890
Willy Tarreau787db9a2018-06-14 18:31:46 +02005891/* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s
5892 * socket. <flags> may contain some CO_SFL_* flags to hint the system about
5893 * other pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02005894 * Only one call to send() is performed, unless the buffer wraps, in which case
5895 * a second call may be performed. The connection's flags are updated with
5896 * whatever special event is detected (error, empty). The caller is responsible
5897 * for taking care of those events and avoiding the call if inappropriate. The
5898 * function does not call the connection's polling update function, so the caller
Willy Tarreau787db9a2018-06-14 18:31:46 +02005899 * is responsible for this. The buffer's output is not adjusted, it's up to the
5900 * caller to take care of this. It's up to the caller to update the buffer's
5901 * contents based on the return value.
Emeric Brun46591952012-05-18 15:47:34 +02005902 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005903static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005904{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005905 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreau787db9a2018-06-14 18:31:46 +02005906 ssize_t ret;
5907 size_t try, done;
Emeric Brun46591952012-05-18 15:47:34 +02005908
5909 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005910 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005911
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005912 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005913 goto out_error;
5914
Olivier Houchard010941f2019-05-03 20:56:19 +02005915 if (conn->flags & (CO_FL_HANDSHAKE | CO_FL_EARLY_SSL_HS))
Emeric Brun46591952012-05-18 15:47:34 +02005916 /* a handshake was requested */
5917 return 0;
5918
5919 /* send the largest possible block. For this we perform only one call
5920 * to send() unless the buffer wraps and we exactly fill the first hunk,
5921 * in which case we accept to do it once again.
5922 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02005923 while (count) {
Willy Tarreau5db847a2019-05-09 14:13:35 +02005924#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005925 size_t written_data;
5926#endif
5927
Willy Tarreau787db9a2018-06-14 18:31:46 +02005928 try = b_contig_data(buf, done);
5929 if (try > count)
5930 try = count;
Willy Tarreaubfd59462013-02-21 07:46:09 +01005931
Willy Tarreau7bed9452014-02-02 02:00:24 +01005932 if (!(flags & CO_SFL_STREAMER) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005933 !(ctx->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01005934 global_ssl.max_record && try > global_ssl.max_record) {
5935 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005936 }
5937 else {
5938 /* we need to keep the information about the fact that
5939 * we're not limiting the upcoming send(), because if it
5940 * fails, we'll have to retry with at least as many data.
5941 */
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005942 ctx->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005943 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01005944
Willy Tarreau5db847a2019-05-09 14:13:35 +02005945#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard010941f2019-05-03 20:56:19 +02005946 if (!SSL_is_init_finished(ctx->ssl) && conn_is_back(conn)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005947 unsigned int max_early;
5948
Olivier Houchard522eea72017-11-03 16:27:47 +01005949 if (objt_listener(conn->target))
Olivier Houchard66ab4982019-02-26 18:37:15 +01005950 max_early = SSL_get_max_early_data(ctx->ssl);
Olivier Houchard522eea72017-11-03 16:27:47 +01005951 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005952 if (SSL_get0_session(ctx->ssl))
5953 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(ctx->ssl));
Olivier Houchard522eea72017-11-03 16:27:47 +01005954 else
5955 max_early = 0;
5956 }
5957
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005958 if (try + ctx->sent_early_data > max_early) {
5959 try -= (try + ctx->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01005960 if (try <= 0) {
Olivier Houchard010941f2019-05-03 20:56:19 +02005961 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchard965e84e2019-06-15 20:59:30 +02005962 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005963 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01005964 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005965 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005966 ret = SSL_write_early_data(ctx->ssl, b_peek(buf, done), try, &written_data);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005967 if (ret == 1) {
5968 ret = written_data;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005969 ctx->sent_early_data += ret;
Olivier Houchard965e84e2019-06-15 20:59:30 +02005970 if (objt_server(conn->target)) {
Olivier Houchard522eea72017-11-03 16:27:47 +01005971 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
Olivier Houchard965e84e2019-06-15 20:59:30 +02005972 /* Initiate the handshake, now */
5973 tasklet_wakeup(ctx->wait_event.tasklet);
5974 }
Olivier Houchard522eea72017-11-03 16:27:47 +01005975
Olivier Houchardc2aae742017-09-22 18:26:28 +02005976 }
5977
5978 } else
5979#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01005980 ret = SSL_write(ctx->ssl, b_peek(buf, done), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01005981
Emeric Brune1f38db2012-09-03 20:36:47 +02005982 if (conn->flags & CO_FL_ERROR) {
5983 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005984 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005985 }
Emeric Brun46591952012-05-18 15:47:34 +02005986 if (ret > 0) {
Olivier Houchardf24502b2019-01-17 19:09:11 +01005987 /* A send succeeded, so we can consier ourself connected */
5988 conn->flags |= CO_FL_CONNECTED;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005989 ctx->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau787db9a2018-06-14 18:31:46 +02005990 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005991 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005992 }
5993 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005994 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005995
Emeric Brun46591952012-05-18 15:47:34 +02005996 if (ret == SSL_ERROR_WANT_WRITE) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005997 if (SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005998 /* handshake is running, and it may need to re-enable write */
5999 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006000 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006001#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006002 /* Async mode can be re-enabled, because we're leaving data state.*/
6003 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006004 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006005#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01006006 break;
6007 }
Olivier Houchardea8dd942019-05-20 14:02:16 +02006008
Emeric Brun46591952012-05-18 15:47:34 +02006009 break;
6010 }
6011 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01006012 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02006013 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006014 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6015 SUB_RETRY_RECV,
6016 &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006017#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006018 /* Async mode can be re-enabled, because we're leaving data state.*/
6019 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006020 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006021#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006022 break;
6023 }
Emeric Brun46591952012-05-18 15:47:34 +02006024 goto out_error;
6025 }
6026 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006027 leave:
Emeric Brun46591952012-05-18 15:47:34 +02006028 return done;
6029
6030 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01006031 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006032 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006033 ERR_clear_error();
6034
Emeric Brun46591952012-05-18 15:47:34 +02006035 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006036 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02006037}
6038
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006039static void ssl_sock_close(struct connection *conn, void *xprt_ctx) {
Emeric Brun46591952012-05-18 15:47:34 +02006040
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006041 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006042
Olivier Houchardea8dd942019-05-20 14:02:16 +02006043
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006044 if (ctx) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006045 if (ctx->wait_event.events != 0)
6046 ctx->xprt->unsubscribe(ctx->conn, ctx->xprt_ctx,
6047 ctx->wait_event.events,
6048 &ctx->wait_event);
6049 if (ctx->send_wait) {
6050 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006051 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006052 }
6053 if (ctx->recv_wait) {
6054 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006055 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006056 }
Olivier Houchard692c1d02019-05-23 18:41:47 +02006057 if (ctx->xprt->close)
6058 ctx->xprt->close(conn, ctx->xprt_ctx);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006059#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02006060 if (global_ssl.async) {
6061 OSSL_ASYNC_FD all_fd[32], afd;
6062 size_t num_all_fds = 0;
6063 int i;
6064
Olivier Houchard66ab4982019-02-26 18:37:15 +01006065 SSL_get_all_async_fds(ctx->ssl, NULL, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006066 if (num_all_fds > 32) {
6067 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
6068 return;
6069 }
6070
Olivier Houchard66ab4982019-02-26 18:37:15 +01006071 SSL_get_all_async_fds(ctx->ssl, all_fd, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006072
6073 /* If an async job is pending, we must try to
6074 to catch the end using polling before calling
6075 SSL_free */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006076 if (num_all_fds && SSL_waiting_for_async(ctx->ssl)) {
Emeric Brun3854e012017-05-17 20:42:48 +02006077 for (i=0 ; i < num_all_fds ; i++) {
6078 /* switch on an handler designed to
6079 * handle the SSL_free
6080 */
6081 afd = all_fd[i];
6082 fdtab[afd].iocb = ssl_async_fd_free;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006083 fdtab[afd].owner = ctx->ssl;
Emeric Brun3854e012017-05-17 20:42:48 +02006084 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00006085 /* To ensure that the fd cache won't be used
6086 * and we'll catch a real RD event.
6087 */
6088 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02006089 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006090 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006091 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006092 _HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006093 return;
6094 }
Emeric Brun3854e012017-05-17 20:42:48 +02006095 /* Else we can remove the fds from the fdtab
6096 * and call SSL_free.
6097 * note: we do a fd_remove and not a delete
6098 * because the fd is owned by the engine.
6099 * the engine is responsible to close
6100 */
6101 for (i=0 ; i < num_all_fds ; i++)
6102 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006103 }
6104#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006105 SSL_free(ctx->ssl);
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006106 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006107 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006108 _HA_ATOMIC_SUB(&sslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006109 }
Emeric Brun46591952012-05-18 15:47:34 +02006110}
6111
6112/* This function tries to perform a clean shutdown on an SSL connection, and in
6113 * any case, flags the connection as reusable if no handshake was in progress.
6114 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006115static void ssl_sock_shutw(struct connection *conn, void *xprt_ctx, int clean)
Emeric Brun46591952012-05-18 15:47:34 +02006116{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006117 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006118
Emeric Brun46591952012-05-18 15:47:34 +02006119 if (conn->flags & CO_FL_HANDSHAKE)
6120 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01006121 if (!clean)
6122 /* don't sent notify on SSL_shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006123 SSL_set_quiet_shutdown(ctx->ssl, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006124 /* no handshake was in progress, try a clean ssl shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006125 if (SSL_shutdown(ctx->ssl) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01006126 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006127 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006128 ERR_clear_error();
6129 }
Emeric Brun46591952012-05-18 15:47:34 +02006130}
6131
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006132/* used for ppv2 pkey alog (can be used for logging) */
Willy Tarreau83061a82018-07-13 11:56:34 +02006133int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006134{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006135 struct ssl_sock_ctx *ctx;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006136 struct pkey_info *pkinfo;
6137 int bits = 0;
6138 int sig = TLSEXT_signature_anonymous;
6139 int len = -1;
6140
6141 if (!ssl_sock_is_ssl(conn))
6142 return 0;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006143 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006144 pkinfo = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ctx->ssl), ssl_pkey_info_index);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006145 if (pkinfo) {
6146 sig = pkinfo->sig;
6147 bits = pkinfo->bits;
6148 } else {
6149 /* multicert and generated cert have no pkey info */
6150 X509 *crt;
6151 EVP_PKEY *pkey;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006152 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006153 if (!crt)
6154 return 0;
6155 pkey = X509_get_pubkey(crt);
6156 if (pkey) {
6157 bits = EVP_PKEY_bits(pkey);
6158 switch(EVP_PKEY_base_id(pkey)) {
6159 case EVP_PKEY_RSA:
6160 sig = TLSEXT_signature_rsa;
6161 break;
6162 case EVP_PKEY_EC:
6163 sig = TLSEXT_signature_ecdsa;
6164 break;
6165 case EVP_PKEY_DSA:
6166 sig = TLSEXT_signature_dsa;
6167 break;
6168 }
6169 EVP_PKEY_free(pkey);
6170 }
6171 }
6172
6173 switch(sig) {
6174 case TLSEXT_signature_rsa:
6175 len = chunk_printf(out, "RSA%d", bits);
6176 break;
6177 case TLSEXT_signature_ecdsa:
6178 len = chunk_printf(out, "EC%d", bits);
6179 break;
6180 case TLSEXT_signature_dsa:
6181 len = chunk_printf(out, "DSA%d", bits);
6182 break;
6183 default:
6184 return 0;
6185 }
6186 if (len < 0)
6187 return 0;
6188 return 1;
6189}
6190
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006191/* used for ppv2 cert signature (can be used for logging) */
6192const char *ssl_sock_get_cert_sig(struct connection *conn)
6193{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006194 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006195
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006196 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
6197 X509 *crt;
6198
6199 if (!ssl_sock_is_ssl(conn))
6200 return NULL;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006201 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006202 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006203 if (!crt)
6204 return NULL;
6205 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6206 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
6207}
6208
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006209/* used for ppv2 authority */
6210const char *ssl_sock_get_sni(struct connection *conn)
6211{
6212#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006213 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006214
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006215 if (!ssl_sock_is_ssl(conn))
6216 return NULL;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006217 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006218 return SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006219#else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006220 return NULL;
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006221#endif
6222}
6223
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006224/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006225const char *ssl_sock_get_cipher_name(struct connection *conn)
6226{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006227 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006228
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006229 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006230 return NULL;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006231 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006232 return SSL_get_cipher_name(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006233}
6234
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006235/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006236const char *ssl_sock_get_proto_version(struct connection *conn)
6237{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006238 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006239
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006240 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006241 return NULL;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006242 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006243 return SSL_get_version(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006244}
6245
Willy Tarreau8d598402012-10-22 17:58:39 +02006246/* Extract a serial from a cert, and copy it to a chunk.
6247 * Returns 1 if serial is found and copied, 0 if no serial found and
6248 * -1 if output is not large enough.
6249 */
6250static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006251ssl_sock_get_serial(X509 *crt, struct buffer *out)
Willy Tarreau8d598402012-10-22 17:58:39 +02006252{
6253 ASN1_INTEGER *serial;
6254
6255 serial = X509_get_serialNumber(crt);
6256 if (!serial)
6257 return 0;
6258
6259 if (out->size < serial->length)
6260 return -1;
6261
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006262 memcpy(out->area, serial->data, serial->length);
6263 out->data = serial->length;
Willy Tarreau8d598402012-10-22 17:58:39 +02006264 return 1;
6265}
6266
Emeric Brun43e79582014-10-29 19:03:26 +01006267/* Extract a cert to der, and copy it to a chunk.
Joseph Herlant017b3da2018-11-15 09:07:59 -08006268 * Returns 1 if the cert is found and copied, 0 on der conversion failure
6269 * and -1 if the output is not large enough.
Emeric Brun43e79582014-10-29 19:03:26 +01006270 */
6271static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006272ssl_sock_crt2der(X509 *crt, struct buffer *out)
Emeric Brun43e79582014-10-29 19:03:26 +01006273{
6274 int len;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006275 unsigned char *p = (unsigned char *) out->area;;
Emeric Brun43e79582014-10-29 19:03:26 +01006276
6277 len =i2d_X509(crt, NULL);
6278 if (len <= 0)
6279 return 1;
6280
6281 if (out->size < len)
6282 return -1;
6283
6284 i2d_X509(crt,&p);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006285 out->data = len;
Emeric Brun43e79582014-10-29 19:03:26 +01006286 return 1;
6287}
6288
Emeric Brunce5ad802012-10-22 14:11:22 +02006289
Willy Tarreau83061a82018-07-13 11:56:34 +02006290/* Copy Date in ASN1_UTCTIME format in struct buffer out.
Emeric Brunce5ad802012-10-22 14:11:22 +02006291 * Returns 1 if serial is found and copied, 0 if no valid time found
6292 * and -1 if output is not large enough.
6293 */
6294static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006295ssl_sock_get_time(ASN1_TIME *tm, struct buffer *out)
Emeric Brunce5ad802012-10-22 14:11:22 +02006296{
6297 if (tm->type == V_ASN1_GENERALIZEDTIME) {
6298 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
6299
6300 if (gentm->length < 12)
6301 return 0;
6302 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
6303 return 0;
6304 if (out->size < gentm->length-2)
6305 return -1;
6306
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006307 memcpy(out->area, gentm->data+2, gentm->length-2);
6308 out->data = gentm->length-2;
Emeric Brunce5ad802012-10-22 14:11:22 +02006309 return 1;
6310 }
6311 else if (tm->type == V_ASN1_UTCTIME) {
6312 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
6313
6314 if (utctm->length < 10)
6315 return 0;
6316 if (utctm->data[0] >= 0x35)
6317 return 0;
6318 if (out->size < utctm->length)
6319 return -1;
6320
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006321 memcpy(out->area, utctm->data, utctm->length);
6322 out->data = utctm->length;
Emeric Brunce5ad802012-10-22 14:11:22 +02006323 return 1;
6324 }
6325
6326 return 0;
6327}
6328
Emeric Brun87855892012-10-17 17:39:35 +02006329/* Extract an entry from a X509_NAME and copy its value to an output chunk.
6330 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
6331 */
6332static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006333ssl_sock_get_dn_entry(X509_NAME *a, const struct buffer *entry, int pos,
6334 struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006335{
6336 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006337 ASN1_OBJECT *obj;
6338 ASN1_STRING *data;
6339 const unsigned char *data_ptr;
6340 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006341 int i, j, n;
6342 int cur = 0;
6343 const char *s;
6344 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006345 int name_count;
6346
6347 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006348
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006349 out->data = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006350 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02006351 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006352 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02006353 else
6354 j = i;
6355
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006356 ne = X509_NAME_get_entry(a, j);
6357 obj = X509_NAME_ENTRY_get_object(ne);
6358 data = X509_NAME_ENTRY_get_data(ne);
6359 data_ptr = ASN1_STRING_get0_data(data);
6360 data_len = ASN1_STRING_length(data);
6361 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006362 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006363 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006364 s = tmp;
6365 }
6366
6367 if (chunk_strcasecmp(entry, s) != 0)
6368 continue;
6369
6370 if (pos < 0)
6371 cur--;
6372 else
6373 cur++;
6374
6375 if (cur != pos)
6376 continue;
6377
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006378 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02006379 return -1;
6380
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006381 memcpy(out->area, data_ptr, data_len);
6382 out->data = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006383 return 1;
6384 }
6385
6386 return 0;
6387
6388}
6389
6390/* Extract and format full DN from a X509_NAME and copy result into a chunk
6391 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
6392 */
6393static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006394ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006395{
6396 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006397 ASN1_OBJECT *obj;
6398 ASN1_STRING *data;
6399 const unsigned char *data_ptr;
6400 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006401 int i, n, ln;
6402 int l = 0;
6403 const char *s;
6404 char *p;
6405 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006406 int name_count;
6407
6408
6409 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006410
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006411 out->data = 0;
6412 p = out->area;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006413 for (i = 0; i < name_count; i++) {
6414 ne = X509_NAME_get_entry(a, i);
6415 obj = X509_NAME_ENTRY_get_object(ne);
6416 data = X509_NAME_ENTRY_get_data(ne);
6417 data_ptr = ASN1_STRING_get0_data(data);
6418 data_len = ASN1_STRING_length(data);
6419 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006420 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006421 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006422 s = tmp;
6423 }
6424 ln = strlen(s);
6425
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006426 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006427 if (l > out->size)
6428 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006429 out->data = l;
Emeric Brun87855892012-10-17 17:39:35 +02006430
6431 *(p++)='/';
6432 memcpy(p, s, ln);
6433 p += ln;
6434 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006435 memcpy(p, data_ptr, data_len);
6436 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006437 }
6438
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006439 if (!out->data)
Emeric Brun87855892012-10-17 17:39:35 +02006440 return 0;
6441
6442 return 1;
6443}
6444
Olivier Houchardab28a322018-12-21 19:45:40 +01006445void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int len)
6446{
6447#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006448 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006449
Olivier Houchardaa2ecea2019-06-28 14:10:33 +02006450 if (!ssl_sock_is_ssl(conn))
6451 return;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006452 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006453 SSL_set_alpn_protos(ctx->ssl, alpn, len);
Olivier Houchardab28a322018-12-21 19:45:40 +01006454#endif
6455}
6456
Willy Tarreau119a4082016-12-22 21:58:38 +01006457/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
6458 * to disable SNI.
6459 */
Willy Tarreau63076412015-07-10 11:33:32 +02006460void ssl_sock_set_servername(struct connection *conn, const char *hostname)
6461{
6462#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006463 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006464
Willy Tarreau119a4082016-12-22 21:58:38 +01006465 char *prev_name;
6466
Willy Tarreau63076412015-07-10 11:33:32 +02006467 if (!ssl_sock_is_ssl(conn))
6468 return;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006469 ctx = conn->xprt_ctx;
Willy Tarreau63076412015-07-10 11:33:32 +02006470
Willy Tarreau119a4082016-12-22 21:58:38 +01006471 /* if the SNI changes, we must destroy the reusable context so that a
6472 * new connection will present a new SNI. As an optimization we could
6473 * later imagine having a small cache of ssl_ctx to hold a few SNI per
6474 * server.
6475 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006476 prev_name = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau119a4082016-12-22 21:58:38 +01006477 if ((!prev_name && hostname) ||
6478 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
Olivier Houchard66ab4982019-02-26 18:37:15 +01006479 SSL_set_session(ctx->ssl, NULL);
Willy Tarreau119a4082016-12-22 21:58:38 +01006480
Olivier Houchard66ab4982019-02-26 18:37:15 +01006481 SSL_set_tlsext_host_name(ctx->ssl, hostname);
Willy Tarreau63076412015-07-10 11:33:32 +02006482#endif
6483}
6484
Emeric Brun0abf8362014-06-24 18:26:41 +02006485/* Extract peer certificate's common name into the chunk dest
6486 * Returns
6487 * the len of the extracted common name
6488 * or 0 if no CN found in DN
6489 * or -1 on error case (i.e. no peer certificate)
6490 */
Willy Tarreau83061a82018-07-13 11:56:34 +02006491int ssl_sock_get_remote_common_name(struct connection *conn,
6492 struct buffer *dest)
David Safb76832014-05-08 23:42:08 -04006493{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006494 struct ssl_sock_ctx *ctx;
David Safb76832014-05-08 23:42:08 -04006495 X509 *crt = NULL;
6496 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04006497 const char find_cn[] = "CN";
Willy Tarreau83061a82018-07-13 11:56:34 +02006498 const struct buffer find_cn_chunk = {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006499 .area = (char *)&find_cn,
6500 .data = sizeof(find_cn)-1
David Safb76832014-05-08 23:42:08 -04006501 };
Emeric Brun0abf8362014-06-24 18:26:41 +02006502 int result = -1;
David Safb76832014-05-08 23:42:08 -04006503
6504 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02006505 goto out;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006506 ctx = conn->xprt_ctx;
David Safb76832014-05-08 23:42:08 -04006507
6508 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006509 crt = SSL_get_peer_certificate(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04006510 if (!crt)
6511 goto out;
6512
6513 name = X509_get_subject_name(crt);
6514 if (!name)
6515 goto out;
David Safb76832014-05-08 23:42:08 -04006516
Emeric Brun0abf8362014-06-24 18:26:41 +02006517 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
6518out:
David Safb76832014-05-08 23:42:08 -04006519 if (crt)
6520 X509_free(crt);
6521
6522 return result;
6523}
6524
Dave McCowan328fb582014-07-30 10:39:13 -04006525/* returns 1 if client passed a certificate for this session, 0 if not */
6526int ssl_sock_get_cert_used_sess(struct connection *conn)
6527{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006528 struct ssl_sock_ctx *ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04006529 X509 *crt = NULL;
6530
6531 if (!ssl_sock_is_ssl(conn))
6532 return 0;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006533 ctx = conn->xprt_ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04006534
6535 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006536 crt = SSL_get_peer_certificate(ctx->ssl);
Dave McCowan328fb582014-07-30 10:39:13 -04006537 if (!crt)
6538 return 0;
6539
6540 X509_free(crt);
6541 return 1;
6542}
6543
6544/* returns 1 if client passed a certificate for this connection, 0 if not */
6545int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04006546{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006547 struct ssl_sock_ctx *ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006548
David Safb76832014-05-08 23:42:08 -04006549 if (!ssl_sock_is_ssl(conn))
6550 return 0;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006551 ctx = conn->xprt_ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006552 return SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
David Safb76832014-05-08 23:42:08 -04006553}
6554
6555/* returns result from SSL verify */
6556unsigned int ssl_sock_get_verify_result(struct connection *conn)
6557{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006558 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006559
David Safb76832014-05-08 23:42:08 -04006560 if (!ssl_sock_is_ssl(conn))
6561 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006562 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006563 return (unsigned int)SSL_get_verify_result(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04006564}
6565
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006566/* Returns the application layer protocol name in <str> and <len> when known.
6567 * Zero is returned if the protocol name was not found, otherwise non-zero is
6568 * returned. The string is allocated in the SSL context and doesn't have to be
6569 * freed by the caller. NPN is also checked if available since older versions
6570 * of openssl (1.0.1) which are more common in field only support this one.
6571 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006572static int ssl_sock_get_alpn(const struct connection *conn, void *xprt_ctx, const char **str, int *len)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006573{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006574#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) || \
6575 defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006576 struct ssl_sock_ctx *ctx = xprt_ctx;
6577 if (!ctx)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006578 return 0;
6579
6580 *str = NULL;
6581
6582#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Olivier Houchard66ab4982019-02-26 18:37:15 +01006583 SSL_get0_alpn_selected(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006584 if (*str)
6585 return 1;
6586#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01006587#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006588 SSL_get0_next_proto_negotiated(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006589 if (*str)
6590 return 1;
6591#endif
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006592#endif
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006593 return 0;
6594}
6595
Willy Tarreau7875d092012-09-10 08:20:03 +02006596/***** Below are some sample fetching functions for ACL/patterns *****/
6597
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006598static int
6599smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
6600{
6601 struct connection *conn;
6602
6603 conn = objt_conn(smp->sess->origin);
6604 if (!conn || conn->xprt != &ssl_sock)
6605 return 0;
6606
6607 smp->flags = 0;
6608 smp->data.type = SMP_T_BOOL;
Emmanuel Hocdetbb8643c2019-08-07 14:44:49 +02006609#ifdef OPENSSL_IS_BORINGSSL
6610 {
6611 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6612 smp->data.u.sint = (SSL_in_early_data(ctx->ssl) &&
6613 SSL_early_data_accepted(ctx->ssl));
6614 }
6615#else
Olivier Houchard25ae45a2017-11-29 19:51:19 +01006616 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
6617 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_HANDSHAKE))) ? 1 : 0;
Emmanuel Hocdetbb8643c2019-08-07 14:44:49 +02006618#endif
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006619 return 1;
6620}
6621
Emeric Brune64aef12012-09-21 13:15:06 +02006622/* boolean, returns true if client cert was present */
6623static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006624smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02006625{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006626 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006627 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006628
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006629 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006630 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02006631 return 0;
6632
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006633 ctx = conn->xprt_ctx;
6634
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006635 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02006636 smp->flags |= SMP_F_MAY_CHANGE;
6637 return 0;
6638 }
6639
6640 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006641 smp->data.type = SMP_T_BOOL;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006642 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02006643
6644 return 1;
6645}
6646
Emeric Brun43e79582014-10-29 19:03:26 +01006647/* binary, returns a certificate in a binary chunk (der/raw).
6648 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6649 * should be use.
6650 */
6651static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006652smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01006653{
6654 int cert_peer = (kw[4] == 'c') ? 1 : 0;
6655 X509 *crt = NULL;
6656 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006657 struct buffer *smp_trash;
Emeric Brun43e79582014-10-29 19:03:26 +01006658 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006659 struct ssl_sock_ctx *ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01006660
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006661 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01006662 if (!conn || conn->xprt != &ssl_sock)
6663 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006664 ctx = conn->xprt_ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01006665
6666 if (!(conn->flags & CO_FL_CONNECTED)) {
6667 smp->flags |= SMP_F_MAY_CHANGE;
6668 return 0;
6669 }
6670
6671 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006672 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01006673 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006674 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01006675
6676 if (!crt)
6677 goto out;
6678
6679 smp_trash = get_trash_chunk();
6680 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
6681 goto out;
6682
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006683 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006684 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01006685 ret = 1;
6686out:
6687 /* SSL_get_peer_certificate, it increase X509 * ref count */
6688 if (cert_peer && crt)
6689 X509_free(crt);
6690 return ret;
6691}
6692
Emeric Brunba841a12014-04-30 17:05:08 +02006693/* binary, returns serial of certificate in a binary chunk.
6694 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6695 * should be use.
6696 */
Willy Tarreau8d598402012-10-22 17:58:39 +02006697static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006698smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02006699{
Emeric Brunba841a12014-04-30 17:05:08 +02006700 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02006701 X509 *crt = NULL;
6702 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006703 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006704 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006705 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006706
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006707 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006708 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02006709 return 0;
6710
Olivier Houchard66ab4982019-02-26 18:37:15 +01006711 ctx = conn->xprt_ctx;
6712
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006713 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02006714 smp->flags |= SMP_F_MAY_CHANGE;
6715 return 0;
6716 }
6717
Emeric Brunba841a12014-04-30 17:05:08 +02006718 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006719 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006720 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006721 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006722
Willy Tarreau8d598402012-10-22 17:58:39 +02006723 if (!crt)
6724 goto out;
6725
Willy Tarreau47ca5452012-12-23 20:22:19 +01006726 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02006727 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
6728 goto out;
6729
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006730 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006731 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02006732 ret = 1;
6733out:
Emeric Brunba841a12014-04-30 17:05:08 +02006734 /* SSL_get_peer_certificate, it increase X509 * ref count */
6735 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02006736 X509_free(crt);
6737 return ret;
6738}
Emeric Brune64aef12012-09-21 13:15:06 +02006739
Emeric Brunba841a12014-04-30 17:05:08 +02006740/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
6741 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6742 * should be use.
6743 */
James Votha051b4a2013-05-14 20:37:59 +02006744static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006745smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02006746{
Emeric Brunba841a12014-04-30 17:05:08 +02006747 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02006748 X509 *crt = NULL;
6749 const EVP_MD *digest;
6750 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006751 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006752 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006753 struct ssl_sock_ctx *ctx;
James Votha051b4a2013-05-14 20:37:59 +02006754
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006755 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006756 if (!conn || conn->xprt != &ssl_sock)
6757 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006758 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006759
6760 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02006761 smp->flags |= SMP_F_MAY_CHANGE;
6762 return 0;
6763 }
6764
Emeric Brunba841a12014-04-30 17:05:08 +02006765 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006766 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006767 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006768 crt = SSL_get_certificate(ctx->ssl);
James Votha051b4a2013-05-14 20:37:59 +02006769 if (!crt)
6770 goto out;
6771
6772 smp_trash = get_trash_chunk();
6773 digest = EVP_sha1();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006774 X509_digest(crt, digest, (unsigned char *) smp_trash->area,
6775 (unsigned int *)&smp_trash->data);
James Votha051b4a2013-05-14 20:37:59 +02006776
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006777 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006778 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02006779 ret = 1;
6780out:
Emeric Brunba841a12014-04-30 17:05:08 +02006781 /* SSL_get_peer_certificate, it increase X509 * ref count */
6782 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02006783 X509_free(crt);
6784 return ret;
6785}
6786
Emeric Brunba841a12014-04-30 17:05:08 +02006787/* string, returns certificate's notafter date in ASN1_UTCTIME format.
6788 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6789 * should be use.
6790 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006791static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006792smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006793{
Emeric Brunba841a12014-04-30 17:05:08 +02006794 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006795 X509 *crt = NULL;
6796 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006797 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006798 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006799 struct ssl_sock_ctx *ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02006800
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006801 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006802 if (!conn || conn->xprt != &ssl_sock)
6803 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006804 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006805
6806 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006807 smp->flags |= SMP_F_MAY_CHANGE;
6808 return 0;
6809 }
6810
Emeric Brunba841a12014-04-30 17:05:08 +02006811 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006812 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006813 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006814 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02006815 if (!crt)
6816 goto out;
6817
Willy Tarreau47ca5452012-12-23 20:22:19 +01006818 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08006819 if (ssl_sock_get_time(X509_getm_notAfter(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02006820 goto out;
6821
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006822 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006823 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006824 ret = 1;
6825out:
Emeric Brunba841a12014-04-30 17:05:08 +02006826 /* SSL_get_peer_certificate, it increase X509 * ref count */
6827 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006828 X509_free(crt);
6829 return ret;
6830}
6831
Emeric Brunba841a12014-04-30 17:05:08 +02006832/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
6833 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6834 * should be use.
6835 */
Emeric Brun87855892012-10-17 17:39:35 +02006836static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006837smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006838{
Emeric Brunba841a12014-04-30 17:05:08 +02006839 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006840 X509 *crt = NULL;
6841 X509_NAME *name;
6842 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006843 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006844 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006845 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02006846
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006847 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006848 if (!conn || conn->xprt != &ssl_sock)
6849 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006850 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006851
6852 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006853 smp->flags |= SMP_F_MAY_CHANGE;
6854 return 0;
6855 }
6856
Emeric Brunba841a12014-04-30 17:05:08 +02006857 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006858 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006859 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006860 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02006861 if (!crt)
6862 goto out;
6863
6864 name = X509_get_issuer_name(crt);
6865 if (!name)
6866 goto out;
6867
Willy Tarreau47ca5452012-12-23 20:22:19 +01006868 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006869 if (args && args[0].type == ARGT_STR) {
6870 int pos = 1;
6871
6872 if (args[1].type == ARGT_SINT)
6873 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006874
6875 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6876 goto out;
6877 }
6878 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6879 goto out;
6880
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006881 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006882 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006883 ret = 1;
6884out:
Emeric Brunba841a12014-04-30 17:05:08 +02006885 /* SSL_get_peer_certificate, it increase X509 * ref count */
6886 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006887 X509_free(crt);
6888 return ret;
6889}
6890
Emeric Brunba841a12014-04-30 17:05:08 +02006891/* string, returns notbefore date in ASN1_UTCTIME format.
6892 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6893 * should be use.
6894 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006895static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006896smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006897{
Emeric Brunba841a12014-04-30 17:05:08 +02006898 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006899 X509 *crt = NULL;
6900 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006901 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006902 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006903 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006904
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006905 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006906 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02006907 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006908 ctx = conn->xprt_ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02006909
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006910 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006911 smp->flags |= SMP_F_MAY_CHANGE;
6912 return 0;
6913 }
6914
Emeric Brunba841a12014-04-30 17:05:08 +02006915 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006916 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006917 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006918 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02006919 if (!crt)
6920 goto out;
6921
Willy Tarreau47ca5452012-12-23 20:22:19 +01006922 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08006923 if (ssl_sock_get_time(X509_getm_notBefore(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02006924 goto out;
6925
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006926 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006927 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006928 ret = 1;
6929out:
Emeric Brunba841a12014-04-30 17:05:08 +02006930 /* SSL_get_peer_certificate, it increase X509 * ref count */
6931 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006932 X509_free(crt);
6933 return ret;
6934}
6935
Emeric Brunba841a12014-04-30 17:05:08 +02006936/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
6937 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6938 * should be use.
6939 */
Emeric Brun87855892012-10-17 17:39:35 +02006940static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006941smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006942{
Emeric Brunba841a12014-04-30 17:05:08 +02006943 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006944 X509 *crt = NULL;
6945 X509_NAME *name;
6946 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006947 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006948 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006949 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02006950
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006951 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006952 if (!conn || conn->xprt != &ssl_sock)
6953 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006954 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006955
6956 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006957 smp->flags |= SMP_F_MAY_CHANGE;
6958 return 0;
6959 }
6960
Emeric Brunba841a12014-04-30 17:05:08 +02006961 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006962 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006963 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006964 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02006965 if (!crt)
6966 goto out;
6967
6968 name = X509_get_subject_name(crt);
6969 if (!name)
6970 goto out;
6971
Willy Tarreau47ca5452012-12-23 20:22:19 +01006972 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006973 if (args && args[0].type == ARGT_STR) {
6974 int pos = 1;
6975
6976 if (args[1].type == ARGT_SINT)
6977 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006978
6979 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6980 goto out;
6981 }
6982 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6983 goto out;
6984
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006985 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006986 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006987 ret = 1;
6988out:
Emeric Brunba841a12014-04-30 17:05:08 +02006989 /* SSL_get_peer_certificate, it increase X509 * ref count */
6990 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006991 X509_free(crt);
6992 return ret;
6993}
Emeric Brun9143d372012-12-20 15:44:16 +01006994
6995/* integer, returns true if current session use a client certificate */
6996static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006997smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01006998{
6999 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007000 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007001 struct ssl_sock_ctx *ctx;
Emeric Brun9143d372012-12-20 15:44:16 +01007002
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007003 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007004 if (!conn || conn->xprt != &ssl_sock)
7005 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007006 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007007
7008 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01007009 smp->flags |= SMP_F_MAY_CHANGE;
7010 return 0;
7011 }
7012
7013 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007014 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun9143d372012-12-20 15:44:16 +01007015 if (crt) {
7016 X509_free(crt);
7017 }
7018
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007019 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007020 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01007021 return 1;
7022}
7023
Emeric Brunba841a12014-04-30 17:05:08 +02007024/* integer, returns the certificate version
7025 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7026 * should be use.
7027 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02007028static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007029smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007030{
Emeric Brunba841a12014-04-30 17:05:08 +02007031 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007032 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007033 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007034 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007035
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007036 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007037 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007038 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007039 ctx = conn->xprt_ctx;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007040
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007041 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02007042 smp->flags |= SMP_F_MAY_CHANGE;
7043 return 0;
7044 }
7045
Emeric Brunba841a12014-04-30 17:05:08 +02007046 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007047 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007048 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007049 crt = SSL_get_certificate(ctx->ssl);
Emeric Bruna7359fd2012-10-17 15:03:11 +02007050 if (!crt)
7051 return 0;
7052
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007053 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02007054 /* SSL_get_peer_certificate increase X509 * ref count */
7055 if (cert_peer)
7056 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007057 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007058
7059 return 1;
7060}
7061
Emeric Brunba841a12014-04-30 17:05:08 +02007062/* string, returns the certificate's signature algorithm.
7063 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7064 * should be use.
7065 */
Emeric Brun7f56e742012-10-19 18:15:40 +02007066static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007067smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02007068{
Emeric Brunba841a12014-04-30 17:05:08 +02007069 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02007070 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007071 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02007072 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007073 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007074 struct ssl_sock_ctx *ctx;
Emeric Brun7f56e742012-10-19 18:15:40 +02007075
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007076 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007077 if (!conn || conn->xprt != &ssl_sock)
7078 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007079 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007080
7081 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02007082 smp->flags |= SMP_F_MAY_CHANGE;
7083 return 0;
7084 }
7085
Emeric Brunba841a12014-04-30 17:05:08 +02007086 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007087 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007088 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007089 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun7f56e742012-10-19 18:15:40 +02007090 if (!crt)
7091 return 0;
7092
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007093 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
7094 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02007095
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007096 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7097 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007098 /* SSL_get_peer_certificate increase X509 * ref count */
7099 if (cert_peer)
7100 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007101 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007102 }
Emeric Brun7f56e742012-10-19 18:15:40 +02007103
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007104 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007105 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007106 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007107 /* SSL_get_peer_certificate increase X509 * ref count */
7108 if (cert_peer)
7109 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007110
7111 return 1;
7112}
7113
Emeric Brunba841a12014-04-30 17:05:08 +02007114/* string, returns the certificate's key algorithm.
7115 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7116 * should be use.
7117 */
Emeric Brun521a0112012-10-22 12:22:55 +02007118static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007119smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02007120{
Emeric Brunba841a12014-04-30 17:05:08 +02007121 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02007122 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007123 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02007124 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007125 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007126 struct ssl_sock_ctx *ctx;
Emeric Brun521a0112012-10-22 12:22:55 +02007127
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007128 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007129 if (!conn || conn->xprt != &ssl_sock)
7130 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007131 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007132
7133 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02007134 smp->flags |= SMP_F_MAY_CHANGE;
7135 return 0;
7136 }
7137
Emeric Brunba841a12014-04-30 17:05:08 +02007138 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007139 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007140 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007141 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun521a0112012-10-22 12:22:55 +02007142 if (!crt)
7143 return 0;
7144
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007145 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
7146 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02007147
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007148 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7149 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007150 /* SSL_get_peer_certificate increase X509 * ref count */
7151 if (cert_peer)
7152 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007153 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007154 }
Emeric Brun521a0112012-10-22 12:22:55 +02007155
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007156 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007157 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007158 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007159 if (cert_peer)
7160 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007161
7162 return 1;
7163}
7164
Emeric Brun645ae792014-04-30 14:21:06 +02007165/* boolean, returns true if front conn. transport layer is SSL.
7166 * This function is also usable on backend conn if the fetch keyword 5th
7167 * char is 'b'.
7168 */
Willy Tarreau7875d092012-09-10 08:20:03 +02007169static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007170smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007171{
Emeric Bruneb8def92018-02-19 15:59:48 +01007172 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7173 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007174
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007175 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007176 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02007177 return 1;
7178}
7179
Emeric Brun2525b6b2012-10-18 15:59:43 +02007180/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02007181static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007182smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007183{
7184#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007185 struct connection *conn = objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007186 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007187
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007188 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007189 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007190 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007191 SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02007192 return 1;
7193#else
7194 return 0;
7195#endif
7196}
7197
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007198/* boolean, returns true if client session has been resumed.
7199 * This function is also usable on backend conn if the fetch keyword 5th
7200 * char is 'b'.
7201 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007202static int
7203smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
7204{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007205 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7206 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007207 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007208
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007209
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007210 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007211 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007212 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007213 SSL_session_reused(ctx->ssl);
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007214 return 1;
7215}
7216
Emeric Brun645ae792014-04-30 14:21:06 +02007217/* string, returns the used cipher if front conn. transport layer is SSL.
7218 * This function is also usable on backend conn if the fetch keyword 5th
7219 * char is 'b'.
7220 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007221static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007222smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007223{
Emeric Bruneb8def92018-02-19 15:59:48 +01007224 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7225 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007226 struct ssl_sock_ctx *ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007227
Willy Tarreaube508f12016-03-10 11:47:01 +01007228 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007229 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007230 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007231 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007232
Olivier Houchard66ab4982019-02-26 18:37:15 +01007233 smp->data.u.str.area = (char *)SSL_get_cipher_name(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007234 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007235 return 0;
7236
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007237 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007238 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007239 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007240
7241 return 1;
7242}
7243
Emeric Brun645ae792014-04-30 14:21:06 +02007244/* integer, returns the algoritm's keysize if front conn. transport layer
7245 * is SSL.
7246 * This function is also usable on backend conn if the fetch keyword 5th
7247 * char is 'b'.
7248 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007249static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007250smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007251{
Emeric Bruneb8def92018-02-19 15:59:48 +01007252 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7253 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007254 struct ssl_sock_ctx *ctx;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007255 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01007256
Emeric Brun589fcad2012-10-16 14:13:26 +02007257 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007258 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007259 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007260 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007261
Olivier Houchard66ab4982019-02-26 18:37:15 +01007262 if (!SSL_get_cipher_bits(ctx->ssl, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007263 return 0;
7264
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007265 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007266 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007267
7268 return 1;
7269}
7270
Emeric Brun645ae792014-04-30 14:21:06 +02007271/* integer, returns the used keysize if front conn. transport layer is SSL.
7272 * This function is also usable on backend conn if the fetch keyword 5th
7273 * char is 'b'.
7274 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007275static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007276smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007277{
Emeric Bruneb8def92018-02-19 15:59:48 +01007278 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7279 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007280 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007281
Emeric Brun589fcad2012-10-16 14:13:26 +02007282 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007283 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7284 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007285 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007286
Olivier Houchard66ab4982019-02-26 18:37:15 +01007287 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(ctx->ssl, NULL);
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007288 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02007289 return 0;
7290
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007291 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007292
7293 return 1;
7294}
7295
Bernard Spil13c53f82018-02-15 13:34:58 +01007296#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau7875d092012-09-10 08:20:03 +02007297static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007298smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007299{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007300 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007301 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007302
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007303 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007304 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007305
Olivier Houchard6b77f492018-11-22 18:18:29 +01007306 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7307 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007308 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7309 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007310 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007311
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007312 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007313 SSL_get0_next_proto_negotiated(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007314 (const unsigned char **)&smp->data.u.str.area,
7315 (unsigned *)&smp->data.u.str.data);
Willy Tarreaua33c6542012-10-15 13:19:06 +02007316
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007317 if (!smp->data.u.str.area)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007318 return 0;
7319
7320 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007321}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007322#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02007323
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01007324#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02007325static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007326smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02007327{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007328 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007329 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007330
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007331 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007332 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02007333
Olivier Houchard6b77f492018-11-22 18:18:29 +01007334 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7335 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7336
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007337 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02007338 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007339 ctx = conn->xprt_ctx;
Willy Tarreauab861d32013-04-02 02:30:41 +02007340
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007341 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007342 SSL_get0_alpn_selected(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007343 (const unsigned char **)&smp->data.u.str.area,
7344 (unsigned *)&smp->data.u.str.data);
Willy Tarreauab861d32013-04-02 02:30:41 +02007345
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007346 if (!smp->data.u.str.area)
Willy Tarreauab861d32013-04-02 02:30:41 +02007347 return 0;
7348
7349 return 1;
7350}
7351#endif
7352
Emeric Brun645ae792014-04-30 14:21:06 +02007353/* string, returns the used protocol if front conn. transport layer is SSL.
7354 * This function is also usable on backend conn if the fetch keyword 5th
7355 * char is 'b'.
7356 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02007357static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007358smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007359{
Emeric Bruneb8def92018-02-19 15:59:48 +01007360 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7361 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007362 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007363
Emeric Brun589fcad2012-10-16 14:13:26 +02007364 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007365 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7366 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007367 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007368
Olivier Houchard66ab4982019-02-26 18:37:15 +01007369 smp->data.u.str.area = (char *)SSL_get_version(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007370 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007371 return 0;
7372
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007373 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007374 smp->flags = SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007375 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007376
7377 return 1;
7378}
7379
Willy Tarreau87b09662015-04-03 00:22:06 +02007380/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02007381 * This function is also usable on backend conn if the fetch keyword 5th
7382 * char is 'b'.
7383 */
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007384#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun589fcad2012-10-16 14:13:26 +02007385static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007386smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02007387{
Emeric Bruneb8def92018-02-19 15:59:48 +01007388 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7389 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007390 SSL_SESSION *ssl_sess;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007391 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007392
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007393 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007394 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02007395
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007396 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7397 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007398 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007399
Olivier Houchard66ab4982019-02-26 18:37:15 +01007400 ssl_sess = SSL_get_session(ctx->ssl);
Willy Tarreau192252e2015-04-04 01:47:55 +02007401 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02007402 return 0;
7403
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007404 smp->data.u.str.area = (char *)SSL_SESSION_get_id(ssl_sess,
7405 (unsigned int *)&smp->data.u.str.data);
7406 if (!smp->data.u.str.area || !smp->data.u.str.data)
Emeric Brunfe68f682012-10-16 14:59:28 +02007407 return 0;
7408
7409 return 1;
Emeric Brunfe68f682012-10-16 14:59:28 +02007410}
Patrick Hemmer41966772018-04-28 19:15:48 -04007411#endif
7412
Emeric Brunfe68f682012-10-16 14:59:28 +02007413
Emmanuel Hocdet839af572019-05-14 16:27:35 +02007414#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmere0275472018-04-28 19:15:51 -04007415static int
Patrick Hemmer65674662019-06-04 08:13:03 -04007416smp_fetch_ssl_fc_random(const struct arg *args, struct sample *smp, const char *kw, void *private)
7417{
7418 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7419 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7420 struct buffer *data;
7421 struct ssl_sock_ctx *ctx;
7422
7423 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7424 return 0;
7425 ctx = conn->xprt_ctx;
7426
7427 data = get_trash_chunk();
7428 if (kw[7] == 'c')
7429 data->data = SSL_get_client_random(ctx->ssl,
7430 (unsigned char *) data->area,
7431 data->size);
7432 else
7433 data->data = SSL_get_server_random(ctx->ssl,
7434 (unsigned char *) data->area,
7435 data->size);
7436 if (!data->data)
7437 return 0;
7438
7439 smp->flags = 0;
7440 smp->data.type = SMP_T_BIN;
7441 smp->data.u.str = *data;
7442
7443 return 1;
7444}
7445
7446static int
Patrick Hemmere0275472018-04-28 19:15:51 -04007447smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
7448{
7449 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7450 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7451 SSL_SESSION *ssl_sess;
Willy Tarreau83061a82018-07-13 11:56:34 +02007452 struct buffer *data;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007453 struct ssl_sock_ctx *ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04007454
7455 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7456 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007457 ctx = conn->xprt_ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04007458
Olivier Houchard66ab4982019-02-26 18:37:15 +01007459 ssl_sess = SSL_get_session(ctx->ssl);
Patrick Hemmere0275472018-04-28 19:15:51 -04007460 if (!ssl_sess)
7461 return 0;
7462
7463 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007464 data->data = SSL_SESSION_get_master_key(ssl_sess,
7465 (unsigned char *) data->area,
7466 data->size);
7467 if (!data->data)
Patrick Hemmere0275472018-04-28 19:15:51 -04007468 return 0;
7469
7470 smp->flags = 0;
7471 smp->data.type = SMP_T_BIN;
7472 smp->data.u.str = *data;
7473
7474 return 1;
7475}
7476#endif
7477
Patrick Hemmer41966772018-04-28 19:15:48 -04007478#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emeric Brunfe68f682012-10-16 14:59:28 +02007479static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007480smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007481{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007482 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007483 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007484
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007485 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007486 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02007487
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007488 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007489 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7490 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007491 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007492
Olivier Houchard66ab4982019-02-26 18:37:15 +01007493 smp->data.u.str.area = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007494 if (!smp->data.u.str.area)
Willy Tarreau3e394c92012-09-14 23:56:58 +02007495 return 0;
7496
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007497 smp->data.u.str.data = strlen(smp->data.u.str.area);
Willy Tarreau7875d092012-09-10 08:20:03 +02007498 return 1;
Willy Tarreau7875d092012-09-10 08:20:03 +02007499}
Patrick Hemmer41966772018-04-28 19:15:48 -04007500#endif
Willy Tarreau7875d092012-09-10 08:20:03 +02007501
David Sc1ad52e2014-04-08 18:48:47 -04007502static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007503smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
7504{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007505 struct connection *conn;
7506 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007507 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007508
7509 conn = objt_conn(smp->sess->origin);
7510 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7511 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007512 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007513
Olivier Houchard66ab4982019-02-26 18:37:15 +01007514 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007515 if (!capture)
7516 return 0;
7517
7518 smp->flags = SMP_F_CONST;
7519 smp->data.type = SMP_T_BIN;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007520 smp->data.u.str.area = capture->ciphersuite;
7521 smp->data.u.str.data = capture->ciphersuite_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007522 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007523}
7524
7525static int
7526smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
7527{
Willy Tarreau83061a82018-07-13 11:56:34 +02007528 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007529
7530 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7531 return 0;
7532
7533 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007534 dump_binary(data, smp->data.u.str.area, smp->data.u.str.data);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007535 smp->data.type = SMP_T_BIN;
7536 smp->data.u.str = *data;
7537 return 1;
7538}
7539
7540static int
7541smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
7542{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007543 struct connection *conn;
7544 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007545 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007546
7547 conn = objt_conn(smp->sess->origin);
7548 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7549 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007550 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007551
Olivier Houchard66ab4982019-02-26 18:37:15 +01007552 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007553 if (!capture)
7554 return 0;
7555
7556 smp->data.type = SMP_T_SINT;
7557 smp->data.u.sint = capture->xxh64;
7558 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007559}
7560
7561static int
7562smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
7563{
Willy Tarreau5db847a2019-05-09 14:13:35 +02007564#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL)
Willy Tarreau83061a82018-07-13 11:56:34 +02007565 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007566 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007567
7568 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7569 return 0;
7570
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007571 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007572 for (i = 0; i + 1 < smp->data.u.str.data; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007573 const char *str;
7574 const SSL_CIPHER *cipher;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007575 const unsigned char *bin = (const unsigned char *) smp->data.u.str.area + i;
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007576 uint16_t id = (bin[0] << 8) | bin[1];
7577#if defined(OPENSSL_IS_BORINGSSL)
7578 cipher = SSL_get_cipher_by_value(id);
7579#else
Willy Tarreaub7290772018-10-15 11:01:59 +02007580 struct connection *conn = __objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007581 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
7582 cipher = SSL_CIPHER_find(ctx->ssl, bin);
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007583#endif
7584 str = SSL_CIPHER_get_name(cipher);
7585 if (!str || strcmp(str, "(NONE)") == 0)
7586 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007587 else
7588 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
7589 }
7590 smp->data.type = SMP_T_STR;
7591 smp->data.u.str = *data;
7592 return 1;
7593#else
7594 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
7595#endif
7596}
7597
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007598#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007599static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007600smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04007601{
Emeric Bruneb8def92018-02-19 15:59:48 +01007602 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7603 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04007604 int finished_len;
Willy Tarreau83061a82018-07-13 11:56:34 +02007605 struct buffer *finished_trash;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007606 struct ssl_sock_ctx *ctx;
David Sc1ad52e2014-04-08 18:48:47 -04007607
7608 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04007609 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7610 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007611 ctx = conn->xprt_ctx;
David Sc1ad52e2014-04-08 18:48:47 -04007612
7613 if (!(conn->flags & CO_FL_CONNECTED)) {
7614 smp->flags |= SMP_F_MAY_CHANGE;
7615 return 0;
7616 }
7617
7618 finished_trash = get_trash_chunk();
Olivier Houchard66ab4982019-02-26 18:37:15 +01007619 if (!SSL_session_reused(ctx->ssl))
7620 finished_len = SSL_get_peer_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007621 finished_trash->area,
7622 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007623 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007624 finished_len = SSL_get_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007625 finished_trash->area,
7626 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007627
7628 if (!finished_len)
7629 return 0;
7630
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007631 finished_trash->data = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007632 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007633 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04007634
7635 return 1;
David Sc1ad52e2014-04-08 18:48:47 -04007636}
Patrick Hemmer41966772018-04-28 19:15:48 -04007637#endif
David Sc1ad52e2014-04-08 18:48:47 -04007638
Emeric Brun2525b6b2012-10-18 15:59:43 +02007639/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007640static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007641smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007642{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007643 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007644 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007645
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007646 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007647 if (!conn || conn->xprt != &ssl_sock)
7648 return 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007649 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007650
7651 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007652 smp->flags = SMP_F_MAY_CHANGE;
7653 return 0;
7654 }
7655
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007656 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007657 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007658 smp->flags = 0;
7659
7660 return 1;
7661}
7662
Emeric Brun2525b6b2012-10-18 15:59:43 +02007663/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007664static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007665smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007666{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007667 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007668 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007669
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007670 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007671 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02007672 return 0;
7673
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007674 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007675 smp->flags = SMP_F_MAY_CHANGE;
7676 return 0;
7677 }
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007678 ctx = conn->xprt_ctx;
Emeric Brunf282a812012-09-21 15:27:54 +02007679
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007680 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007681 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007682 smp->flags = 0;
7683
7684 return 1;
7685}
7686
Emeric Brun2525b6b2012-10-18 15:59:43 +02007687/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02007688static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007689smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007690{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007691 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007692 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007693
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007694 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007695 if (!conn || conn->xprt != &ssl_sock)
7696 return 0;
7697
7698 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007699 smp->flags = SMP_F_MAY_CHANGE;
7700 return 0;
7701 }
7702
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007703 ctx = conn->xprt_ctx;
7704
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007705 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007706 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007707 smp->flags = 0;
7708
7709 return 1;
7710}
7711
Emeric Brun2525b6b2012-10-18 15:59:43 +02007712/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007713static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007714smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007715{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007716 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007717 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007718
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007719 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007720 if (!conn || conn->xprt != &ssl_sock)
7721 return 0;
7722
7723 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007724 smp->flags = SMP_F_MAY_CHANGE;
7725 return 0;
7726 }
7727
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007728 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007729 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007730 ctx = conn->xprt_ctx;
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007731
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007732 smp->data.type = SMP_T_SINT;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007733 smp->data.u.sint = (long long int)SSL_get_verify_result(ctx->ssl);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007734 smp->flags = 0;
7735
7736 return 1;
7737}
7738
Emeric Brunfb510ea2012-10-05 12:00:26 +02007739/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007740static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007741{
7742 if (!*args[cur_arg + 1]) {
7743 if (err)
7744 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7745 return ERR_ALERT | ERR_FATAL;
7746 }
7747
Willy Tarreauef934602016-12-22 23:12:01 +01007748 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7749 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007750 else
7751 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007752
Emeric Brund94b3fe2012-09-20 18:23:56 +02007753 return 0;
7754}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007755static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7756{
7757 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
7758}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007759
Christopher Faulet31af49d2015-06-09 17:29:50 +02007760/* parse the "ca-sign-file" bind keyword */
7761static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7762{
7763 if (!*args[cur_arg + 1]) {
7764 if (err)
7765 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7766 return ERR_ALERT | ERR_FATAL;
7767 }
7768
Willy Tarreauef934602016-12-22 23:12:01 +01007769 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7770 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02007771 else
7772 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
7773
7774 return 0;
7775}
7776
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007777/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02007778static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7779{
7780 if (!*args[cur_arg + 1]) {
7781 if (err)
7782 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
7783 return ERR_ALERT | ERR_FATAL;
7784 }
7785 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
7786 return 0;
7787}
7788
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007789/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007790static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007791{
7792 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007793 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007794 return ERR_ALERT | ERR_FATAL;
7795 }
7796
Emeric Brun76d88952012-10-05 15:47:31 +02007797 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02007798 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007799 return 0;
7800}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007801static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7802{
7803 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
7804}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02007805
Emmanuel Hocdet839af572019-05-14 16:27:35 +02007806#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02007807/* parse the "ciphersuites" bind keyword */
7808static int ssl_bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7809{
7810 if (!*args[cur_arg + 1]) {
7811 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
7812 return ERR_ALERT | ERR_FATAL;
7813 }
7814
7815 free(conf->ciphersuites);
7816 conf->ciphersuites = strdup(args[cur_arg + 1]);
7817 return 0;
7818}
7819static int bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7820{
7821 return ssl_bind_parse_ciphersuites(args, cur_arg, px, &conf->ssl_conf, err);
7822}
7823#endif
7824
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007825/* parse the "crt" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007826static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007827{
Willy Tarreau38011032013-08-13 16:59:39 +02007828 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02007829
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007830 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007831 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007832 return ERR_ALERT | ERR_FATAL;
7833 }
7834
Willy Tarreauef934602016-12-22 23:12:01 +01007835 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
7836 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02007837 memprintf(err, "'%s' : path too long", args[cur_arg]);
7838 return ERR_ALERT | ERR_FATAL;
7839 }
Willy Tarreauef934602016-12-22 23:12:01 +01007840 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreau03209342016-12-22 17:08:28 +01007841 if (ssl_sock_load_cert(path, conf, err) > 0)
Emeric Brunc8e8d122012-10-02 18:42:10 +02007842 return ERR_ALERT | ERR_FATAL;
7843
7844 return 0;
7845 }
7846
Willy Tarreau03209342016-12-22 17:08:28 +01007847 if (ssl_sock_load_cert(args[cur_arg + 1], conf, err) > 0)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007848 return ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007849
7850 return 0;
7851}
7852
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007853/* parse the "crt-list" bind keyword */
7854static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7855{
7856 if (!*args[cur_arg + 1]) {
7857 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
7858 return ERR_ALERT | ERR_FATAL;
7859 }
7860
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007861 if (ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err) > 0) {
Willy Tarreauad1731d2013-04-02 17:35:58 +02007862 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007863 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02007864 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007865
7866 return 0;
7867}
7868
Emeric Brunfb510ea2012-10-05 12:00:26 +02007869/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007870static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007871{
Emeric Brun051cdab2012-10-02 19:25:50 +02007872#ifndef X509_V_FLAG_CRL_CHECK
7873 if (err)
7874 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
7875 return ERR_ALERT | ERR_FATAL;
7876#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02007877 if (!*args[cur_arg + 1]) {
7878 if (err)
7879 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
7880 return ERR_ALERT | ERR_FATAL;
7881 }
Emeric Brun2b58d042012-09-20 17:10:03 +02007882
Willy Tarreauef934602016-12-22 23:12:01 +01007883 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7884 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007885 else
7886 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007887
Emeric Brun2b58d042012-09-20 17:10:03 +02007888 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02007889#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02007890}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007891static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7892{
7893 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
7894}
Emeric Brun2b58d042012-09-20 17:10:03 +02007895
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007896/* parse the "curves" bind keyword keyword */
7897static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7898{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007899#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007900 if (!*args[cur_arg + 1]) {
7901 if (err)
7902 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
7903 return ERR_ALERT | ERR_FATAL;
7904 }
7905 conf->curves = strdup(args[cur_arg + 1]);
7906 return 0;
7907#else
7908 if (err)
7909 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
7910 return ERR_ALERT | ERR_FATAL;
7911#endif
7912}
7913static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7914{
7915 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
7916}
7917
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007918/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007919static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02007920{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007921#if HA_OPENSSL_VERSION_NUMBER < 0x0090800fL
Emeric Brun2b58d042012-09-20 17:10:03 +02007922 if (err)
7923 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
7924 return ERR_ALERT | ERR_FATAL;
7925#elif defined(OPENSSL_NO_ECDH)
7926 if (err)
7927 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
7928 return ERR_ALERT | ERR_FATAL;
7929#else
7930 if (!*args[cur_arg + 1]) {
7931 if (err)
7932 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
7933 return ERR_ALERT | ERR_FATAL;
7934 }
7935
7936 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007937
7938 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02007939#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007940}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007941static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7942{
7943 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
7944}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007945
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007946/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02007947static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7948{
7949 int code;
7950 char *p = args[cur_arg + 1];
7951 unsigned long long *ignerr = &conf->crt_ignerr;
7952
7953 if (!*p) {
7954 if (err)
7955 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
7956 return ERR_ALERT | ERR_FATAL;
7957 }
7958
7959 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
7960 ignerr = &conf->ca_ignerr;
7961
7962 if (strcmp(p, "all") == 0) {
7963 *ignerr = ~0ULL;
7964 return 0;
7965 }
7966
7967 while (p) {
7968 code = atoi(p);
7969 if ((code <= 0) || (code > 63)) {
7970 if (err)
7971 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
7972 args[cur_arg], code, args[cur_arg + 1]);
7973 return ERR_ALERT | ERR_FATAL;
7974 }
7975 *ignerr |= 1ULL << code;
7976 p = strchr(p, ',');
7977 if (p)
7978 p++;
7979 }
7980
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007981 return 0;
7982}
7983
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007984/* parse tls_method_options "no-xxx" and "force-xxx" */
7985static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007986{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007987 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007988 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007989 p = strchr(arg, '-');
7990 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007991 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007992 p++;
7993 if (!strcmp(p, "sslv3"))
7994 v = CONF_SSLV3;
7995 else if (!strcmp(p, "tlsv10"))
7996 v = CONF_TLSV10;
7997 else if (!strcmp(p, "tlsv11"))
7998 v = CONF_TLSV11;
7999 else if (!strcmp(p, "tlsv12"))
8000 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008001 else if (!strcmp(p, "tlsv13"))
8002 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008003 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008004 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008005 if (!strncmp(arg, "no-", 3))
8006 methods->flags |= methodVersions[v].flag;
8007 else if (!strncmp(arg, "force-", 6))
8008 methods->min = methods->max = v;
8009 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008010 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008011 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008012 fail:
8013 if (err)
8014 memprintf(err, "'%s' : option not implemented", arg);
8015 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008016}
8017
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008018static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008019{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008020 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008021}
8022
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008023static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008024{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008025 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
8026}
8027
8028/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
8029static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
8030{
8031 uint16_t i, v = 0;
8032 char *argv = args[cur_arg + 1];
8033 if (!*argv) {
8034 if (err)
8035 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
8036 return ERR_ALERT | ERR_FATAL;
8037 }
8038 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
8039 if (!strcmp(argv, methodVersions[i].name))
8040 v = i;
8041 if (!v) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008042 if (err)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008043 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008044 return ERR_ALERT | ERR_FATAL;
8045 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008046 if (!strcmp("ssl-min-ver", args[cur_arg]))
8047 methods->min = v;
8048 else if (!strcmp("ssl-max-ver", args[cur_arg]))
8049 methods->max = v;
8050 else {
8051 if (err)
8052 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
8053 return ERR_ALERT | ERR_FATAL;
8054 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008055 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008056}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008057
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008058static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8059{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008060#if (HA_OPENSSL_VERSION_NUMBER < 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01008061 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008062#endif
8063 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
8064}
8065
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008066static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8067{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008068 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008069}
8070
8071static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8072{
8073 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
8074}
8075
Emeric Brun2d0c4822012-10-02 13:45:20 +02008076/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008077static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02008078{
Emeric Brun89675492012-10-05 13:48:26 +02008079 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02008080 return 0;
8081}
Emeric Brun2d0c4822012-10-02 13:45:20 +02008082
Olivier Houchardc2aae742017-09-22 18:26:28 +02008083/* parse the "allow-0rtt" bind keyword */
8084static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8085{
8086 conf->early_data = 1;
8087 return 0;
8088}
8089
8090static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8091{
Olivier Houchard9679ac92017-10-27 14:58:08 +02008092 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02008093 return 0;
8094}
8095
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008096/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008097static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008098{
Bernard Spil13c53f82018-02-15 13:34:58 +01008099#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008100 char *p1, *p2;
8101
8102 if (!*args[cur_arg + 1]) {
8103 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
8104 return ERR_ALERT | ERR_FATAL;
8105 }
8106
8107 free(conf->npn_str);
8108
Willy Tarreau3724da12016-02-12 17:11:12 +01008109 /* the NPN string is built as a suite of (<len> <name>)*,
8110 * so we reuse each comma to store the next <len> and need
8111 * one more for the end of the string.
8112 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008113 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01008114 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008115 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
8116
8117 /* replace commas with the name length */
8118 p1 = conf->npn_str;
8119 p2 = p1 + 1;
8120 while (1) {
8121 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
8122 if (!p2)
8123 p2 = p1 + 1 + strlen(p1 + 1);
8124
8125 if (p2 - (p1 + 1) > 255) {
8126 *p2 = '\0';
8127 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8128 return ERR_ALERT | ERR_FATAL;
8129 }
8130
8131 *p1 = p2 - (p1 + 1);
8132 p1 = p2;
8133
8134 if (!*p2)
8135 break;
8136
8137 *(p2++) = '\0';
8138 }
8139 return 0;
8140#else
8141 if (err)
8142 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
8143 return ERR_ALERT | ERR_FATAL;
8144#endif
8145}
8146
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008147static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8148{
8149 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
8150}
8151
Willy Tarreauab861d32013-04-02 02:30:41 +02008152/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008153static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02008154{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008155#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02008156 char *p1, *p2;
8157
8158 if (!*args[cur_arg + 1]) {
8159 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
8160 return ERR_ALERT | ERR_FATAL;
8161 }
8162
8163 free(conf->alpn_str);
8164
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008165 /* the ALPN string is built as a suite of (<len> <name>)*,
8166 * so we reuse each comma to store the next <len> and need
8167 * one more for the end of the string.
8168 */
Willy Tarreauab861d32013-04-02 02:30:41 +02008169 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008170 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02008171 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
8172
8173 /* replace commas with the name length */
8174 p1 = conf->alpn_str;
8175 p2 = p1 + 1;
8176 while (1) {
8177 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
8178 if (!p2)
8179 p2 = p1 + 1 + strlen(p1 + 1);
8180
8181 if (p2 - (p1 + 1) > 255) {
8182 *p2 = '\0';
8183 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8184 return ERR_ALERT | ERR_FATAL;
8185 }
8186
8187 *p1 = p2 - (p1 + 1);
8188 p1 = p2;
8189
8190 if (!*p2)
8191 break;
8192
8193 *(p2++) = '\0';
8194 }
8195 return 0;
8196#else
8197 if (err)
8198 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
8199 return ERR_ALERT | ERR_FATAL;
8200#endif
8201}
8202
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008203static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8204{
8205 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
8206}
8207
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008208/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02008209static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008210{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01008211 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02008212 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02008213
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008214 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
8215 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008216#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008217 if (global_ssl.listen_default_ciphersuites && !conf->ssl_conf.ciphersuites)
8218 conf->ssl_conf.ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
8219#endif
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008220 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008221 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
8222 if (!conf->ssl_conf.ssl_methods.min)
8223 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
8224 if (!conf->ssl_conf.ssl_methods.max)
8225 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02008226
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008227 return 0;
8228}
8229
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008230/* parse the "prefer-client-ciphers" bind keyword */
8231static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8232{
8233 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
8234 return 0;
8235}
8236
Christopher Faulet31af49d2015-06-09 17:29:50 +02008237/* parse the "generate-certificates" bind keyword */
8238static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8239{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008240#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02008241 conf->generate_certs = 1;
8242#else
8243 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
8244 err && *err ? *err : "");
8245#endif
8246 return 0;
8247}
8248
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008249/* parse the "strict-sni" bind keyword */
8250static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8251{
8252 conf->strict_sni = 1;
8253 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008254}
8255
8256/* parse the "tls-ticket-keys" bind keyword */
8257static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8258{
8259#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8260 FILE *f;
8261 int i = 0;
8262 char thisline[LINESIZE];
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008263 struct tls_keys_ref *keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008264
8265 if (!*args[cur_arg + 1]) {
8266 if (err)
8267 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
8268 return ERR_ALERT | ERR_FATAL;
8269 }
8270
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008271 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008272 if (keys_ref) {
8273 keys_ref->refcount++;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008274 conf->keys_ref = keys_ref;
8275 return 0;
8276 }
8277
Vincent Bernat02779b62016-04-03 13:48:43 +02008278 keys_ref = malloc(sizeof(*keys_ref));
Emeric Brun09852f72019-01-10 10:51:13 +01008279 if (!keys_ref) {
8280 if (err)
8281 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
8282 return ERR_ALERT | ERR_FATAL;
8283 }
8284
Emeric Brun9e754772019-01-10 17:51:55 +01008285 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(union tls_sess_key));
Emeric Brun09852f72019-01-10 10:51:13 +01008286 if (!keys_ref->tlskeys) {
8287 free(keys_ref);
8288 if (err)
8289 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
8290 return ERR_ALERT | ERR_FATAL;
8291 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008292
8293 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
Emeric Brun09852f72019-01-10 10:51:13 +01008294 free(keys_ref->tlskeys);
8295 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008296 if (err)
8297 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
8298 return ERR_ALERT | ERR_FATAL;
8299 }
8300
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008301 keys_ref->filename = strdup(args[cur_arg + 1]);
Emeric Brun09852f72019-01-10 10:51:13 +01008302 if (!keys_ref->filename) {
8303 free(keys_ref->tlskeys);
8304 free(keys_ref);
8305 if (err)
8306 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
8307 return ERR_ALERT | ERR_FATAL;
8308 }
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008309
Emeric Brun9e754772019-01-10 17:51:55 +01008310 keys_ref->key_size_bits = 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008311 while (fgets(thisline, sizeof(thisline), f) != NULL) {
8312 int len = strlen(thisline);
Emeric Brun9e754772019-01-10 17:51:55 +01008313 int dec_size;
8314
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008315 /* Strip newline characters from the end */
8316 if(thisline[len - 1] == '\n')
8317 thisline[--len] = 0;
8318
8319 if(thisline[len - 1] == '\r')
8320 thisline[--len] = 0;
8321
Emeric Brun9e754772019-01-10 17:51:55 +01008322 dec_size = base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(union tls_sess_key));
8323 if (dec_size < 0) {
Emeric Brun09852f72019-01-10 10:51:13 +01008324 free(keys_ref->filename);
8325 free(keys_ref->tlskeys);
8326 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008327 if (err)
8328 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
mildis16aa0152016-06-22 17:46:29 +02008329 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008330 return ERR_ALERT | ERR_FATAL;
8331 }
Emeric Brun9e754772019-01-10 17:51:55 +01008332 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_128))) {
8333 keys_ref->key_size_bits = 128;
8334 }
8335 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_256))) {
8336 keys_ref->key_size_bits = 256;
8337 }
8338 else if (((dec_size != sizeof(struct tls_sess_key_128)) && (dec_size != sizeof(struct tls_sess_key_256)))
8339 || ((dec_size == sizeof(struct tls_sess_key_128) && (keys_ref->key_size_bits != 128)))
8340 || ((dec_size == sizeof(struct tls_sess_key_256) && (keys_ref->key_size_bits != 256)))) {
8341 free(keys_ref->filename);
8342 free(keys_ref->tlskeys);
8343 free(keys_ref);
8344 if (err)
8345 memprintf(err, "'%s' : wrong sized key on line %d", args[cur_arg+1], i + 1);
8346 fclose(f);
8347 return ERR_ALERT | ERR_FATAL;
8348 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008349 i++;
8350 }
8351
8352 if (i < TLS_TICKETS_NO) {
Emeric Brun09852f72019-01-10 10:51:13 +01008353 free(keys_ref->filename);
8354 free(keys_ref->tlskeys);
8355 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008356 if (err)
8357 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
mildis16aa0152016-06-22 17:46:29 +02008358 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008359 return ERR_ALERT | ERR_FATAL;
8360 }
8361
8362 fclose(f);
8363
8364 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01008365 i -= 2;
8366 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008367 keys_ref->unique_id = -1;
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008368 keys_ref->refcount = 1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01008369 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008370 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008371
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008372 LIST_ADD(&tlskeys_reference, &keys_ref->list);
8373
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008374 return 0;
8375#else
8376 if (err)
8377 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
8378 return ERR_ALERT | ERR_FATAL;
8379#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008380}
8381
Emeric Brund94b3fe2012-09-20 18:23:56 +02008382/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008383static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008384{
8385 if (!*args[cur_arg + 1]) {
8386 if (err)
8387 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
8388 return ERR_ALERT | ERR_FATAL;
8389 }
8390
8391 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008392 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008393 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008394 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008395 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008396 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008397 else {
8398 if (err)
8399 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
8400 args[cur_arg], args[cur_arg + 1]);
8401 return ERR_ALERT | ERR_FATAL;
8402 }
8403
8404 return 0;
8405}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008406static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8407{
8408 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
8409}
Emeric Brund94b3fe2012-09-20 18:23:56 +02008410
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008411/* parse the "no-ca-names" bind keyword */
8412static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8413{
8414 conf->no_ca_names = 1;
8415 return 0;
8416}
8417static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8418{
8419 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
8420}
8421
Willy Tarreau92faadf2012-10-10 23:04:25 +02008422/************** "server" keywords ****************/
8423
Olivier Houchardc7566002018-11-20 23:33:50 +01008424/* parse the "npn" bind keyword */
8425static int srv_parse_npn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8426{
8427#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
8428 char *p1, *p2;
8429
8430 if (!*args[*cur_arg + 1]) {
8431 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[*cur_arg]);
8432 return ERR_ALERT | ERR_FATAL;
8433 }
8434
8435 free(newsrv->ssl_ctx.npn_str);
8436
8437 /* the NPN string is built as a suite of (<len> <name>)*,
8438 * so we reuse each comma to store the next <len> and need
8439 * one more for the end of the string.
8440 */
8441 newsrv->ssl_ctx.npn_len = strlen(args[*cur_arg + 1]) + 1;
8442 newsrv->ssl_ctx.npn_str = calloc(1, newsrv->ssl_ctx.npn_len + 1);
8443 memcpy(newsrv->ssl_ctx.npn_str + 1, args[*cur_arg + 1],
8444 newsrv->ssl_ctx.npn_len);
8445
8446 /* replace commas with the name length */
8447 p1 = newsrv->ssl_ctx.npn_str;
8448 p2 = p1 + 1;
8449 while (1) {
8450 p2 = memchr(p1 + 1, ',', newsrv->ssl_ctx.npn_str +
8451 newsrv->ssl_ctx.npn_len - (p1 + 1));
8452 if (!p2)
8453 p2 = p1 + 1 + strlen(p1 + 1);
8454
8455 if (p2 - (p1 + 1) > 255) {
8456 *p2 = '\0';
8457 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8458 return ERR_ALERT | ERR_FATAL;
8459 }
8460
8461 *p1 = p2 - (p1 + 1);
8462 p1 = p2;
8463
8464 if (!*p2)
8465 break;
8466
8467 *(p2++) = '\0';
8468 }
8469 return 0;
8470#else
8471 if (err)
8472 memprintf(err, "'%s' : library does not support TLS NPN extension", args[*cur_arg]);
8473 return ERR_ALERT | ERR_FATAL;
8474#endif
8475}
8476
Olivier Houchard92150142018-12-21 19:47:01 +01008477/* parse the "alpn" or the "check-alpn" server keyword */
Olivier Houchardc7566002018-11-20 23:33:50 +01008478static int srv_parse_alpn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8479{
8480#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
8481 char *p1, *p2;
Olivier Houchard92150142018-12-21 19:47:01 +01008482 char **alpn_str;
8483 int *alpn_len;
Olivier Houchardc7566002018-11-20 23:33:50 +01008484
Olivier Houchard92150142018-12-21 19:47:01 +01008485 if (*args[*cur_arg] == 'c') {
8486 alpn_str = &newsrv->check.alpn_str;
8487 alpn_len = &newsrv->check.alpn_len;
8488 } else {
8489 alpn_str = &newsrv->ssl_ctx.alpn_str;
8490 alpn_len = &newsrv->ssl_ctx.alpn_len;
8491
8492 }
Olivier Houchardc7566002018-11-20 23:33:50 +01008493 if (!*args[*cur_arg + 1]) {
8494 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[*cur_arg]);
8495 return ERR_ALERT | ERR_FATAL;
8496 }
8497
Olivier Houchard92150142018-12-21 19:47:01 +01008498 free(*alpn_str);
Olivier Houchardc7566002018-11-20 23:33:50 +01008499
8500 /* the ALPN string is built as a suite of (<len> <name>)*,
8501 * so we reuse each comma to store the next <len> and need
8502 * one more for the end of the string.
8503 */
Olivier Houchard92150142018-12-21 19:47:01 +01008504 *alpn_len = strlen(args[*cur_arg + 1]) + 1;
8505 *alpn_str = calloc(1, *alpn_len + 1);
8506 memcpy(*alpn_str + 1, args[*cur_arg + 1], *alpn_len);
Olivier Houchardc7566002018-11-20 23:33:50 +01008507
8508 /* replace commas with the name length */
Olivier Houchard92150142018-12-21 19:47:01 +01008509 p1 = *alpn_str;
Olivier Houchardc7566002018-11-20 23:33:50 +01008510 p2 = p1 + 1;
8511 while (1) {
Olivier Houchard92150142018-12-21 19:47:01 +01008512 p2 = memchr(p1 + 1, ',', *alpn_str + *alpn_len - (p1 + 1));
Olivier Houchardc7566002018-11-20 23:33:50 +01008513 if (!p2)
8514 p2 = p1 + 1 + strlen(p1 + 1);
8515
8516 if (p2 - (p1 + 1) > 255) {
8517 *p2 = '\0';
8518 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8519 return ERR_ALERT | ERR_FATAL;
8520 }
8521
8522 *p1 = p2 - (p1 + 1);
8523 p1 = p2;
8524
8525 if (!*p2)
8526 break;
8527
8528 *(p2++) = '\0';
8529 }
8530 return 0;
8531#else
8532 if (err)
8533 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[*cur_arg]);
8534 return ERR_ALERT | ERR_FATAL;
8535#endif
8536}
8537
Emeric Brunef42d922012-10-11 16:11:36 +02008538/* parse the "ca-file" server keyword */
8539static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8540{
8541 if (!*args[*cur_arg + 1]) {
8542 if (err)
8543 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
8544 return ERR_ALERT | ERR_FATAL;
8545 }
8546
Willy Tarreauef934602016-12-22 23:12:01 +01008547 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8548 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008549 else
8550 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
8551
8552 return 0;
8553}
8554
Olivier Houchard9130a962017-10-17 17:33:43 +02008555/* parse the "check-sni" server keyword */
8556static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8557{
8558 if (!*args[*cur_arg + 1]) {
8559 if (err)
8560 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
8561 return ERR_ALERT | ERR_FATAL;
8562 }
8563
8564 newsrv->check.sni = strdup(args[*cur_arg + 1]);
8565 if (!newsrv->check.sni) {
8566 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
8567 return ERR_ALERT | ERR_FATAL;
8568 }
8569 return 0;
8570
8571}
8572
Willy Tarreau92faadf2012-10-10 23:04:25 +02008573/* parse the "check-ssl" server keyword */
8574static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8575{
8576 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008577 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8578 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008579#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008580 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8581 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8582#endif
Willy Tarreauef934602016-12-22 23:12:01 +01008583 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008584 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
8585 if (!newsrv->ssl_ctx.methods.min)
8586 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
8587 if (!newsrv->ssl_ctx.methods.max)
8588 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
8589
Willy Tarreau92faadf2012-10-10 23:04:25 +02008590 return 0;
8591}
8592
8593/* parse the "ciphers" server keyword */
8594static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8595{
8596 if (!*args[*cur_arg + 1]) {
8597 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8598 return ERR_ALERT | ERR_FATAL;
8599 }
8600
8601 free(newsrv->ssl_ctx.ciphers);
8602 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
8603 return 0;
8604}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008605
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008606#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008607/* parse the "ciphersuites" server keyword */
8608static int srv_parse_ciphersuites(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8609{
8610 if (!*args[*cur_arg + 1]) {
8611 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8612 return ERR_ALERT | ERR_FATAL;
8613 }
8614
8615 free(newsrv->ssl_ctx.ciphersuites);
8616 newsrv->ssl_ctx.ciphersuites = strdup(args[*cur_arg + 1]);
8617 return 0;
8618}
8619#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02008620
Emeric Brunef42d922012-10-11 16:11:36 +02008621/* parse the "crl-file" server keyword */
8622static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8623{
8624#ifndef X509_V_FLAG_CRL_CHECK
8625 if (err)
8626 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
8627 return ERR_ALERT | ERR_FATAL;
8628#else
8629 if (!*args[*cur_arg + 1]) {
8630 if (err)
8631 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
8632 return ERR_ALERT | ERR_FATAL;
8633 }
8634
Willy Tarreauef934602016-12-22 23:12:01 +01008635 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8636 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008637 else
8638 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
8639
8640 return 0;
8641#endif
8642}
8643
Emeric Bruna7aa3092012-10-26 12:58:00 +02008644/* parse the "crt" server keyword */
8645static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8646{
8647 if (!*args[*cur_arg + 1]) {
8648 if (err)
8649 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
8650 return ERR_ALERT | ERR_FATAL;
8651 }
8652
Willy Tarreauef934602016-12-22 23:12:01 +01008653 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01008654 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02008655 else
8656 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
8657
8658 return 0;
8659}
Emeric Brunef42d922012-10-11 16:11:36 +02008660
Frédéric Lécaille340ae602017-03-13 10:38:04 +01008661/* parse the "no-check-ssl" server keyword */
8662static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8663{
8664 newsrv->check.use_ssl = 0;
8665 free(newsrv->ssl_ctx.ciphers);
8666 newsrv->ssl_ctx.ciphers = NULL;
8667 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
8668 return 0;
8669}
8670
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01008671/* parse the "no-send-proxy-v2-ssl" server keyword */
8672static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8673{
8674 newsrv->pp_opts &= ~SRV_PP_V2;
8675 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8676 return 0;
8677}
8678
8679/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
8680static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8681{
8682 newsrv->pp_opts &= ~SRV_PP_V2;
8683 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8684 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
8685 return 0;
8686}
8687
Frédéric Lécaillee381d762017-03-13 11:54:17 +01008688/* parse the "no-ssl" server keyword */
8689static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8690{
8691 newsrv->use_ssl = 0;
8692 free(newsrv->ssl_ctx.ciphers);
8693 newsrv->ssl_ctx.ciphers = NULL;
8694 return 0;
8695}
8696
Olivier Houchard522eea72017-11-03 16:27:47 +01008697/* parse the "allow-0rtt" server keyword */
8698static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8699{
8700 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
8701 return 0;
8702}
8703
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01008704/* parse the "no-ssl-reuse" server keyword */
8705static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8706{
8707 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
8708 return 0;
8709}
8710
Emeric Brunf9c5c472012-10-11 15:28:34 +02008711/* parse the "no-tls-tickets" server keyword */
8712static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8713{
8714 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
8715 return 0;
8716}
David Safb76832014-05-08 23:42:08 -04008717/* parse the "send-proxy-v2-ssl" server keyword */
8718static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8719{
8720 newsrv->pp_opts |= SRV_PP_V2;
8721 newsrv->pp_opts |= SRV_PP_V2_SSL;
8722 return 0;
8723}
8724
8725/* parse the "send-proxy-v2-ssl-cn" server keyword */
8726static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8727{
8728 newsrv->pp_opts |= SRV_PP_V2;
8729 newsrv->pp_opts |= SRV_PP_V2_SSL;
8730 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
8731 return 0;
8732}
Emeric Brunf9c5c472012-10-11 15:28:34 +02008733
Willy Tarreau732eac42015-07-09 11:40:25 +02008734/* parse the "sni" server keyword */
8735static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8736{
8737#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
8738 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
8739 return ERR_ALERT | ERR_FATAL;
8740#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008741 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02008742
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008743 arg = args[*cur_arg + 1];
8744 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02008745 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
8746 return ERR_ALERT | ERR_FATAL;
8747 }
8748
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008749 free(newsrv->sni_expr);
8750 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02008751
Willy Tarreau732eac42015-07-09 11:40:25 +02008752 return 0;
8753#endif
8754}
8755
Willy Tarreau92faadf2012-10-10 23:04:25 +02008756/* parse the "ssl" server keyword */
8757static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8758{
8759 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008760 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8761 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008762#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008763 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8764 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8765#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02008766 return 0;
8767}
8768
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008769/* parse the "ssl-reuse" server keyword */
8770static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8771{
8772 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
8773 return 0;
8774}
8775
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008776/* parse the "tls-tickets" server keyword */
8777static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8778{
8779 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
8780 return 0;
8781}
8782
Emeric Brunef42d922012-10-11 16:11:36 +02008783/* parse the "verify" server keyword */
8784static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8785{
8786 if (!*args[*cur_arg + 1]) {
8787 if (err)
8788 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
8789 return ERR_ALERT | ERR_FATAL;
8790 }
8791
8792 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008793 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02008794 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008795 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02008796 else {
8797 if (err)
8798 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
8799 args[*cur_arg], args[*cur_arg + 1]);
8800 return ERR_ALERT | ERR_FATAL;
8801 }
8802
Evan Broderbe554312013-06-27 00:05:25 -07008803 return 0;
8804}
8805
8806/* parse the "verifyhost" server keyword */
8807static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8808{
8809 if (!*args[*cur_arg + 1]) {
8810 if (err)
8811 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
8812 return ERR_ALERT | ERR_FATAL;
8813 }
8814
Frédéric Lécaille273f3212017-03-13 15:52:01 +01008815 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07008816 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
8817
Emeric Brunef42d922012-10-11 16:11:36 +02008818 return 0;
8819}
8820
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008821/* parse the "ssl-default-bind-options" keyword in global section */
8822static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
8823 struct proxy *defpx, const char *file, int line,
8824 char **err) {
8825 int i = 1;
8826
8827 if (*(args[i]) == 0) {
8828 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8829 return -1;
8830 }
8831 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008832 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008833 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008834 else if (!strcmp(args[i], "prefer-client-ciphers"))
8835 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008836 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8837 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
8838 i++;
8839 else {
8840 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8841 return -1;
8842 }
8843 }
8844 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008845 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8846 return -1;
8847 }
8848 i++;
8849 }
8850 return 0;
8851}
8852
8853/* parse the "ssl-default-server-options" keyword in global section */
8854static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
8855 struct proxy *defpx, const char *file, int line,
8856 char **err) {
8857 int i = 1;
8858
8859 if (*(args[i]) == 0) {
8860 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8861 return -1;
8862 }
8863 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008864 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008865 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008866 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8867 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
8868 i++;
8869 else {
8870 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8871 return -1;
8872 }
8873 }
8874 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008875 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8876 return -1;
8877 }
8878 i++;
8879 }
8880 return 0;
8881}
8882
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008883/* parse the "ca-base" / "crt-base" keywords in global section.
8884 * Returns <0 on alert, >0 on warning, 0 on success.
8885 */
8886static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
8887 struct proxy *defpx, const char *file, int line,
8888 char **err)
8889{
8890 char **target;
8891
Willy Tarreauef934602016-12-22 23:12:01 +01008892 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008893
8894 if (too_many_args(1, args, err, NULL))
8895 return -1;
8896
8897 if (*target) {
8898 memprintf(err, "'%s' already specified.", args[0]);
8899 return -1;
8900 }
8901
8902 if (*(args[1]) == 0) {
8903 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
8904 return -1;
8905 }
8906 *target = strdup(args[1]);
8907 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008908}
8909
8910/* parse the "ssl-mode-async" keyword in global section.
8911 * Returns <0 on alert, >0 on warning, 0 on success.
8912 */
8913static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
8914 struct proxy *defpx, const char *file, int line,
8915 char **err)
8916{
Willy Tarreau5db847a2019-05-09 14:13:35 +02008917#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008918 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01008919 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008920 return 0;
8921#else
8922 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
8923 return -1;
8924#endif
8925}
8926
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008927#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008928static int ssl_check_async_engine_count(void) {
8929 int err_code = 0;
8930
Emeric Brun3854e012017-05-17 20:42:48 +02008931 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01008932 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008933 err_code = ERR_ABORT;
8934 }
8935 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008936}
8937
Grant Zhang872f9c22017-01-21 01:10:18 +00008938/* parse the "ssl-engine" keyword in global section.
8939 * Returns <0 on alert, >0 on warning, 0 on success.
8940 */
8941static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
8942 struct proxy *defpx, const char *file, int line,
8943 char **err)
8944{
8945 char *algo;
8946 int ret = -1;
8947
8948 if (*(args[1]) == 0) {
8949 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
8950 return ret;
8951 }
8952
8953 if (*(args[2]) == 0) {
8954 /* if no list of algorithms is given, it defaults to ALL */
8955 algo = strdup("ALL");
8956 goto add_engine;
8957 }
8958
8959 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
8960 if (strcmp(args[2], "algo") != 0) {
8961 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
8962 return ret;
8963 }
8964
8965 if (*(args[3]) == 0) {
8966 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
8967 return ret;
8968 }
8969 algo = strdup(args[3]);
8970
8971add_engine:
8972 if (ssl_init_single_engine(args[1], algo)==0) {
8973 openssl_engines_initialized++;
8974 ret = 0;
8975 }
8976 free(algo);
8977 return ret;
8978}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008979#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00008980
Willy Tarreauf22e9682016-12-21 23:23:19 +01008981/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
8982 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
8983 */
8984static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
8985 struct proxy *defpx, const char *file, int line,
8986 char **err)
8987{
8988 char **target;
8989
Willy Tarreauef934602016-12-22 23:12:01 +01008990 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01008991
8992 if (too_many_args(1, args, err, NULL))
8993 return -1;
8994
8995 if (*(args[1]) == 0) {
8996 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
8997 return -1;
8998 }
8999
9000 free(*target);
9001 *target = strdup(args[1]);
9002 return 0;
9003}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009004
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009005#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009006/* parse the "ssl-default-bind-ciphersuites" / "ssl-default-server-ciphersuites" keywords
9007 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
9008 */
9009static int ssl_parse_global_ciphersuites(char **args, int section_type, struct proxy *curpx,
9010 struct proxy *defpx, const char *file, int line,
9011 char **err)
9012{
9013 char **target;
9014
9015 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphersuites : &global_ssl.connect_default_ciphersuites;
9016
9017 if (too_many_args(1, args, err, NULL))
9018 return -1;
9019
9020 if (*(args[1]) == 0) {
9021 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
9022 return -1;
9023 }
9024
9025 free(*target);
9026 *target = strdup(args[1]);
9027 return 0;
9028}
9029#endif
Willy Tarreauf22e9682016-12-21 23:23:19 +01009030
Willy Tarreau9ceda382016-12-21 23:13:03 +01009031/* parse various global tune.ssl settings consisting in positive integers.
9032 * Returns <0 on alert, >0 on warning, 0 on success.
9033 */
9034static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
9035 struct proxy *defpx, const char *file, int line,
9036 char **err)
9037{
9038 int *target;
9039
9040 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
9041 target = &global.tune.sslcachesize;
9042 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009043 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009044 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009045 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009046 else if (strcmp(args[0], "maxsslconn") == 0)
9047 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009048 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
9049 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009050 else {
9051 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
9052 return -1;
9053 }
9054
9055 if (too_many_args(1, args, err, NULL))
9056 return -1;
9057
9058 if (*(args[1]) == 0) {
9059 memprintf(err, "'%s' expects an integer argument.", args[0]);
9060 return -1;
9061 }
9062
9063 *target = atoi(args[1]);
9064 if (*target < 0) {
9065 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
9066 return -1;
9067 }
9068 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009069}
9070
9071static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
9072 struct proxy *defpx, const char *file, int line,
9073 char **err)
9074{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009075 int ret;
9076
9077 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
9078 if (ret != 0)
9079 return ret;
9080
Willy Tarreaubafbe012017-11-24 17:34:44 +01009081 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009082 memprintf(err, "'%s' is already configured.", args[0]);
9083 return -1;
9084 }
9085
Willy Tarreaubafbe012017-11-24 17:34:44 +01009086 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
9087 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009088 memprintf(err, "Out of memory error.");
9089 return -1;
9090 }
9091 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009092}
9093
9094/* parse "ssl.force-private-cache".
9095 * Returns <0 on alert, >0 on warning, 0 on success.
9096 */
9097static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
9098 struct proxy *defpx, const char *file, int line,
9099 char **err)
9100{
9101 if (too_many_args(0, args, err, NULL))
9102 return -1;
9103
Willy Tarreauef934602016-12-22 23:12:01 +01009104 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009105 return 0;
9106}
9107
9108/* parse "ssl.lifetime".
9109 * Returns <0 on alert, >0 on warning, 0 on success.
9110 */
9111static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
9112 struct proxy *defpx, const char *file, int line,
9113 char **err)
9114{
9115 const char *res;
9116
9117 if (too_many_args(1, args, err, NULL))
9118 return -1;
9119
9120 if (*(args[1]) == 0) {
9121 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
9122 return -1;
9123 }
9124
Willy Tarreauef934602016-12-22 23:12:01 +01009125 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9faebe32019-06-07 19:00:37 +02009126 if (res == PARSE_TIME_OVER) {
9127 memprintf(err, "timer overflow in argument '%s' to <%s> (maximum value is 2147483647 s or ~68 years).",
9128 args[1], args[0]);
9129 return -1;
9130 }
9131 else if (res == PARSE_TIME_UNDER) {
9132 memprintf(err, "timer underflow in argument '%s' to <%s> (minimum non-null value is 1 s).",
9133 args[1], args[0]);
9134 return -1;
9135 }
9136 else if (res) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009137 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
9138 return -1;
9139 }
9140 return 0;
9141}
9142
9143#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01009144/* parse "ssl-dh-param-file".
9145 * Returns <0 on alert, >0 on warning, 0 on success.
9146 */
9147static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
9148 struct proxy *defpx, const char *file, int line,
9149 char **err)
9150{
9151 if (too_many_args(1, args, err, NULL))
9152 return -1;
9153
9154 if (*(args[1]) == 0) {
9155 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
9156 return -1;
9157 }
9158
9159 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
9160 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
9161 return -1;
9162 }
9163 return 0;
9164}
9165
Willy Tarreau9ceda382016-12-21 23:13:03 +01009166/* parse "ssl.default-dh-param".
9167 * Returns <0 on alert, >0 on warning, 0 on success.
9168 */
9169static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
9170 struct proxy *defpx, const char *file, int line,
9171 char **err)
9172{
9173 if (too_many_args(1, args, err, NULL))
9174 return -1;
9175
9176 if (*(args[1]) == 0) {
9177 memprintf(err, "'%s' expects an integer argument.", args[0]);
9178 return -1;
9179 }
9180
Willy Tarreauef934602016-12-22 23:12:01 +01009181 global_ssl.default_dh_param = atoi(args[1]);
9182 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009183 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
9184 return -1;
9185 }
9186 return 0;
9187}
9188#endif
9189
9190
William Lallemand32af2032016-10-29 18:09:35 +02009191/* This function is used with TLS ticket keys management. It permits to browse
9192 * each reference. The variable <getnext> must contain the current node,
9193 * <end> point to the root node.
9194 */
9195#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9196static inline
9197struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
9198{
9199 struct tls_keys_ref *ref = getnext;
9200
9201 while (1) {
9202
9203 /* Get next list entry. */
9204 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
9205
9206 /* If the entry is the last of the list, return NULL. */
9207 if (&ref->list == end)
9208 return NULL;
9209
9210 return ref;
9211 }
9212}
9213
9214static inline
9215struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
9216{
9217 int id;
9218 char *error;
9219
9220 /* If the reference starts by a '#', this is numeric id. */
9221 if (reference[0] == '#') {
9222 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
9223 id = strtol(reference + 1, &error, 10);
9224 if (*error != '\0')
9225 return NULL;
9226
9227 /* Perform the unique id lookup. */
9228 return tlskeys_ref_lookupid(id);
9229 }
9230
9231 /* Perform the string lookup. */
9232 return tlskeys_ref_lookup(reference);
9233}
9234#endif
9235
9236
9237#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9238
9239static int cli_io_handler_tlskeys_files(struct appctx *appctx);
9240
9241static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
9242 return cli_io_handler_tlskeys_files(appctx);
9243}
9244
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009245/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
9246 * (next index to be dumped), and cli.p0 (next key reference).
9247 */
William Lallemand32af2032016-10-29 18:09:35 +02009248static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
9249
9250 struct stream_interface *si = appctx->owner;
9251
9252 switch (appctx->st2) {
9253 case STAT_ST_INIT:
9254 /* Display the column headers. If the message cannot be sent,
Joseph Herlant017b3da2018-11-15 09:07:59 -08009255 * quit the function with returning 0. The function is called
William Lallemand32af2032016-10-29 18:09:35 +02009256 * later and restart at the state "STAT_ST_INIT".
9257 */
9258 chunk_reset(&trash);
9259
9260 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
9261 chunk_appendf(&trash, "# id secret\n");
9262 else
9263 chunk_appendf(&trash, "# id (file)\n");
9264
Willy Tarreau06d80a92017-10-19 14:32:15 +02009265 if (ci_putchk(si_ic(si), &trash) == -1) {
Willy Tarreaudb398432018-11-15 11:08:52 +01009266 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009267 return 0;
9268 }
9269
William Lallemand32af2032016-10-29 18:09:35 +02009270 /* Now, we start the browsing of the references lists.
9271 * Note that the following call to LIST_ELEM return bad pointer. The only
9272 * available field of this pointer is <list>. It is used with the function
9273 * tlskeys_list_get_next() for retruning the first available entry
9274 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009275 if (appctx->ctx.cli.p0 == NULL) {
9276 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
9277 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009278 }
9279
9280 appctx->st2 = STAT_ST_LIST;
9281 /* fall through */
9282
9283 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009284 while (appctx->ctx.cli.p0) {
9285 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +02009286
9287 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009288 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +02009289 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009290
9291 if (appctx->ctx.cli.i1 == 0)
9292 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
9293
William Lallemand32af2032016-10-29 18:09:35 +02009294 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +01009295 int head;
9296
9297 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
9298 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009299 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
Willy Tarreau83061a82018-07-13 11:56:34 +02009300 struct buffer *t2 = get_trash_chunk();
William Lallemand32af2032016-10-29 18:09:35 +02009301
9302 chunk_reset(t2);
9303 /* should never fail here because we dump only a key in the t2 buffer */
Emeric Brun9e754772019-01-10 17:51:55 +01009304 if (ref->key_size_bits == 128) {
9305 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9306 sizeof(struct tls_sess_key_128),
9307 t2->area, t2->size);
9308 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9309 t2->area);
9310 }
9311 else if (ref->key_size_bits == 256) {
9312 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9313 sizeof(struct tls_sess_key_256),
9314 t2->area, t2->size);
9315 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9316 t2->area);
9317 }
9318 else {
9319 /* This case should never happen */
9320 chunk_appendf(&trash, "%d.%d <unknown>\n", ref->unique_id, appctx->ctx.cli.i1);
9321 }
William Lallemand32af2032016-10-29 18:09:35 +02009322
Willy Tarreau06d80a92017-10-19 14:32:15 +02009323 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009324 /* let's try again later from this stream. We add ourselves into
9325 * this stream's users so that it can remove us upon termination.
9326 */
Christopher Faulet16f45c82018-02-16 11:23:49 +01009327 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreaudb398432018-11-15 11:08:52 +01009328 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009329 return 0;
9330 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009331 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +02009332 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01009333 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009334 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009335 }
Willy Tarreau06d80a92017-10-19 14:32:15 +02009336 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009337 /* let's try again later from this stream. We add ourselves into
9338 * this stream's users so that it can remove us upon termination.
9339 */
Willy Tarreaudb398432018-11-15 11:08:52 +01009340 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009341 return 0;
9342 }
9343
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009344 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +02009345 break;
9346
9347 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009348 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009349 }
9350
9351 appctx->st2 = STAT_ST_FIN;
9352 /* fall through */
9353
9354 default:
9355 appctx->st2 = STAT_ST_FIN;
9356 return 1;
9357 }
9358 return 0;
9359}
9360
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009361/* sets cli.i0 to non-zero if only file lists should be dumped */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009362static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009363{
William Lallemand32af2032016-10-29 18:09:35 +02009364 /* no parameter, shows only file list */
9365 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009366 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009367 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009368 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009369 }
9370
9371 if (args[2][0] == '*') {
9372 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009373 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009374 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009375 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
9376 if (!appctx->ctx.cli.p0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009377 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009378 appctx->ctx.cli.msg = "'show tls-keys' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009379 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009380 return 1;
9381 }
9382 }
William Lallemand32af2032016-10-29 18:09:35 +02009383 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009384 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009385}
9386
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009387static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009388{
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009389 struct tls_keys_ref *ref;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009390 int ret;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009391
William Lallemand32af2032016-10-29 18:09:35 +02009392 /* Expect two parameters: the filename and the new new TLS key in encoding */
9393 if (!*args[3] || !*args[4]) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009394 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009395 appctx->ctx.cli.msg = "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009396 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009397 return 1;
9398 }
9399
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009400 ref = tlskeys_ref_lookup_ref(args[3]);
9401 if (!ref) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009402 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009403 appctx->ctx.cli.msg = "'set ssl tls-key' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009404 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009405 return 1;
9406 }
9407
Willy Tarreau1c913e42018-08-22 05:26:57 +02009408 ret = base64dec(args[4], strlen(args[4]), trash.area, trash.size);
Emeric Brun9e754772019-01-10 17:51:55 +01009409 if (ret < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009410 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009411 appctx->ctx.cli.msg = "'set ssl tls-key' received invalid base64 encoded TLS key.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009412 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009413 return 1;
9414 }
Emeric Brun9e754772019-01-10 17:51:55 +01009415
Willy Tarreau1c913e42018-08-22 05:26:57 +02009416 trash.data = ret;
Emeric Brun9e754772019-01-10 17:51:55 +01009417 if (ssl_sock_update_tlskey_ref(ref, &trash) < 0) {
9418 appctx->ctx.cli.severity = LOG_ERR;
9419 appctx->ctx.cli.msg = "'set ssl tls-key' received a key of wrong size.\n";
9420 appctx->st0 = CLI_ST_PRINT;
9421 return 1;
9422 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009423 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01009424 appctx->ctx.cli.msg = "TLS ticket key updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009425 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009426 return 1;
9427
9428}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009429#endif
William Lallemand32af2032016-10-29 18:09:35 +02009430
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009431static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009432{
9433#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
9434 char *err = NULL;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009435 int i, j, ret;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009436
9437 if (!payload)
9438 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +02009439
9440 /* Expect one parameter: the new response in base64 encoding */
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009441 if (!*payload) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009442 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009443 appctx->ctx.cli.msg = "'set ssl ocsp-response' expects response in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009444 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009445 return 1;
9446 }
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009447
9448 /* remove \r and \n from the payload */
9449 for (i = 0, j = 0; payload[i]; i++) {
9450 if (payload[i] == '\r' || payload[i] == '\n')
9451 continue;
9452 payload[j++] = payload[i];
9453 }
9454 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009455
Willy Tarreau1c913e42018-08-22 05:26:57 +02009456 ret = base64dec(payload, j, trash.area, trash.size);
9457 if (ret < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009458 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009459 appctx->ctx.cli.msg = "'set ssl ocsp-response' received invalid base64 encoded response.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009460 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009461 return 1;
9462 }
9463
Willy Tarreau1c913e42018-08-22 05:26:57 +02009464 trash.data = ret;
William Lallemand32af2032016-10-29 18:09:35 +02009465 if (ssl_sock_update_ocsp_response(&trash, &err)) {
9466 if (err) {
9467 memprintf(&err, "%s.\n", err);
9468 appctx->ctx.cli.err = err;
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009469 appctx->st0 = CLI_ST_PRINT_FREE;
William Lallemand32af2032016-10-29 18:09:35 +02009470 }
Aurélien Nephtali9a4da682018-04-16 19:02:42 +02009471 else {
9472 appctx->ctx.cli.severity = LOG_ERR;
9473 appctx->ctx.cli.msg = "Failed to update OCSP response.\n";
9474 appctx->st0 = CLI_ST_PRINT;
9475 }
William Lallemand32af2032016-10-29 18:09:35 +02009476 return 1;
9477 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009478 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01009479 appctx->ctx.cli.msg = "OCSP Response updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009480 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009481 return 1;
9482#else
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009483 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009484 appctx->ctx.cli.msg = "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009485 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009486 return 1;
9487#endif
9488
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009489}
9490
Willy Tarreau86a394e2019-05-09 14:15:32 +02009491#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009492static inline int sample_conv_var2smp_str(const struct arg *arg, struct sample *smp)
9493{
9494 switch (arg->type) {
9495 case ARGT_STR:
9496 smp->data.type = SMP_T_STR;
9497 smp->data.u.str = arg->data.str;
9498 return 1;
9499 case ARGT_VAR:
9500 if (!vars_get_by_desc(&arg->data.var, smp))
9501 return 0;
9502 if (!sample_casts[smp->data.type][SMP_T_STR])
9503 return 0;
9504 if (!sample_casts[smp->data.type][SMP_T_STR](smp))
9505 return 0;
9506 return 1;
9507 default:
9508 return 0;
9509 }
9510}
9511
9512static int check_aes_gcm(struct arg *args, struct sample_conv *conv,
9513 const char *file, int line, char **err)
9514{
9515 switch(args[0].data.sint) {
9516 case 128:
9517 case 192:
9518 case 256:
9519 break;
9520 default:
9521 memprintf(err, "key size must be 128, 192 or 256 (bits).");
9522 return 0;
9523 }
9524 /* Try to decode a variable. */
9525 vars_check_arg(&args[1], NULL);
9526 vars_check_arg(&args[2], NULL);
9527 vars_check_arg(&args[3], NULL);
9528 return 1;
9529}
9530
9531/* Arguements: AES size in bits, nonce, key, tag. The last three arguments are base64 encoded */
9532static int sample_conv_aes_gcm_dec(const struct arg *arg_p, struct sample *smp, void *private)
9533{
9534 struct sample nonce, key, aead_tag;
9535 struct buffer *smp_trash, *smp_trash_alloc;
9536 EVP_CIPHER_CTX *ctx;
9537 int dec_size, ret;
9538
9539 smp_set_owner(&nonce, smp->px, smp->sess, smp->strm, smp->opt);
9540 if (!sample_conv_var2smp_str(&arg_p[1], &nonce))
9541 return 0;
9542
9543 smp_set_owner(&key, smp->px, smp->sess, smp->strm, smp->opt);
9544 if (!sample_conv_var2smp_str(&arg_p[2], &key))
9545 return 0;
9546
9547 smp_set_owner(&aead_tag, smp->px, smp->sess, smp->strm, smp->opt);
9548 if (!sample_conv_var2smp_str(&arg_p[3], &aead_tag))
9549 return 0;
9550
9551 smp_trash = get_trash_chunk();
9552 smp_trash_alloc = alloc_trash_chunk();
9553 if (!smp_trash_alloc)
9554 return 0;
9555
9556 ctx = EVP_CIPHER_CTX_new();
9557
9558 if (!ctx)
9559 goto err;
9560
9561 dec_size = base64dec(nonce.data.u.str.area, nonce.data.u.str.data, smp_trash->area, smp_trash->size);
9562 if (dec_size < 0)
9563 goto err;
9564 smp_trash->data = dec_size;
9565
9566 /* Set cipher type and mode */
9567 switch(arg_p[0].data.sint) {
9568 case 128:
9569 EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
9570 break;
9571 case 192:
9572 EVP_DecryptInit_ex(ctx, EVP_aes_192_gcm(), NULL, NULL, NULL);
9573 break;
9574 case 256:
9575 EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
9576 break;
9577 }
9578
9579 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, smp_trash->data, NULL);
9580
9581 /* Initialise IV */
9582 if(!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, (unsigned char *) smp_trash->area))
9583 goto err;
9584
9585 dec_size = base64dec(key.data.u.str.area, key.data.u.str.data, smp_trash->area, smp_trash->size);
9586 if (dec_size < 0)
9587 goto err;
9588 smp_trash->data = dec_size;
9589
9590 /* Initialise key */
9591 if (!EVP_DecryptInit_ex(ctx, NULL, NULL, (unsigned char *) smp_trash->area, NULL))
9592 goto err;
9593
9594 if (!EVP_DecryptUpdate(ctx, (unsigned char *) smp_trash->area, (int *) &smp_trash->data,
9595 (unsigned char *) smp->data.u.str.area, (int) smp->data.u.str.data))
9596 goto err;
9597
9598 dec_size = base64dec(aead_tag.data.u.str.area, aead_tag.data.u.str.data, smp_trash_alloc->area, smp_trash_alloc->size);
9599 if (dec_size < 0)
9600 goto err;
9601 smp_trash_alloc->data = dec_size;
9602 dec_size = smp_trash->data;
9603
9604 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, smp_trash_alloc->data, (void *) smp_trash_alloc->area);
9605 ret = EVP_DecryptFinal_ex(ctx, (unsigned char *) smp_trash->area + smp_trash->data, (int *) &smp_trash->data);
9606
9607 if (ret <= 0)
9608 goto err;
9609
9610 smp->data.u.str.data = dec_size + smp_trash->data;
9611 smp->data.u.str.area = smp_trash->area;
9612 smp->data.type = SMP_T_BIN;
9613 smp->flags &= ~SMP_F_CONST;
9614 free_trash_chunk(smp_trash_alloc);
9615 return 1;
9616
9617err:
9618 free_trash_chunk(smp_trash_alloc);
9619 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009620}
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009621# endif
William Lallemand32af2032016-10-29 18:09:35 +02009622
9623/* register cli keywords */
9624static struct cli_kw_list cli_kws = {{ },{
9625#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9626 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +02009627 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009628#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009629 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009630 { { NULL }, NULL, NULL, NULL }
9631}};
9632
Willy Tarreau0108d902018-11-25 19:14:37 +01009633INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);
William Lallemand32af2032016-10-29 18:09:35 +02009634
Willy Tarreau7875d092012-09-10 08:20:03 +02009635/* Note: must not be declared <const> as its list will be overwritten.
9636 * Please take care of keeping this list alphabetically sorted.
9637 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009638static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +02009639 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009640 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009641#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Jérôme Magnine064a802018-12-03 22:21:04 +01009642 { "ssl_bc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009643#endif
Emeric Brun645ae792014-04-30 14:21:06 +02009644 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009645#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
9646 { "ssl_bc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
9647#endif
Emeric Brun74f7ffa2018-02-19 16:14:12 +01009648 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02009649 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +02009650 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009651 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009652#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +02009653 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04009654#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009655#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -04009656 { "ssl_bc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
9657 { "ssl_bc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmere0275472018-04-28 19:15:51 -04009658 { "ssl_bc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
9659#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009660 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9661 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009662 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009663 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009664 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9665 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9666 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9667 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9668 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9669 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9670 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9671 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009672 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009673 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9674 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009675 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009676 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9677 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9678 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9679 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9680 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9681 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9682 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +02009683 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009684 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009685 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009686 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009687 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009688 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009689 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009690 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02009691 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Bernard Spil13c53f82018-02-15 13:34:58 +01009692#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009693 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +02009694#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01009695#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009696 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +02009697#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009698 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009699#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brunb73a9b02014-04-30 18:49:19 +02009700 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009701#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009702 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009703#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009704 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009705#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009706#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -04009707 { "ssl_fc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9708 { "ssl_fc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmere0275472018-04-28 19:15:51 -04009709 { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9710#endif
Patrick Hemmer41966772018-04-28 19:15:48 -04009711#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009712 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009713#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009714 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9715 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9716 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9717 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +02009718 { NULL, NULL, 0, 0, 0 },
9719}};
9720
Willy Tarreau0108d902018-11-25 19:14:37 +01009721INITCALL1(STG_REGISTER, sample_register_fetches, &sample_fetch_keywords);
9722
Willy Tarreau7875d092012-09-10 08:20:03 +02009723/* Note: must not be declared <const> as its list will be overwritten.
9724 * Please take care of keeping this list alphabetically sorted.
9725 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009726static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +01009727 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
9728 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +01009729 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +02009730}};
9731
Willy Tarreau0108d902018-11-25 19:14:37 +01009732INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
9733
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009734/* Note: must not be declared <const> as its list will be overwritten.
9735 * Please take care of keeping this list alphabetically sorted, doing so helps
9736 * all code contributors.
9737 * Optional keywords are also declared with a NULL ->parse() function so that
9738 * the config parser can report an appropriate error when a known keyword was
9739 * not enabled.
9740 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009741static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009742 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009743 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9744 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9745 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009746#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009747 { "ciphersuites", ssl_bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9748#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009749 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01009750 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009751 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009752 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009753 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02009754 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
9755 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009756 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
9757 { NULL, NULL, 0 },
9758};
9759
Willy Tarreau0108d902018-11-25 19:14:37 +01009760/* no initcall for ssl_bind_kws, these ones are parsed in the parser loop */
9761
Willy Tarreau51fb7652012-09-18 18:24:39 +02009762static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009763 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009764 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9765 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9766 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
9767 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
9768 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
9769 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009770#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009771 { "ciphersuites", bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9772#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009773 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
9774 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
9775 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
9776 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
9777 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
9778 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
9779 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
9780 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
9781 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
9782 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009783 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009784 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009785 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009786 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
9787 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
9788 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
9789 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009790 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009791 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
9792 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009793 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
9794 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009795 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
9796 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
9797 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
9798 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
9799 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009800 { NULL, NULL, 0 },
9801}};
Emeric Brun46591952012-05-18 15:47:34 +02009802
Willy Tarreau0108d902018-11-25 19:14:37 +01009803INITCALL1(STG_REGISTER, bind_register_keywords, &bind_kws);
9804
Willy Tarreau92faadf2012-10-10 23:04:25 +02009805/* Note: must not be declared <const> as its list will be overwritten.
9806 * Please take care of keeping this list alphabetically sorted, doing so helps
9807 * all code contributors.
9808 * Optional keywords are also declared with a NULL ->parse() function so that
9809 * the config parser can report an appropriate error when a known keyword was
9810 * not enabled.
9811 */
9812static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +01009813 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Olivier Houchardc7566002018-11-20 23:33:50 +01009814 { "alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009815 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard92150142018-12-21 19:47:01 +01009816 { "check-alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN used for checks */
Olivier Houchard9130a962017-10-17 17:33:43 +02009817 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009818 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
9819 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009820#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009821 { "ciphersuites", srv_parse_ciphersuites, 1, 1 }, /* select the cipher suite */
9822#endif
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009823 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
9824 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
9825 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
9826 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
9827 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
9828 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
9829 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
9830 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
9831 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
9832 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
9833 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
9834 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
9835 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
9836 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
9837 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
9838 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
9839 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
9840 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
Olivier Houchardc7566002018-11-20 23:33:50 +01009841 { "npn", srv_parse_npn, 1, 1 }, /* Set NPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009842 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
9843 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
9844 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
9845 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
9846 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
9847 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
9848 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
9849 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
9850 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
9851 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +02009852 { NULL, NULL, 0, 0 },
9853}};
9854
Willy Tarreau0108d902018-11-25 19:14:37 +01009855INITCALL1(STG_REGISTER, srv_register_keywords, &srv_kws);
9856
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009857static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009858 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
9859 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009860 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009861 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
9862 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +01009863#ifndef OPENSSL_NO_DH
9864 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
9865#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009866 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009867#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009868 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009869#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +01009870 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
9871#ifndef OPENSSL_NO_DH
9872 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
9873#endif
9874 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
9875 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
9876 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
9877 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009878 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +01009879 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
9880 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009881#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009882 { CFG_GLOBAL, "ssl-default-bind-ciphersuites", ssl_parse_global_ciphersuites },
9883 { CFG_GLOBAL, "ssl-default-server-ciphersuites", ssl_parse_global_ciphersuites },
9884#endif
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009885 { 0, NULL, NULL },
9886}};
9887
Willy Tarreau0108d902018-11-25 19:14:37 +01009888INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws);
9889
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009890/* Note: must not be declared <const> as its list will be overwritten */
9891static struct sample_conv_kw_list conv_kws = {ILH, {
Willy Tarreau86a394e2019-05-09 14:15:32 +02009892#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009893 { "aes_gcm_dec", sample_conv_aes_gcm_dec, ARG4(4,SINT,STR,STR,STR), check_aes_gcm, SMP_T_BIN, SMP_T_BIN },
9894#endif
9895 { NULL, NULL, 0, 0, 0 },
9896}};
9897
9898INITCALL1(STG_REGISTER, sample_register_convs, &conv_kws);
9899
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02009900/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +01009901static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +02009902 .snd_buf = ssl_sock_from_buf,
9903 .rcv_buf = ssl_sock_to_buf,
Olivier Houcharddf357842019-03-21 16:30:07 +01009904 .subscribe = ssl_subscribe,
9905 .unsubscribe = ssl_unsubscribe,
Olivier Houchard5149b592019-05-23 17:47:36 +02009906 .remove_xprt = ssl_remove_xprt,
Olivier Houchard2e055482019-05-27 19:50:12 +02009907 .add_xprt = ssl_add_xprt,
Emeric Brun46591952012-05-18 15:47:34 +02009908 .rcv_pipe = NULL,
9909 .snd_pipe = NULL,
9910 .shutr = NULL,
9911 .shutw = ssl_sock_shutw,
9912 .close = ssl_sock_close,
9913 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +01009914 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +01009915 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +01009916 .prepare_srv = ssl_sock_prepare_srv_ctx,
9917 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +01009918 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +01009919 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +02009920};
9921
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009922enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
9923 struct session *sess, struct stream *s, int flags)
9924{
9925 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009926 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009927
9928 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009929 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009930
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009931 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009932 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009933 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009934 s->req.flags |= CF_READ_NULL;
9935 return ACT_RET_YIELD;
9936 }
9937 }
9938 return (ACT_RET_CONT);
9939}
9940
9941static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
9942{
9943 rule->action_ptr = ssl_action_wait_for_hs;
9944
9945 return ACT_RET_PRS_OK;
9946}
9947
9948static struct action_kw_list http_req_actions = {ILH, {
9949 { "wait-for-handshake", ssl_parse_wait_for_hs },
9950 { /* END */ }
9951}};
9952
Willy Tarreau0108d902018-11-25 19:14:37 +01009953INITCALL1(STG_REGISTER, http_req_keywords_register, &http_req_actions);
9954
Willy Tarreau5db847a2019-05-09 14:13:35 +02009955#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009956
9957static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
9958{
9959 if (ptr) {
9960 chunk_destroy(ptr);
9961 free(ptr);
9962 }
9963}
9964
9965#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01009966static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
9967{
Willy Tarreaubafbe012017-11-24 17:34:44 +01009968 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01009969}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009970
Emeric Brun46591952012-05-18 15:47:34 +02009971__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +02009972static void __ssl_sock_init(void)
9973{
Ilya Shipitsin0590f442019-05-25 19:30:50 +05009974#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +02009975 STACK_OF(SSL_COMP)* cm;
Ilya Shipitsine242f3d2019-05-25 03:38:14 +05009976 int n;
Ilya Shipitsin0590f442019-05-25 19:30:50 +05009977#endif
Emeric Brun46591952012-05-18 15:47:34 +02009978
Willy Tarreauef934602016-12-22 23:12:01 +01009979 if (global_ssl.listen_default_ciphers)
9980 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
9981 if (global_ssl.connect_default_ciphers)
9982 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009983#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009984 if (global_ssl.listen_default_ciphersuites)
9985 global_ssl.listen_default_ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
9986 if (global_ssl.connect_default_ciphersuites)
9987 global_ssl.connect_default_ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
9988#endif
Willy Tarreau610f04b2014-02-13 11:36:41 +01009989
Willy Tarreau13e14102016-12-22 20:25:26 +01009990 xprt_register(XPRT_SSL, &ssl_sock);
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009991#if HA_OPENSSL_VERSION_NUMBER < 0x10100000L
Emeric Brun46591952012-05-18 15:47:34 +02009992 SSL_library_init();
Rosen Penev68185952018-12-14 08:47:02 -08009993#endif
Ilya Shipitsin0590f442019-05-25 19:30:50 +05009994#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +02009995 cm = SSL_COMP_get_compression_methods();
Ilya Shipitsine242f3d2019-05-25 03:38:14 +05009996 n = sk_SSL_COMP_num(cm);
9997 while (n--) {
9998 (void) sk_SSL_COMP_pop(cm);
9999 }
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010000#endif
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050010001
Willy Tarreau5db847a2019-05-09 14:13:35 +020010002#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Emeric Brun821bb9b2017-06-15 16:37:39 +020010003 ssl_locking_init();
10004#endif
Willy Tarreau5db847a2019-05-09 14:13:35 +020010005#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010010006 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
10007#endif
Thierry FOURNIER28962c92018-06-17 21:37:05 +020010008 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +020010009 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +010010010 ssl_pkey_info_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010011#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000010012 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000010013 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010014#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +010010015#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
10016 hap_register_post_check(tlskeys_finalize_config);
10017#endif
Willy Tarreau80713382018-11-26 10:19:54 +010010018
10019 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
10020 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
10021
10022#ifndef OPENSSL_NO_DH
10023 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
10024 hap_register_post_deinit(ssl_free_dh);
10025#endif
10026#ifndef OPENSSL_NO_ENGINE
10027 hap_register_post_deinit(ssl_free_engines);
10028#endif
10029 /* Load SSL string for the verbose & debug mode. */
10030 ERR_load_SSL_strings();
Olivier Houcharda8955d52019-04-07 22:00:38 +020010031 ha_meth = BIO_meth_new(0x666, "ha methods");
10032 BIO_meth_set_write(ha_meth, ha_ssl_write);
10033 BIO_meth_set_read(ha_meth, ha_ssl_read);
10034 BIO_meth_set_ctrl(ha_meth, ha_ssl_ctrl);
10035 BIO_meth_set_create(ha_meth, ha_ssl_new);
10036 BIO_meth_set_destroy(ha_meth, ha_ssl_free);
10037 BIO_meth_set_puts(ha_meth, ha_ssl_puts);
10038 BIO_meth_set_gets(ha_meth, ha_ssl_gets);
Willy Tarreau80713382018-11-26 10:19:54 +010010039}
Willy Tarreaud92aa5c2015-01-15 21:34:39 +010010040
Willy Tarreau80713382018-11-26 10:19:54 +010010041/* Compute and register the version string */
10042static void ssl_register_build_options()
10043{
10044 char *ptr = NULL;
10045 int i;
10046
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010047 memprintf(&ptr, "Built with OpenSSL version : "
10048#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010010049 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010050#else /* OPENSSL_IS_BORINGSSL */
10051 OPENSSL_VERSION_TEXT
10052 "\nRunning on OpenSSL version : %s%s",
Rosen Penev68185952018-12-14 08:47:02 -080010053 OpenSSL_version(OPENSSL_VERSION),
Willy Tarreau1d158ab2019-05-09 13:41:45 +020010054 ((OPENSSL_VERSION_NUMBER ^ OpenSSL_version_num()) >> 8) ? " (VERSIONS DIFFER!)" : "");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010055#endif
10056 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010057#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010058 "no (library version too old)"
10059#elif defined(OPENSSL_NO_TLSEXT)
10060 "no (disabled via OPENSSL_NO_TLSEXT)"
10061#else
10062 "yes"
10063#endif
10064 "", ptr);
10065
10066 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
10067#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
10068 "yes"
10069#else
10070#ifdef OPENSSL_NO_TLSEXT
10071 "no (because of OPENSSL_NO_TLSEXT)"
10072#else
10073 "no (version might be too old, 0.9.8f min needed)"
10074#endif
10075#endif
10076 "", ptr);
10077
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +020010078 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
10079 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
10080 if (methodVersions[i].option)
10081 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010010082
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010083 hap_register_build_opts(ptr, 1);
Willy Tarreau80713382018-11-26 10:19:54 +010010084}
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010085
Willy Tarreau80713382018-11-26 10:19:54 +010010086INITCALL0(STG_REGISTER, ssl_register_build_options);
Remi Gacogne4f902b82015-05-28 16:23:00 +020010087
Emeric Brun46591952012-05-18 15:47:34 +020010088
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010089#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000010090void ssl_free_engines(void) {
10091 struct ssl_engine_list *wl, *wlb;
10092 /* free up engine list */
10093 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
10094 ENGINE_finish(wl->e);
10095 ENGINE_free(wl->e);
10096 LIST_DEL(&wl->list);
10097 free(wl);
10098 }
10099}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010100#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +020010101
Remi Gacogned3a23c32015-05-28 16:39:47 +020010102#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +000010103void ssl_free_dh(void) {
10104 if (local_dh_1024) {
10105 DH_free(local_dh_1024);
10106 local_dh_1024 = NULL;
10107 }
10108 if (local_dh_2048) {
10109 DH_free(local_dh_2048);
10110 local_dh_2048 = NULL;
10111 }
10112 if (local_dh_4096) {
10113 DH_free(local_dh_4096);
10114 local_dh_4096 = NULL;
10115 }
Remi Gacogne47783ef2015-05-29 15:53:22 +020010116 if (global_dh) {
10117 DH_free(global_dh);
10118 global_dh = NULL;
10119 }
Grant Zhang872f9c22017-01-21 01:10:18 +000010120}
10121#endif
10122
10123__attribute__((destructor))
10124static void __ssl_sock_deinit(void)
10125{
10126#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +020010127 if (ssl_ctx_lru_tree) {
10128 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +010010129 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +020010130 }
Remi Gacogned3a23c32015-05-28 16:39:47 +020010131#endif
10132
Willy Tarreau5db847a2019-05-09 14:13:35 +020010133#if (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020010134 ERR_remove_state(0);
10135 ERR_free_strings();
10136
10137 EVP_cleanup();
Rosen Penev68185952018-12-14 08:47:02 -080010138#endif
Remi Gacogned3a23c32015-05-28 16:39:47 +020010139
Willy Tarreau5db847a2019-05-09 14:13:35 +020010140#if (HA_OPENSSL_VERSION_NUMBER >= 0x00907000L) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020010141 CRYPTO_cleanup_all_ex_data();
10142#endif
Olivier Houcharda8955d52019-04-07 22:00:38 +020010143 BIO_meth_free(ha_meth);
Remi Gacogned3a23c32015-05-28 16:39:47 +020010144}
10145
10146
Emeric Brun46591952012-05-18 15:47:34 +020010147/*
10148 * Local variables:
10149 * c-indent-level: 8
10150 * c-basic-offset: 8
10151 * End:
10152 */