blob: 4b74c7893bc549bef203ccf4bc3d3cc20570378c [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
Willy Tarreau8d164dc2019-05-10 09:35:00 +020026/* Note: do NOT include openssl/xxx.h here, do it in openssl-compat.h */
Emeric Brun46591952012-05-18 15:47:34 +020027#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020028#include <ctype.h>
29#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020030#include <errno.h>
31#include <fcntl.h>
32#include <stdio.h>
33#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020034#include <string.h>
35#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020036
37#include <sys/socket.h>
38#include <sys/stat.h>
39#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020040#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020041#include <netinet/tcp.h>
42
Christopher Faulet31af49d2015-06-09 17:29:50 +020043#include <import/lru.h>
44#include <import/xxhash.h>
45
Emeric Brun46591952012-05-18 15:47:34 +020046#include <common/buffer.h>
Willy Tarreau843b7cb2018-07-13 10:54:26 +020047#include <common/chunk.h>
Emeric Brun46591952012-05-18 15:47:34 +020048#include <common/compat.h>
49#include <common/config.h>
50#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020051#include <common/errors.h>
Willy Tarreau0108d902018-11-25 19:14:37 +010052#include <common/initcall.h>
Willy Tarreau55994562019-05-09 14:52:44 +020053#include <common/openssl-compat.h>
Emeric Brun46591952012-05-18 15:47:34 +020054#include <common/standard.h>
55#include <common/ticks.h>
56#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010057#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010058#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020059
Emeric Brunfc0421f2012-09-07 17:30:07 +020060#include <ebsttree.h>
61
William Lallemand32af2032016-10-29 18:09:35 +020062#include <types/applet.h>
63#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020064#include <types/global.h>
65#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +020066#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020067
Willy Tarreau7875d092012-09-10 08:20:03 +020068#include <proto/acl.h>
69#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +020070#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +020071#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +020072#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +020073#include <proto/fd.h>
74#include <proto/freq_ctr.h>
75#include <proto/frontend.h>
Willy Tarreau61c112a2018-10-02 16:43:32 +020076#include <proto/http_rules.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020077#include <proto/listener.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010078#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020079#include <proto/proto_tcp.h>
Olivier Houchardccaa7de2017-10-02 11:51:03 +020080#include <proto/proto_http.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +020081#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +020082#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +020083#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +020084#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020085#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +020086#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +020087#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +020088#include <proto/task.h>
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010089#include <proto/vars.h>
Emeric Brun46591952012-05-18 15:47:34 +020090
Willy Tarreau9356dac2019-05-10 09:22:53 +020091/* ***** READ THIS before adding code here! *****
92 *
93 * Due to API incompatibilities between multiple OpenSSL versions and their
94 * derivatives, it's often tempting to add macros to (re-)define certain
95 * symbols. Please do not do this here, and do it in common/openssl-compat.h
96 * exclusively so that the whole code consistently uses the same macros.
97 *
98 * Whenever possible if a macro is missing in certain versions, it's better
99 * to conditionally define it in openssl-compat.h than using lots of ifdefs.
100 */
101
Willy Tarreau518cedd2014-02-17 15:43:01 +0100102/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200103#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100104#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100105#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200106#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
107
Emeric Brunf282a812012-09-21 15:27:54 +0200108/* bits 0xFFFF0000 are reserved to store verify errors */
109
110/* Verify errors macros */
111#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
112#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
113#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
114
115#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
116#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
117#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200118
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200119/* ssl_methods flags for ssl options */
120#define MC_SSL_O_ALL 0x0000
121#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
122#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
123#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
124#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200125#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200126
127/* ssl_methods versions */
128enum {
129 CONF_TLSV_NONE = 0,
130 CONF_TLSV_MIN = 1,
131 CONF_SSLV3 = 1,
132 CONF_TLSV10 = 2,
133 CONF_TLSV11 = 3,
134 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200135 CONF_TLSV13 = 5,
136 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200137};
138
Emeric Brun850efd52014-01-29 12:24:34 +0100139/* server and bind verify method, it uses a global value as default */
140enum {
141 SSL_SOCK_VERIFY_DEFAULT = 0,
142 SSL_SOCK_VERIFY_REQUIRED = 1,
143 SSL_SOCK_VERIFY_OPTIONAL = 2,
144 SSL_SOCK_VERIFY_NONE = 3,
145};
146
William Lallemand3f85c9a2017-10-09 16:30:50 +0200147
Willy Tarreau71b734c2014-01-28 15:19:44 +0100148int sslconns = 0;
149int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100150static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100151int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200152
Willy Tarreauef934602016-12-22 23:12:01 +0100153static struct {
154 char *crt_base; /* base directory path for certificates */
155 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000156 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100157
158 char *listen_default_ciphers;
159 char *connect_default_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200160#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200161 char *listen_default_ciphersuites;
162 char *connect_default_ciphersuites;
163#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100164 int listen_default_ssloptions;
165 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200166 struct tls_version_filter listen_default_sslmethods;
167 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100168
169 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
170 unsigned int life_time; /* SSL session lifetime in seconds */
171 unsigned int max_record; /* SSL max record size */
172 unsigned int default_dh_param; /* SSL maximum DH parameter size */
173 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100174 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100175} global_ssl = {
176#ifdef LISTEN_DEFAULT_CIPHERS
177 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
178#endif
179#ifdef CONNECT_DEFAULT_CIPHERS
180 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
181#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200182#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200183#ifdef LISTEN_DEFAULT_CIPHERSUITES
184 .listen_default_ciphersuites = LISTEN_DEFAULT_CIPHERSUITES,
185#endif
186#ifdef CONNECT_DEFAULT_CIPHERSUITES
187 .connect_default_ciphersuites = CONNECT_DEFAULT_CIPHERSUITES,
188#endif
189#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100190 .listen_default_ssloptions = BC_SSL_O_NONE,
191 .connect_default_ssloptions = SRV_SSL_O_NONE,
192
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200193 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
194 .listen_default_sslmethods.min = CONF_TLSV_NONE,
195 .listen_default_sslmethods.max = CONF_TLSV_NONE,
196 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
197 .connect_default_sslmethods.min = CONF_TLSV_NONE,
198 .connect_default_sslmethods.max = CONF_TLSV_NONE,
199
Willy Tarreauef934602016-12-22 23:12:01 +0100200#ifdef DEFAULT_SSL_MAX_RECORD
201 .max_record = DEFAULT_SSL_MAX_RECORD,
202#endif
203 .default_dh_param = SSL_DEFAULT_DH_PARAM,
204 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100205 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100206};
207
Olivier Houcharda8955d52019-04-07 22:00:38 +0200208static BIO_METHOD *ha_meth;
209
Olivier Houchard66ab4982019-02-26 18:37:15 +0100210struct ssl_sock_ctx {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200211 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100212 SSL *ssl;
Olivier Houcharda8955d52019-04-07 22:00:38 +0200213 BIO *bio;
Olivier Houchard5149b592019-05-23 17:47:36 +0200214 const struct xprt_ops *xprt;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100215 void *xprt_ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +0200216 struct wait_event wait_event;
217 struct wait_event *recv_wait;
218 struct wait_event *send_wait;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +0100219 int xprt_st; /* transport layer state, initialized to zero */
Olivier Houchardf6715e72019-12-19 15:02:39 +0100220 struct buffer early_buf; /* buffer to store the early data received */
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +0100221 int sent_early_data; /* Amount of early data we sent so far */
222
Olivier Houchard66ab4982019-02-26 18:37:15 +0100223};
224
225DECLARE_STATIC_POOL(ssl_sock_ctx_pool, "ssl_sock_ctx_pool", sizeof(struct ssl_sock_ctx));
226
Olivier Houchardea8dd942019-05-20 14:02:16 +0200227static struct task *ssl_sock_io_cb(struct task *, void *, unsigned short);
Olivier Houchard000694c2019-05-23 14:45:12 +0200228static int ssl_sock_handshake(struct connection *conn, unsigned int flag);
Olivier Houchardea8dd942019-05-20 14:02:16 +0200229
Olivier Houcharda8955d52019-04-07 22:00:38 +0200230/* Methods to implement OpenSSL BIO */
231static int ha_ssl_write(BIO *h, const char *buf, int num)
232{
233 struct buffer tmpbuf;
234 struct ssl_sock_ctx *ctx;
235 int ret;
236
237 ctx = BIO_get_data(h);
238 tmpbuf.size = num;
239 tmpbuf.area = (void *)(uintptr_t)buf;
240 tmpbuf.data = num;
241 tmpbuf.head = 0;
242 ret = ctx->xprt->snd_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, num, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200243 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_WR_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200244 BIO_set_retry_write(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200245 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200246 } else if (ret == 0)
247 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200248 return ret;
249}
250
251static int ha_ssl_gets(BIO *h, char *buf, int size)
252{
253
254 return 0;
255}
256
257static int ha_ssl_puts(BIO *h, const char *str)
258{
259
260 return ha_ssl_write(h, str, strlen(str));
261}
262
263static int ha_ssl_read(BIO *h, char *buf, int size)
264{
265 struct buffer tmpbuf;
266 struct ssl_sock_ctx *ctx;
267 int ret;
268
269 ctx = BIO_get_data(h);
270 tmpbuf.size = size;
271 tmpbuf.area = buf;
272 tmpbuf.data = 0;
273 tmpbuf.head = 0;
274 ret = ctx->xprt->rcv_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, size, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200275 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_RD_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200276 BIO_set_retry_read(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200277 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200278 } else if (ret == 0)
279 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200280
281 return ret;
282}
283
284static long ha_ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2)
285{
286 int ret = 0;
287 switch (cmd) {
288 case BIO_CTRL_DUP:
289 case BIO_CTRL_FLUSH:
290 ret = 1;
291 break;
292 }
293 return ret;
294}
295
296static int ha_ssl_new(BIO *h)
297{
298 BIO_set_init(h, 1);
299 BIO_set_data(h, NULL);
300 BIO_clear_flags(h, ~0);
301 return 1;
302}
303
304static int ha_ssl_free(BIO *data)
305{
306
307 return 1;
308}
309
310
Willy Tarreau5db847a2019-05-09 14:13:35 +0200311#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100312
Emeric Brun821bb9b2017-06-15 16:37:39 +0200313static HA_RWLOCK_T *ssl_rwlocks;
314
315
316unsigned long ssl_id_function(void)
317{
318 return (unsigned long)tid;
319}
320
321void ssl_locking_function(int mode, int n, const char * file, int line)
322{
323 if (mode & CRYPTO_LOCK) {
324 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100325 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200326 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100327 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200328 }
329 else {
330 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100331 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200332 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100333 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200334 }
335}
336
337static int ssl_locking_init(void)
338{
339 int i;
340
341 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
342 if (!ssl_rwlocks)
343 return -1;
344
345 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100346 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200347
348 CRYPTO_set_id_callback(ssl_id_function);
349 CRYPTO_set_locking_callback(ssl_locking_function);
350
351 return 0;
352}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100353
Emeric Brun821bb9b2017-06-15 16:37:39 +0200354#endif
355
356
357
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100358/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100359struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100360 unsigned long long int xxh64;
361 unsigned char ciphersuite_len;
362 char ciphersuite[0];
363};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100364struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100365static int ssl_capture_ptr_index = -1;
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200366static int ssl_app_data_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100367
Emmanuel Hocdet96b78342017-10-31 15:46:07 +0100368static int ssl_pkey_info_index = -1;
369
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200370#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
371struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
372#endif
373
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200374#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000375static unsigned int openssl_engines_initialized;
376struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
377struct ssl_engine_list {
378 struct list list;
379 ENGINE *e;
380};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200381#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000382
Remi Gacogne8de54152014-07-15 11:36:40 +0200383#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200384static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200385static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200386static DH *local_dh_1024 = NULL;
387static DH *local_dh_2048 = NULL;
388static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100389static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200390#endif /* OPENSSL_NO_DH */
391
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100392#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200393/* X509V3 Extensions that will be added on generated certificates */
394#define X509V3_EXT_SIZE 5
395static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
396 "basicConstraints",
397 "nsComment",
398 "subjectKeyIdentifier",
399 "authorityKeyIdentifier",
400 "keyUsage",
401};
402static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
403 "CA:FALSE",
404 "\"OpenSSL Generated Certificate\"",
405 "hash",
406 "keyid,issuer:always",
407 "nonRepudiation,digitalSignature,keyEncipherment"
408};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200409/* LRU cache to store generated certificate */
410static struct lru64_head *ssl_ctx_lru_tree = NULL;
411static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200412static unsigned int ssl_ctx_serial;
Willy Tarreau86abe442018-11-25 20:12:18 +0100413__decl_rwlock(ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200414
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200415#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
416
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100417static struct ssl_bind_kw ssl_bind_kws[];
418
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200419#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhube2774d2015-12-10 15:07:30 -0500420/* The order here matters for picking a default context,
421 * keep the most common keytype at the bottom of the list
422 */
423const char *SSL_SOCK_KEYTYPE_NAMES[] = {
424 "dsa",
425 "ecdsa",
426 "rsa"
427};
428#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100429#else
430#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500431#endif
432
William Lallemandc3cd35f2017-11-28 11:04:43 +0100433static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100434static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
435
436#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
437
438#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
439 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
440
441#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
442 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200443
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100444/*
445 * This function gives the detail of the SSL error. It is used only
446 * if the debug mode and the verbose mode are activated. It dump all
447 * the SSL error until the stack was empty.
448 */
449static forceinline void ssl_sock_dump_errors(struct connection *conn)
450{
451 unsigned long ret;
452
453 if (unlikely(global.mode & MODE_DEBUG)) {
454 while(1) {
455 ret = ERR_get_error();
456 if (ret == 0)
457 return;
458 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200459 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100460 ERR_func_error_string(ret), ERR_reason_error_string(ret));
461 }
462 }
463}
464
yanbzhube2774d2015-12-10 15:07:30 -0500465
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200466#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000467static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
468{
469 int err_code = ERR_ABORT;
470 ENGINE *engine;
471 struct ssl_engine_list *el;
472
473 /* grab the structural reference to the engine */
474 engine = ENGINE_by_id(engine_id);
475 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100476 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000477 goto fail_get;
478 }
479
480 if (!ENGINE_init(engine)) {
481 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100482 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000483 goto fail_init;
484 }
485
486 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100487 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000488 goto fail_set_method;
489 }
490
491 el = calloc(1, sizeof(*el));
492 el->e = engine;
493 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100494 nb_engines++;
495 if (global_ssl.async)
496 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000497 return 0;
498
499fail_set_method:
500 /* release the functional reference from ENGINE_init() */
501 ENGINE_finish(engine);
502
503fail_init:
504 /* release the structural reference from ENGINE_by_id() */
505 ENGINE_free(engine);
506
507fail_get:
508 return err_code;
509}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200510#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000511
Willy Tarreau5db847a2019-05-09 14:13:35 +0200512#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200513/*
514 * openssl async fd handler
515 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200516void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000517{
Olivier Houchardea8dd942019-05-20 14:02:16 +0200518 struct ssl_sock_ctx *ctx = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000519
Emeric Brun3854e012017-05-17 20:42:48 +0200520 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000521 * to poll this fd until it is requested
522 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000523 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000524 fd_cant_recv(fd);
525
526 /* crypto engine is available, let's notify the associated
527 * connection that it can pursue its processing.
528 */
Olivier Houchard03abf2d2019-05-28 10:12:02 +0200529 ssl_sock_io_cb(NULL, ctx, 0);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000530}
531
Emeric Brun3854e012017-05-17 20:42:48 +0200532/*
533 * openssl async delayed SSL_free handler
534 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200535void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000536{
537 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200538 OSSL_ASYNC_FD all_fd[32];
539 size_t num_all_fds = 0;
540 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000541
Emeric Brun3854e012017-05-17 20:42:48 +0200542 /* We suppose that the async job for a same SSL *
543 * are serialized. So if we are awake it is
544 * because the running job has just finished
545 * and we can remove all async fds safely
546 */
547 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
548 if (num_all_fds > 32) {
549 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
550 return;
551 }
552
553 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
554 for (i=0 ; i < num_all_fds ; i++)
555 fd_remove(all_fd[i]);
556
557 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000558 SSL_free(ssl);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +0100559 _HA_ATOMIC_SUB(&sslconns, 1);
560 _HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000561}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000562/*
Emeric Brun3854e012017-05-17 20:42:48 +0200563 * function used to manage a returned SSL_ERROR_WANT_ASYNC
564 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000565 */
Olivier Houchardea8dd942019-05-20 14:02:16 +0200566static inline void ssl_async_process_fds(struct ssl_sock_ctx *ctx)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000567{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100568 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200569 OSSL_ASYNC_FD del_fd[32];
Olivier Houchardea8dd942019-05-20 14:02:16 +0200570 SSL *ssl = ctx->ssl;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000571 size_t num_add_fds = 0;
572 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200573 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000574
575 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
576 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200577 if (num_add_fds > 32 || num_del_fds > 32) {
578 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000579 return;
580 }
581
Emeric Brun3854e012017-05-17 20:42:48 +0200582 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000583
Emeric Brun3854e012017-05-17 20:42:48 +0200584 /* We remove unused fds from the fdtab */
585 for (i=0 ; i < num_del_fds ; i++)
586 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000587
Emeric Brun3854e012017-05-17 20:42:48 +0200588 /* We add new fds to the fdtab */
589 for (i=0 ; i < num_add_fds ; i++) {
Olivier Houchardea8dd942019-05-20 14:02:16 +0200590 fd_insert(add_fd[i], ctx, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000591 }
592
Emeric Brun3854e012017-05-17 20:42:48 +0200593 num_add_fds = 0;
594 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
595 if (num_add_fds > 32) {
596 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
597 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000598 }
Emeric Brun3854e012017-05-17 20:42:48 +0200599
600 /* We activate the polling for all known async fds */
601 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000602 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200603 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000604 /* To ensure that the fd cache won't be used
605 * We'll prefer to catch a real RD event
606 * because handling an EAGAIN on this fd will
607 * result in a context switch and also
608 * some engines uses a fd in blocking mode.
609 */
610 fd_cant_recv(add_fd[i]);
611 }
Emeric Brun3854e012017-05-17 20:42:48 +0200612
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000613}
614#endif
615
William Lallemandc33d83d2019-10-14 14:14:59 +0200616#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200617/*
618 * This function returns the number of seconds elapsed
619 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
620 * date presented un ASN1_GENERALIZEDTIME.
621 *
622 * In parsing error case, it returns -1.
623 */
624static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
625{
626 long epoch;
627 char *p, *end;
628 const unsigned short month_offset[12] = {
629 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
630 };
631 int year, month;
632
633 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
634
635 p = (char *)d->data;
636 end = p + d->length;
637
638 if (end - p < 4) return -1;
639 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
640 p += 4;
641 if (end - p < 2) return -1;
642 month = 10 * (p[0] - '0') + p[1] - '0';
643 if (month < 1 || month > 12) return -1;
644 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
645 We consider leap years and the current month (<marsh or not) */
646 epoch = ( ((year - 1970) * 365)
647 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
648 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
649 + month_offset[month-1]
650 ) * 24 * 60 * 60;
651 p += 2;
652 if (end - p < 2) return -1;
653 /* Add the number of seconds of completed days of current month */
654 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
655 p += 2;
656 if (end - p < 2) return -1;
657 /* Add the completed hours of the current day */
658 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
659 p += 2;
660 if (end - p < 2) return -1;
661 /* Add the completed minutes of the current hour */
662 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
663 p += 2;
664 if (p == end) return -1;
665 /* Test if there is available seconds */
666 if (p[0] < '0' || p[0] > '9')
667 goto nosec;
668 if (end - p < 2) return -1;
669 /* Add the seconds of the current minute */
670 epoch += 10 * (p[0] - '0') + p[1] - '0';
671 p += 2;
672 if (p == end) return -1;
673 /* Ignore seconds float part if present */
674 if (p[0] == '.') {
675 do {
676 if (++p == end) return -1;
677 } while (p[0] >= '0' && p[0] <= '9');
678 }
679
680nosec:
681 if (p[0] == 'Z') {
682 if (end - p != 1) return -1;
683 return epoch;
684 }
685 else if (p[0] == '+') {
686 if (end - p != 5) return -1;
687 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700688 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200689 }
690 else if (p[0] == '-') {
691 if (end - p != 5) return -1;
692 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700693 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200694 }
695
696 return -1;
697}
698
William Lallemandc33d83d2019-10-14 14:14:59 +0200699/*
700 * struct alignment works here such that the key.key is the same as key_data
701 * Do not change the placement of key_data
702 */
703struct certificate_ocsp {
704 struct ebmb_node key;
705 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
706 struct buffer response;
707 long expire;
708};
709
710struct ocsp_cbk_arg {
711 int is_single;
712 int single_kt;
713 union {
714 struct certificate_ocsp *s_ocsp;
715 /*
716 * m_ocsp will have multiple entries dependent on key type
717 * Entry 0 - DSA
718 * Entry 1 - ECDSA
719 * Entry 2 - RSA
720 */
721 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
722 };
723};
724
Emeric Brun1d3865b2014-06-20 15:37:32 +0200725static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200726
727/* This function starts to check if the OCSP response (in DER format) contained
728 * in chunk 'ocsp_response' is valid (else exits on error).
729 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
730 * contained in the OCSP Response and exits on error if no match.
731 * If it's a valid OCSP Response:
732 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
733 * pointed by 'ocsp'.
734 * If 'ocsp' is NULL, the function looks up into the OCSP response's
735 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
736 * from the response) and exits on error if not found. Finally, If an OCSP response is
737 * already present in the container, it will be overwritten.
738 *
739 * Note: OCSP response containing more than one OCSP Single response is not
740 * considered valid.
741 *
742 * Returns 0 on success, 1 in error case.
743 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200744static int ssl_sock_load_ocsp_response(struct buffer *ocsp_response,
745 struct certificate_ocsp *ocsp,
746 OCSP_CERTID *cid, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200747{
748 OCSP_RESPONSE *resp;
749 OCSP_BASICRESP *bs = NULL;
750 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200751 OCSP_CERTID *id;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200752 unsigned char *p = (unsigned char *) ocsp_response->area;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200753 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200754 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200755 int reason;
756 int ret = 1;
757
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200758 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p,
759 ocsp_response->data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200760 if (!resp) {
761 memprintf(err, "Unable to parse OCSP response");
762 goto out;
763 }
764
765 rc = OCSP_response_status(resp);
766 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
767 memprintf(err, "OCSP response status not successful");
768 goto out;
769 }
770
771 bs = OCSP_response_get1_basic(resp);
772 if (!bs) {
773 memprintf(err, "Failed to get basic response from OCSP Response");
774 goto out;
775 }
776
777 count_sr = OCSP_resp_count(bs);
778 if (count_sr > 1) {
779 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
780 goto out;
781 }
782
783 sr = OCSP_resp_get0(bs, 0);
784 if (!sr) {
785 memprintf(err, "Failed to get OCSP single response");
786 goto out;
787 }
788
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200789 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
790
Emeric Brun4147b2e2014-06-16 18:36:30 +0200791 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200792 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200793 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200794 goto out;
795 }
796
Emeric Brun13a6b482014-06-20 15:44:34 +0200797 if (!nextupd) {
798 memprintf(err, "OCSP single response: missing nextupdate");
799 goto out;
800 }
801
Emeric Brunc8b27b62014-06-19 14:16:17 +0200802 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200803 if (!rc) {
804 memprintf(err, "OCSP single response: no longer valid.");
805 goto out;
806 }
807
808 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200809 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200810 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
811 goto out;
812 }
813 }
814
815 if (!ocsp) {
816 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
817 unsigned char *p;
818
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200819 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200820 if (!rc) {
821 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
822 goto out;
823 }
824
825 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
826 memprintf(err, "OCSP single response: Certificate ID too long");
827 goto out;
828 }
829
830 p = key;
831 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200832 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200833 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
834 if (!ocsp) {
835 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
836 goto out;
837 }
838 }
839
840 /* According to comments on "chunk_dup", the
841 previous chunk buffer will be freed */
842 if (!chunk_dup(&ocsp->response, ocsp_response)) {
843 memprintf(err, "OCSP response: Memory allocation error");
844 goto out;
845 }
846
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200847 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
848
Emeric Brun4147b2e2014-06-16 18:36:30 +0200849 ret = 0;
850out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +0100851 ERR_clear_error();
852
Emeric Brun4147b2e2014-06-16 18:36:30 +0200853 if (bs)
854 OCSP_BASICRESP_free(bs);
855
856 if (resp)
857 OCSP_RESPONSE_free(resp);
858
859 return ret;
860}
861/*
862 * External function use to update the OCSP response in the OCSP response's
863 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
864 * to update in DER format.
865 *
866 * Returns 0 on success, 1 in error case.
867 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200868int ssl_sock_update_ocsp_response(struct buffer *ocsp_response, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200869{
870 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
871}
872
873/*
874 * This function load the OCSP Resonse in DER format contained in file at
875 * path 'ocsp_path' and call 'ssl_sock_load_ocsp_response'
876 *
877 * Returns 0 on success, 1 in error case.
878 */
879static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
880{
881 int fd = -1;
882 int r = 0;
883 int ret = 1;
884
885 fd = open(ocsp_path, O_RDONLY);
886 if (fd == -1) {
887 memprintf(err, "Error opening OCSP response file");
888 goto end;
889 }
890
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200891 trash.data = 0;
892 while (trash.data < trash.size) {
893 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200894 if (r < 0) {
895 if (errno == EINTR)
896 continue;
897
898 memprintf(err, "Error reading OCSP response from file");
899 goto end;
900 }
901 else if (r == 0) {
902 break;
903 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200904 trash.data += r;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200905 }
906
907 close(fd);
908 fd = -1;
909
910 ret = ssl_sock_load_ocsp_response(&trash, ocsp, cid, err);
911end:
912 if (fd != -1)
913 close(fd);
914
915 return ret;
916}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100917#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +0200918
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100919#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
920static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
921{
Christopher Faulet16f45c82018-02-16 11:23:49 +0100922 struct tls_keys_ref *ref;
Emeric Brun9e754772019-01-10 17:51:55 +0100923 union tls_sess_key *keys;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100924 struct connection *conn;
925 int head;
926 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100927 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100928
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200929 conn = SSL_get_ex_data(s, ssl_app_data_index);
Willy Tarreau07d94e42018-09-20 10:57:52 +0200930 ref = __objt_listener(conn->target)->bind_conf->keys_ref;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100931 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
932
933 keys = ref->tlskeys;
934 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100935
936 if (enc) {
937 memcpy(key_name, keys[head].name, 16);
938
939 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100940 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100941
Emeric Brun9e754772019-01-10 17:51:55 +0100942 if (ref->key_size_bits == 128) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100943
Emeric Brun9e754772019-01-10 17:51:55 +0100944 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].key_128.aes_key, iv))
945 goto end;
946
Willy Tarreau9356dac2019-05-10 09:22:53 +0200947 HMAC_Init_ex(hctx, keys[head].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100948 ret = 1;
949 }
950 else if (ref->key_size_bits == 256 ) {
951
952 if(!EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[head].key_256.aes_key, iv))
953 goto end;
954
Willy Tarreau9356dac2019-05-10 09:22:53 +0200955 HMAC_Init_ex(hctx, keys[head].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100956 ret = 1;
957 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100958 } else {
959 for (i = 0; i < TLS_TICKETS_NO; i++) {
960 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
961 goto found;
962 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100963 ret = 0;
964 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100965
Christopher Faulet16f45c82018-02-16 11:23:49 +0100966 found:
Emeric Brun9e754772019-01-10 17:51:55 +0100967 if (ref->key_size_bits == 128) {
Willy Tarreau9356dac2019-05-10 09:22:53 +0200968 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100969 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_128.aes_key, iv))
970 goto end;
971 /* 2 for key renewal, 1 if current key is still valid */
972 ret = i ? 2 : 1;
973 }
974 else if (ref->key_size_bits == 256) {
Willy Tarreau9356dac2019-05-10 09:22:53 +0200975 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100976 if(!EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_256.aes_key, iv))
977 goto end;
978 /* 2 for key renewal, 1 if current key is still valid */
979 ret = i ? 2 : 1;
980 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100981 }
Emeric Brun9e754772019-01-10 17:51:55 +0100982
Christopher Faulet16f45c82018-02-16 11:23:49 +0100983 end:
984 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
985 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200986}
987
988struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
989{
990 struct tls_keys_ref *ref;
991
992 list_for_each_entry(ref, &tlskeys_reference, list)
993 if (ref->filename && strcmp(filename, ref->filename) == 0)
994 return ref;
995 return NULL;
996}
997
998struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
999{
1000 struct tls_keys_ref *ref;
1001
1002 list_for_each_entry(ref, &tlskeys_reference, list)
1003 if (ref->unique_id == unique_id)
1004 return ref;
1005 return NULL;
1006}
1007
Emeric Brun9e754772019-01-10 17:51:55 +01001008/* Update the key into ref: if keysize doesnt
1009 * match existing ones, this function returns -1
1010 * else it returns 0 on success.
1011 */
1012int ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref,
Willy Tarreau83061a82018-07-13 11:56:34 +02001013 struct buffer *tlskey)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001014{
Emeric Brun9e754772019-01-10 17:51:55 +01001015 if (ref->key_size_bits == 128) {
1016 if (tlskey->data != sizeof(struct tls_sess_key_128))
1017 return -1;
1018 }
1019 else if (ref->key_size_bits == 256) {
1020 if (tlskey->data != sizeof(struct tls_sess_key_256))
1021 return -1;
1022 }
1023 else
1024 return -1;
1025
Christopher Faulet16f45c82018-02-16 11:23:49 +01001026 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001027 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)),
1028 tlskey->area, tlskey->data);
Christopher Faulet16f45c82018-02-16 11:23:49 +01001029 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
1030 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Emeric Brun9e754772019-01-10 17:51:55 +01001031
1032 return 0;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001033}
1034
Willy Tarreau83061a82018-07-13 11:56:34 +02001035int ssl_sock_update_tlskey(char *filename, struct buffer *tlskey, char **err)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001036{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001037 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
1038
1039 if(!ref) {
1040 memprintf(err, "Unable to locate the referenced filename: %s", filename);
1041 return 1;
1042 }
Emeric Brun9e754772019-01-10 17:51:55 +01001043 if (ssl_sock_update_tlskey_ref(ref, tlskey) < 0) {
1044 memprintf(err, "Invalid key size");
1045 return 1;
1046 }
1047
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001048 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001049}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001050
1051/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +01001052 * automatic ids. It's called just after the basic checks. It returns
1053 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001054 */
Willy Tarreaud1c57502016-12-22 22:46:15 +01001055static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001056{
1057 int i = 0;
1058 struct tls_keys_ref *ref, *ref2, *ref3;
1059 struct list tkr = LIST_HEAD_INIT(tkr);
1060
1061 list_for_each_entry(ref, &tlskeys_reference, list) {
1062 if (ref->unique_id == -1) {
1063 /* Look for the first free id. */
1064 while (1) {
1065 list_for_each_entry(ref2, &tlskeys_reference, list) {
1066 if (ref2->unique_id == i) {
1067 i++;
1068 break;
1069 }
1070 }
1071 if (&ref2->list == &tlskeys_reference)
1072 break;
1073 }
1074
1075 /* Uses the unique id and increment it for the next entry. */
1076 ref->unique_id = i;
1077 i++;
1078 }
1079 }
1080
1081 /* This sort the reference list by id. */
1082 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
1083 LIST_DEL(&ref->list);
1084 list_for_each_entry(ref3, &tkr, list) {
1085 if (ref->unique_id < ref3->unique_id) {
1086 LIST_ADDQ(&ref3->list, &ref->list);
1087 break;
1088 }
1089 }
1090 if (&ref3->list == &tkr)
1091 LIST_ADDQ(&tkr, &ref->list);
1092 }
1093
1094 /* swap root */
1095 LIST_ADD(&tkr, &tlskeys_reference);
1096 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +01001097 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001098}
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001099#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
1100
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001101#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -05001102int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
1103{
1104 switch (evp_keytype) {
1105 case EVP_PKEY_RSA:
1106 return 2;
1107 case EVP_PKEY_DSA:
1108 return 0;
1109 case EVP_PKEY_EC:
1110 return 1;
1111 }
1112
1113 return -1;
1114}
1115
Emeric Brun4147b2e2014-06-16 18:36:30 +02001116/*
1117 * Callback used to set OCSP status extension content in server hello.
1118 */
1119int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
1120{
yanbzhube2774d2015-12-10 15:07:30 -05001121 struct certificate_ocsp *ocsp;
1122 struct ocsp_cbk_arg *ocsp_arg;
1123 char *ssl_buf;
1124 EVP_PKEY *ssl_pkey;
1125 int key_type;
1126 int index;
1127
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001128 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -05001129
1130 ssl_pkey = SSL_get_privatekey(ssl);
1131 if (!ssl_pkey)
1132 return SSL_TLSEXT_ERR_NOACK;
1133
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001134 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001135
1136 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
1137 ocsp = ocsp_arg->s_ocsp;
1138 else {
1139 /* For multiple certs per context, we have to find the correct OCSP response based on
1140 * the certificate type
1141 */
1142 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
1143
1144 if (index < 0)
1145 return SSL_TLSEXT_ERR_NOACK;
1146
1147 ocsp = ocsp_arg->m_ocsp[index];
1148
1149 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001150
1151 if (!ocsp ||
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001152 !ocsp->response.area ||
1153 !ocsp->response.data ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001154 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001155 return SSL_TLSEXT_ERR_NOACK;
1156
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001157 ssl_buf = OPENSSL_malloc(ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001158 if (!ssl_buf)
1159 return SSL_TLSEXT_ERR_NOACK;
1160
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001161 memcpy(ssl_buf, ocsp->response.area, ocsp->response.data);
1162 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001163
1164 return SSL_TLSEXT_ERR_OK;
1165}
1166
1167/*
1168 * This function enables the handling of OCSP status extension on 'ctx' if a
1169 * file name 'cert_path' suffixed using ".ocsp" is present.
1170 * To enable OCSP status extension, the issuer's certificate is mandatory.
1171 * It should be present in the certificate's extra chain builded from file
1172 * 'cert_path'. If not found, the issuer certificate is loaded from a file
1173 * named 'cert_path' suffixed using '.issuer'.
1174 *
1175 * In addition, ".ocsp" file content is loaded as a DER format of an OCSP
1176 * response. If file is empty or content is not a valid OCSP response,
1177 * OCSP status extension is enabled but OCSP response is ignored (a warning
1178 * is displayed).
1179 *
1180 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
Joseph Herlant017b3da2018-11-15 09:07:59 -08001181 * successfully enabled, or -1 in other error case.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001182 */
1183static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
1184{
1185
1186 BIO *in = NULL;
1187 X509 *x, *xi = NULL, *issuer = NULL;
1188 STACK_OF(X509) *chain = NULL;
1189 OCSP_CERTID *cid = NULL;
1190 SSL *ssl;
1191 char ocsp_path[MAXPATHLEN+1];
1192 int i, ret = -1;
1193 struct stat st;
1194 struct certificate_ocsp *ocsp = NULL, *iocsp;
1195 char *warn = NULL;
1196 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001197 pem_password_cb *passwd_cb;
1198 void *passwd_cb_userdata;
1199 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001200
1201 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1202
1203 if (stat(ocsp_path, &st))
1204 return 1;
1205
1206 ssl = SSL_new(ctx);
1207 if (!ssl)
1208 goto out;
1209
1210 x = SSL_get_certificate(ssl);
1211 if (!x)
1212 goto out;
1213
1214 /* Try to lookup for issuer in certificate extra chain */
Emeric Brun4147b2e2014-06-16 18:36:30 +02001215 SSL_CTX_get_extra_chain_certs(ctx, &chain);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001216 for (i = 0; i < sk_X509_num(chain); i++) {
1217 issuer = sk_X509_value(chain, i);
1218 if (X509_check_issued(issuer, x) == X509_V_OK)
1219 break;
1220 else
1221 issuer = NULL;
1222 }
1223
1224 /* If not found try to load issuer from a suffixed file */
1225 if (!issuer) {
1226 char issuer_path[MAXPATHLEN+1];
1227
1228 in = BIO_new(BIO_s_file());
1229 if (!in)
1230 goto out;
1231
1232 snprintf(issuer_path, MAXPATHLEN+1, "%s.issuer", cert_path);
1233 if (BIO_read_filename(in, issuer_path) <= 0)
1234 goto out;
1235
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001236 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
1237 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
1238
1239 xi = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001240 if (!xi)
1241 goto out;
1242
1243 if (X509_check_issued(xi, x) != X509_V_OK)
1244 goto out;
1245
1246 issuer = xi;
1247 }
1248
1249 cid = OCSP_cert_to_id(0, x, issuer);
1250 if (!cid)
1251 goto out;
1252
1253 i = i2d_OCSP_CERTID(cid, NULL);
1254 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1255 goto out;
1256
Vincent Bernat02779b62016-04-03 13:48:43 +02001257 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001258 if (!ocsp)
1259 goto out;
1260
1261 p = ocsp->key_data;
1262 i2d_OCSP_CERTID(cid, &p);
1263
1264 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1265 if (iocsp == ocsp)
1266 ocsp = NULL;
1267
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001268#ifndef SSL_CTX_get_tlsext_status_cb
1269# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1270 *cb = (void (*) (void))ctx->tlsext_status_cb;
1271#endif
1272 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1273
1274 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001275 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001276 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001277
1278 cb_arg->is_single = 1;
1279 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001280
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001281 pkey = X509_get_pubkey(x);
1282 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1283 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001284
1285 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1286 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1287 } else {
1288 /*
1289 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1290 * Update that cb_arg with the new cert's staple
1291 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001292 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001293 struct certificate_ocsp *tmp_ocsp;
1294 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001295 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001296 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001297
1298#ifdef SSL_CTX_get_tlsext_status_arg
1299 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1300#else
1301 cb_arg = ctx->tlsext_status_arg;
1302#endif
yanbzhube2774d2015-12-10 15:07:30 -05001303
1304 /*
1305 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1306 * the order of operations below matter, take care when changing it
1307 */
1308 tmp_ocsp = cb_arg->s_ocsp;
1309 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1310 cb_arg->s_ocsp = NULL;
1311 cb_arg->m_ocsp[index] = tmp_ocsp;
1312 cb_arg->is_single = 0;
1313 cb_arg->single_kt = 0;
1314
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001315 pkey = X509_get_pubkey(x);
1316 key_type = EVP_PKEY_base_id(pkey);
1317 EVP_PKEY_free(pkey);
1318
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001319 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001320 if (index >= 0 && !cb_arg->m_ocsp[index])
1321 cb_arg->m_ocsp[index] = iocsp;
1322
1323 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001324
1325 ret = 0;
1326
1327 warn = NULL;
1328 if (ssl_sock_load_ocsp_response_from_file(ocsp_path, iocsp, cid, &warn)) {
1329 memprintf(&warn, "Loading '%s': %s. Content will be ignored", ocsp_path, warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001330 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001331 }
1332
1333out:
1334 if (ssl)
1335 SSL_free(ssl);
1336
1337 if (in)
1338 BIO_free(in);
1339
1340 if (xi)
1341 X509_free(xi);
1342
1343 if (cid)
1344 OCSP_CERTID_free(cid);
1345
1346 if (ocsp)
1347 free(ocsp);
1348
1349 if (warn)
1350 free(warn);
1351
1352
1353 return ret;
1354}
1355
1356#endif
1357
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001358#ifdef OPENSSL_IS_BORINGSSL
1359static int ssl_sock_set_ocsp_response_from_file(SSL_CTX *ctx, const char *cert_path)
1360{
1361 char ocsp_path[MAXPATHLEN+1];
1362 struct stat st;
1363 int fd = -1, r = 0;
1364
1365 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1366 if (stat(ocsp_path, &st))
1367 return 0;
1368
1369 fd = open(ocsp_path, O_RDONLY);
1370 if (fd == -1) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01001371 ha_warning("Error opening OCSP response file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001372 return -1;
1373 }
1374
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001375 trash.data = 0;
1376 while (trash.data < trash.size) {
1377 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001378 if (r < 0) {
1379 if (errno == EINTR)
1380 continue;
Christopher Faulet767a84b2017-11-24 16:50:31 +01001381 ha_warning("Error reading OCSP response from file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001382 close(fd);
1383 return -1;
1384 }
1385 else if (r == 0) {
1386 break;
1387 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001388 trash.data += r;
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001389 }
1390 close(fd);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001391 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *) trash.area,
1392 trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001393}
1394#endif
1395
Willy Tarreau5db847a2019-05-09 14:13:35 +02001396#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001397
1398#define CT_EXTENSION_TYPE 18
1399
1400static int sctl_ex_index = -1;
1401
1402/*
1403 * Try to parse Signed Certificate Timestamp List structure. This function
1404 * makes only basic test if the data seems like SCTL. No signature validation
1405 * is performed.
1406 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001407static int ssl_sock_parse_sctl(struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001408{
1409 int ret = 1;
1410 int len, pos, sct_len;
1411 unsigned char *data;
1412
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001413 if (sctl->data < 2)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001414 goto out;
1415
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001416 data = (unsigned char *) sctl->area;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001417 len = (data[0] << 8) | data[1];
1418
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001419 if (len + 2 != sctl->data)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001420 goto out;
1421
1422 data = data + 2;
1423 pos = 0;
1424 while (pos < len) {
1425 if (len - pos < 2)
1426 goto out;
1427
1428 sct_len = (data[pos] << 8) | data[pos + 1];
1429 if (pos + sct_len + 2 > len)
1430 goto out;
1431
1432 pos += sct_len + 2;
1433 }
1434
1435 ret = 0;
1436
1437out:
1438 return ret;
1439}
1440
Willy Tarreau83061a82018-07-13 11:56:34 +02001441static int ssl_sock_load_sctl_from_file(const char *sctl_path,
1442 struct buffer **sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001443{
1444 int fd = -1;
1445 int r = 0;
1446 int ret = 1;
1447
1448 *sctl = NULL;
1449
1450 fd = open(sctl_path, O_RDONLY);
1451 if (fd == -1)
1452 goto end;
1453
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001454 trash.data = 0;
1455 while (trash.data < trash.size) {
1456 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001457 if (r < 0) {
1458 if (errno == EINTR)
1459 continue;
1460
1461 goto end;
1462 }
1463 else if (r == 0) {
1464 break;
1465 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001466 trash.data += r;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001467 }
1468
1469 ret = ssl_sock_parse_sctl(&trash);
1470 if (ret)
1471 goto end;
1472
Vincent Bernat02779b62016-04-03 13:48:43 +02001473 *sctl = calloc(1, sizeof(**sctl));
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001474 if (!chunk_dup(*sctl, &trash)) {
1475 free(*sctl);
1476 *sctl = NULL;
1477 goto end;
1478 }
1479
1480end:
1481 if (fd != -1)
1482 close(fd);
1483
1484 return ret;
1485}
1486
1487int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1488{
Willy Tarreau83061a82018-07-13 11:56:34 +02001489 struct buffer *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001490
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001491 *out = (unsigned char *) sctl->area;
1492 *outlen = sctl->data;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001493
1494 return 1;
1495}
1496
1497int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1498{
1499 return 1;
1500}
1501
1502static int ssl_sock_load_sctl(SSL_CTX *ctx, const char *cert_path)
1503{
1504 char sctl_path[MAXPATHLEN+1];
1505 int ret = -1;
1506 struct stat st;
Willy Tarreau83061a82018-07-13 11:56:34 +02001507 struct buffer *sctl = NULL;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001508
1509 snprintf(sctl_path, MAXPATHLEN+1, "%s.sctl", cert_path);
1510
1511 if (stat(sctl_path, &st))
1512 return 1;
1513
1514 if (ssl_sock_load_sctl_from_file(sctl_path, &sctl))
1515 goto out;
1516
1517 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL)) {
1518 free(sctl);
1519 goto out;
1520 }
1521
1522 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1523
1524 ret = 0;
1525
1526out:
1527 return ret;
1528}
1529
1530#endif
1531
Emeric Brune1f38db2012-09-03 20:36:47 +02001532void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1533{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001534 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001535 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001536 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001537 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001538
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001539#ifndef SSL_OP_NO_RENEGOTIATION
1540 /* Please note that BoringSSL defines this macro to zero so don't
1541 * change this to #if and do not assign a default value to this macro!
1542 */
Emeric Brune1f38db2012-09-03 20:36:47 +02001543 if (where & SSL_CB_HANDSHAKE_START) {
1544 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001545 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001546 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001547 conn->err_code = CO_ER_SSL_RENEG;
1548 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001549 }
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001550#endif
Emeric Brund8b2bb52014-01-28 15:43:53 +01001551
1552 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001553 if (!(ctx->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
Emeric Brund8b2bb52014-01-28 15:43:53 +01001554 /* Long certificate chains optimz
1555 If write and read bios are differents, we
1556 consider that the buffering was activated,
1557 so we rise the output buffer size from 4k
1558 to 16k */
1559 write_bio = SSL_get_wbio(ssl);
1560 if (write_bio != SSL_get_rbio(ssl)) {
1561 BIO_set_write_buffer_size(write_bio, 16384);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001562 ctx->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001563 }
1564 }
1565 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001566}
1567
Emeric Brune64aef12012-09-21 13:15:06 +02001568/* Callback is called for each certificate of the chain during a verify
1569 ok is set to 1 if preverify detect no error on current certificate.
1570 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001571int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001572{
1573 SSL *ssl;
1574 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001575 struct ssl_sock_ctx *ctx;
Emeric Brun81c00f02012-09-21 14:31:21 +02001576 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001577
1578 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001579 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001580
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001581 ctx = conn->xprt_ctx;
1582
1583 ctx->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001584
Emeric Brun81c00f02012-09-21 14:31:21 +02001585 if (ok) /* no errors */
1586 return ok;
1587
1588 depth = X509_STORE_CTX_get_error_depth(x_store);
1589 err = X509_STORE_CTX_get_error(x_store);
1590
1591 /* check if CA error needs to be ignored */
1592 if (depth > 0) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001593 if (!SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st)) {
1594 ctx->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1595 ctx->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001596 }
1597
Willy Tarreaua9d299f2020-02-04 14:02:02 +01001598 if (err < 64 && __objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001599 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001600 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001601 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001602 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001603
Willy Tarreau20879a02012-12-03 16:32:10 +01001604 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001605 return 0;
1606 }
1607
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001608 if (!SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st))
1609 ctx->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001610
Emeric Brun81c00f02012-09-21 14:31:21 +02001611 /* check if certificate error needs to be ignored */
Willy Tarreaua9d299f2020-02-04 14:02:02 +01001612 if (err < 64 && __objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001613 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001614 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001615 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001616 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001617
Willy Tarreau20879a02012-12-03 16:32:10 +01001618 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001619 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001620}
1621
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001622static inline
1623void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001624 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001625{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001626 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001627 unsigned char *msg;
1628 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001629 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001630
1631 /* This function is called for "from client" and "to server"
1632 * connections. The combination of write_p == 0 and content_type == 22
Joseph Herlant017b3da2018-11-15 09:07:59 -08001633 * is only available during "from client" connection.
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001634 */
1635
1636 /* "write_p" is set to 0 is the bytes are received messages,
1637 * otherwise it is set to 1.
1638 */
1639 if (write_p != 0)
1640 return;
1641
1642 /* content_type contains the type of message received or sent
1643 * according with the SSL/TLS protocol spec. This message is
1644 * encoded with one byte. The value 256 (two bytes) is used
1645 * for designing the SSL/TLS record layer. According with the
1646 * rfc6101, the expected message (other than 256) are:
1647 * - change_cipher_spec(20)
1648 * - alert(21)
1649 * - handshake(22)
1650 * - application_data(23)
1651 * - (255)
1652 * We are interessed by the handshake and specially the client
1653 * hello.
1654 */
1655 if (content_type != 22)
1656 return;
1657
1658 /* The message length is at least 4 bytes, containing the
1659 * message type and the message length.
1660 */
1661 if (len < 4)
1662 return;
1663
1664 /* First byte of the handshake message id the type of
1665 * message. The konwn types are:
1666 * - hello_request(0)
1667 * - client_hello(1)
1668 * - server_hello(2)
1669 * - certificate(11)
1670 * - server_key_exchange (12)
1671 * - certificate_request(13)
1672 * - server_hello_done(14)
1673 * We are interested by the client hello.
1674 */
1675 msg = (unsigned char *)buf;
1676 if (msg[0] != 1)
1677 return;
1678
1679 /* Next three bytes are the length of the message. The total length
1680 * must be this decoded length + 4. If the length given as argument
1681 * is not the same, we abort the protocol dissector.
1682 */
1683 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1684 if (len < rec_len + 4)
1685 return;
1686 msg += 4;
1687 end = msg + rec_len;
1688 if (end < msg)
1689 return;
1690
1691 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1692 * for minor, the random, composed by 4 bytes for the unix time and
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001693 * 28 bytes for unix payload. So we jump 1 + 1 + 4 + 28.
1694 */
1695 msg += 1 + 1 + 4 + 28;
1696 if (msg > end)
1697 return;
1698
1699 /* Next, is session id:
1700 * if present, we have to jump by length + 1 for the size information
1701 * if not present, we have to jump by 1 only
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001702 */
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001703 if (msg[0] > 0)
1704 msg += msg[0];
1705 msg += 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001706 if (msg > end)
1707 return;
1708
1709 /* Next two bytes are the ciphersuite length. */
1710 if (msg + 2 > end)
1711 return;
1712 rec_len = (msg[0] << 8) + msg[1];
1713 msg += 2;
1714 if (msg + rec_len > end || msg + rec_len < msg)
1715 return;
1716
Willy Tarreaubafbe012017-11-24 17:34:44 +01001717 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001718 if (!capture)
1719 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001720 /* Compute the xxh64 of the ciphersuite. */
1721 capture->xxh64 = XXH64(msg, rec_len, 0);
1722
1723 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001724 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1725 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001726 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001727
1728 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001729}
1730
Emeric Brun29f037d2014-04-25 19:05:36 +02001731/* Callback is called for ssl protocol analyse */
1732void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1733{
Emeric Brun29f037d2014-04-25 19:05:36 +02001734#ifdef TLS1_RT_HEARTBEAT
1735 /* test heartbeat received (write_p is set to 0
1736 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001737 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001738 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
William Lallemand7e1770b2019-05-13 14:31:34 +02001739 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001740 const unsigned char *p = buf;
1741 unsigned int payload;
1742
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001743 ctx->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001744
1745 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1746 if (*p != TLS1_HB_REQUEST)
1747 return;
1748
Willy Tarreauaeed6722014-04-25 23:59:58 +02001749 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001750 goto kill_it;
1751
1752 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001753 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001754 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001755 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001756 /* We have a clear heartbleed attack (CVE-2014-0160), the
1757 * advertised payload is larger than the advertised packet
1758 * length, so we have garbage in the buffer between the
1759 * payload and the end of the buffer (p+len). We can't know
1760 * if the SSL stack is patched, and we don't know if we can
1761 * safely wipe out the area between p+3+len and payload.
1762 * So instead, we prevent the response from being sent by
1763 * setting the max_send_fragment to 0 and we report an SSL
1764 * error, which will kill this connection. It will be reported
1765 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001766 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1767 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001768 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001769 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1770 return;
1771 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001772#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001773 if (global_ssl.capture_cipherlist > 0)
1774 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001775}
1776
Bernard Spil13c53f82018-02-15 13:34:58 +01001777#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchardc7566002018-11-20 23:33:50 +01001778static int ssl_sock_srv_select_protos(SSL *s, unsigned char **out, unsigned char *outlen,
1779 const unsigned char *in, unsigned int inlen,
1780 void *arg)
1781{
1782 struct server *srv = arg;
1783
1784 if (SSL_select_next_proto(out, outlen, in, inlen, (unsigned char *)srv->ssl_ctx.npn_str,
1785 srv->ssl_ctx.npn_len) == OPENSSL_NPN_NEGOTIATED)
1786 return SSL_TLSEXT_ERR_OK;
1787 return SSL_TLSEXT_ERR_NOACK;
1788}
1789#endif
1790
1791#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001792/* This callback is used so that the server advertises the list of
1793 * negociable protocols for NPN.
1794 */
1795static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1796 unsigned int *len, void *arg)
1797{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001798 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001799
1800 *data = (const unsigned char *)conf->npn_str;
1801 *len = conf->npn_len;
1802 return SSL_TLSEXT_ERR_OK;
1803}
1804#endif
1805
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001806#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001807/* This callback is used so that the server advertises the list of
1808 * negociable protocols for ALPN.
1809 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001810static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1811 unsigned char *outlen,
1812 const unsigned char *server,
1813 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001814{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001815 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001816
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001817 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1818 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1819 return SSL_TLSEXT_ERR_NOACK;
1820 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001821 return SSL_TLSEXT_ERR_OK;
1822}
1823#endif
1824
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001825#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001826#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001827
Christopher Faulet30548802015-06-11 13:39:32 +02001828/* Create a X509 certificate with the specified servername and serial. This
1829 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001830static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001831ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001832{
Christopher Faulet7969a332015-10-09 11:15:03 +02001833 X509 *cacert = bind_conf->ca_sign_cert;
1834 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001835 SSL_CTX *ssl_ctx = NULL;
1836 X509 *newcrt = NULL;
1837 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001838 SSL *tmp_ssl = NULL;
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001839 CONF *ctmp = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001840 X509_NAME *name;
1841 const EVP_MD *digest;
1842 X509V3_CTX ctx;
1843 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001844 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001845
Christopher Faulet48a83322017-07-28 16:56:09 +02001846 /* Get the private key of the default certificate and use it */
Willy Tarreau5db847a2019-05-09 14:13:35 +02001847#if (HA_OPENSSL_VERSION_NUMBER >= 0x10002000L)
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001848 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1849#else
1850 tmp_ssl = SSL_new(bind_conf->default_ctx);
1851 if (tmp_ssl)
1852 pkey = SSL_get_privatekey(tmp_ssl);
1853#endif
1854 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001855 goto mkcert_error;
1856
1857 /* Create the certificate */
1858 if (!(newcrt = X509_new()))
1859 goto mkcert_error;
1860
1861 /* Set version number for the certificate (X509v3) and the serial
1862 * number */
1863 if (X509_set_version(newcrt, 2L) != 1)
1864 goto mkcert_error;
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01001865 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), _HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001866
1867 /* Set duration for the certificate */
Rosen Penev68185952018-12-14 08:47:02 -08001868 if (!X509_gmtime_adj(X509_getm_notBefore(newcrt), (long)-60*60*24) ||
1869 !X509_gmtime_adj(X509_getm_notAfter(newcrt),(long)60*60*24*365))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001870 goto mkcert_error;
1871
1872 /* set public key in the certificate */
1873 if (X509_set_pubkey(newcrt, pkey) != 1)
1874 goto mkcert_error;
1875
1876 /* Set issuer name from the CA */
1877 if (!(name = X509_get_subject_name(cacert)))
1878 goto mkcert_error;
1879 if (X509_set_issuer_name(newcrt, name) != 1)
1880 goto mkcert_error;
1881
1882 /* Set the subject name using the same, but the CN */
1883 name = X509_NAME_dup(name);
1884 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
1885 (const unsigned char *)servername,
1886 -1, -1, 0) != 1) {
1887 X509_NAME_free(name);
1888 goto mkcert_error;
1889 }
1890 if (X509_set_subject_name(newcrt, name) != 1) {
1891 X509_NAME_free(name);
1892 goto mkcert_error;
1893 }
1894 X509_NAME_free(name);
1895
1896 /* Add x509v3 extensions as specified */
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001897 ctmp = NCONF_new(NULL);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001898 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
1899 for (i = 0; i < X509V3_EXT_SIZE; i++) {
1900 X509_EXTENSION *ext;
1901
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001902 if (!(ext = X509V3_EXT_nconf(ctmp, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001903 goto mkcert_error;
1904 if (!X509_add_ext(newcrt, ext, -1)) {
1905 X509_EXTENSION_free(ext);
1906 goto mkcert_error;
1907 }
1908 X509_EXTENSION_free(ext);
1909 }
1910
1911 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001912
1913 key_type = EVP_PKEY_base_id(capkey);
1914
1915 if (key_type == EVP_PKEY_DSA)
1916 digest = EVP_sha1();
1917 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001918 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001919 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02001920 digest = EVP_sha256();
1921 else {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02001922#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000000fL) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet7969a332015-10-09 11:15:03 +02001923 int nid;
1924
1925 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
1926 goto mkcert_error;
1927 if (!(digest = EVP_get_digestbynid(nid)))
1928 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02001929#else
1930 goto mkcert_error;
1931#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02001932 }
1933
Christopher Faulet31af49d2015-06-09 17:29:50 +02001934 if (!(X509_sign(newcrt, capkey, digest)))
1935 goto mkcert_error;
1936
1937 /* Create and set the new SSL_CTX */
1938 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
1939 goto mkcert_error;
1940 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1941 goto mkcert_error;
1942 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
1943 goto mkcert_error;
1944 if (!SSL_CTX_check_private_key(ssl_ctx))
1945 goto mkcert_error;
1946
1947 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02001948
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001949#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001950 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001951#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001952#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
1953 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001954 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001955 EC_KEY *ecc;
1956 int nid;
1957
1958 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
1959 goto end;
1960 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
1961 goto end;
1962 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
1963 EC_KEY_free(ecc);
1964 }
1965#endif
1966 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02001967 return ssl_ctx;
1968
1969 mkcert_error:
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001970 if (ctmp) NCONF_free(ctmp);
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001971 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001972 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
1973 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001974 return NULL;
1975}
1976
Christopher Faulet7969a332015-10-09 11:15:03 +02001977SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001978ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02001979{
Willy Tarreau07d94e42018-09-20 10:57:52 +02001980 struct bind_conf *bind_conf = __objt_listener(conn->target)->bind_conf;
Olivier Houchard66ab4982019-02-26 18:37:15 +01001981 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001982
Olivier Houchard66ab4982019-02-26 18:37:15 +01001983 return ssl_sock_do_create_cert(servername, bind_conf, ctx->ssl);
Christopher Faulet7969a332015-10-09 11:15:03 +02001984}
1985
Christopher Faulet30548802015-06-11 13:39:32 +02001986/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02001987 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02001988SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02001989ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02001990{
1991 struct lru64 *lru = NULL;
1992
1993 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001994 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001995 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001996 if (lru && lru->domain) {
1997 if (ssl)
1998 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001999 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002000 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002001 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002002 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002003 }
2004 return NULL;
2005}
2006
Emeric Brun821bb9b2017-06-15 16:37:39 +02002007/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
2008 * function is not thread-safe, it should only be used to check if a certificate
2009 * exists in the lru cache (with no warranty it will not be removed by another
2010 * thread). It is kept for backward compatibility. */
2011SSL_CTX *
2012ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
2013{
2014 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
2015}
2016
Christopher Fauletd2cab922015-07-28 16:03:47 +02002017/* Set a certificate int the LRU cache used to store generated
2018 * certificate. Return 0 on success, otherwise -1 */
2019int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002020ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02002021{
2022 struct lru64 *lru = NULL;
2023
2024 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002025 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002026 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02002027 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002028 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002029 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002030 }
Christopher Faulet30548802015-06-11 13:39:32 +02002031 if (lru->domain && lru->data)
2032 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02002033 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002034 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002035 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02002036 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02002037 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02002038}
2039
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002040/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02002041unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002042ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02002043{
2044 return XXH32(data, len, ssl_ctx_lru_seed);
2045}
2046
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002047/* Generate a cert and immediately assign it to the SSL session so that the cert's
2048 * refcount is maintained regardless of the cert's presence in the LRU cache.
2049 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002050static int
Christopher Faulet7969a332015-10-09 11:15:03 +02002051ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02002052{
2053 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002054 SSL_CTX *ssl_ctx = NULL;
2055 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002056 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002057
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002058 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02002059 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002060 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002061 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002062 if (lru && lru->domain)
2063 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02002064 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002065 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002066 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002067 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002068 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002069 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002070 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002071 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002072 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002073 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002074 SSL_set_SSL_CTX(ssl, ssl_ctx);
2075 /* No LRU cache, this CTX will be released as soon as the session dies */
2076 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002077 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002078 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002079 return 0;
2080}
2081static int
2082ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
2083{
2084 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002085 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002086
2087 conn_get_to_addr(conn);
2088 if (conn->flags & CO_FL_ADDR_TO_SET) {
2089 key = ssl_sock_generated_cert_key(&conn->addr.to, get_addr_len(&conn->addr.to));
Emeric Brun821bb9b2017-06-15 16:37:39 +02002090 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002091 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002092 }
2093 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002094}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002095#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002096
Willy Tarreau9a1ab082019-05-09 13:26:41 +02002097#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002098typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
2099
2100static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002101{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002102#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002103 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002104 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
2105#endif
2106}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002107static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2108 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002109 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
2110}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002111static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002112#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002113 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002114 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
2115#endif
2116}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002117static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002118#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002119 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002120 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
2121#endif
2122}
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002123/* TLSv1.2 is the last supported version in this context. */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002124static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
2125/* Unusable in this context. */
2126static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
2127static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
2128static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
2129static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
2130static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002131#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002132typedef enum { SET_MIN, SET_MAX } set_context_func;
2133
2134static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2135 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002136 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2137}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002138static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2139 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2140 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2141}
2142static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2143 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002144 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2145}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002146static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2147 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2148 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2149}
2150static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2151 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002152 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2153}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002154static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2155 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2156 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2157}
2158static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2159 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002160 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2161}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002162static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2163 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2164 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2165}
2166static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002167#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002168 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002169 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2170#endif
2171}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002172static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2173#if SSL_OP_NO_TLSv1_3
2174 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2175 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002176#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002177}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002178#endif
2179static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2180static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002181
2182static struct {
2183 int option;
2184 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002185 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2186 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002187 const char *name;
2188} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002189 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2190 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2191 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2192 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2193 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2194 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002195};
2196
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002197static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2198{
2199 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2200 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2201 SSL_set_SSL_CTX(ssl, ctx);
2202}
2203
Willy Tarreau5db847a2019-05-09 14:13:35 +02002204#if ((HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL))
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002205
2206static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2207{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002208 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002209 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002210
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002211 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2212 return SSL_TLSEXT_ERR_OK;
2213 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002214}
2215
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002216#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002217static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2218{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002219 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002220#else
2221static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2222{
2223#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002224 struct connection *conn;
2225 struct bind_conf *s;
2226 const uint8_t *extension_data;
2227 size_t extension_len;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002228 int has_rsa_sig = 0, has_ecdsa_sig = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002229
2230 char *wildp = NULL;
2231 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002232 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002233 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002234 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002235 int i;
2236
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002237 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreaua8825522018-10-15 13:20:07 +02002238 s = __objt_listener(conn->target)->bind_conf;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002239
Olivier Houchard9679ac92017-10-27 14:58:08 +02002240 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002241 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002242#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002243 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2244 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002245#else
2246 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2247#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002248 /*
2249 * The server_name extension was given too much extensibility when it
2250 * was written, so parsing the normal case is a bit complex.
2251 */
2252 size_t len;
2253 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002254 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002255 /* Extract the length of the supplied list of names. */
2256 len = (*extension_data++) << 8;
2257 len |= *extension_data++;
2258 if (len + 2 != extension_len)
2259 goto abort;
2260 /*
2261 * The list in practice only has a single element, so we only consider
2262 * the first one.
2263 */
2264 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2265 goto abort;
2266 extension_len = len - 1;
2267 /* Now we can finally pull out the byte array with the actual hostname. */
2268 if (extension_len <= 2)
2269 goto abort;
2270 len = (*extension_data++) << 8;
2271 len |= *extension_data++;
2272 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2273 || memchr(extension_data, 0, len) != NULL)
2274 goto abort;
2275 servername = extension_data;
2276 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002277 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002278#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2279 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002280 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002281 }
2282#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002283 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002284 if (!s->strict_sni) {
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002285 ssl_sock_switchctx_set(ssl, s->default_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002286 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002287 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002288 goto abort;
2289 }
2290
2291 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002292#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002293 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002294#else
2295 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2296#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002297 uint8_t sign;
2298 size_t len;
2299 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002300 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002301 len = (*extension_data++) << 8;
2302 len |= *extension_data++;
2303 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002304 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002305 if (len % 2 != 0)
2306 goto abort;
2307 for (; len > 0; len -= 2) {
2308 extension_data++; /* hash */
2309 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002310 switch (sign) {
2311 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002312 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002313 break;
2314 case TLSEXT_signature_ecdsa:
2315 has_ecdsa_sig = 1;
2316 break;
2317 default:
2318 continue;
2319 }
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002320 if (has_ecdsa_sig && has_rsa_sig)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002321 break;
2322 }
2323 } else {
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002324 /* without TLSEXT_TYPE_signature_algorithms extension (< TLSv1.2) */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002325 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002326 }
2327 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002328 const SSL_CIPHER *cipher;
2329 size_t len;
2330 const uint8_t *cipher_suites;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002331 has_ecdsa_sig = 0;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002332#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002333 len = ctx->cipher_suites_len;
2334 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002335#else
2336 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2337#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002338 if (len % 2 != 0)
2339 goto abort;
2340 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002341#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002342 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002343 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002344#else
2345 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2346#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002347 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002348 has_ecdsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002349 break;
2350 }
2351 }
2352 }
2353
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002354 for (i = 0; i < trash.size && i < servername_len; i++) {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002355 trash.area[i] = tolower(servername[i]);
2356 if (!wildp && (trash.area[i] == '.'))
2357 wildp = &trash.area[i];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002358 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002359 trash.area[i] = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002360
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002361
Emmanuel Hocdetcc957c32019-11-06 16:05:34 +01002362 for (i = 0; i < 2; i++) {
2363 if (i == 0) /* lookup in full qualified names */
2364 node = ebst_lookup(&s->sni_ctx, trash.area);
2365 else if (i == 1 && wildp) /* lookup in wildcards names */
2366 node = ebst_lookup(&s->sni_w_ctx, wildp);
2367 else
2368 break;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002369 for (n = node; n; n = ebmb_next_dup(n)) {
Emmanuel Hocdetcc957c32019-11-06 16:05:34 +01002370 /* lookup a not neg filter */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002371 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002372 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002373 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002374 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002375 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002376 break;
2377 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002378 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002379 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002380 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002381 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002382 if (!node_anonymous)
2383 node_anonymous = n;
2384 break;
2385 }
2386 }
2387 }
Emmanuel Hocdetcc957c32019-11-06 16:05:34 +01002388 /* select by key_signature priority order */
2389 node = (has_ecdsa_sig && node_ecdsa) ? node_ecdsa
2390 : ((has_rsa_sig && node_rsa) ? node_rsa
2391 : (node_anonymous ? node_anonymous
2392 : (node_ecdsa ? node_ecdsa /* no ecdsa signature case (< TLSv1.2) */
2393 : node_rsa /* no rsa signature case (far far away) */
2394 )));
2395 if (node) {
2396 /* switch ctx */
2397 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
2398 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002399 if (conf) {
2400 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2401 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2402 if (conf->early_data)
2403 allow_early = 1;
2404 }
2405 goto allow_early;
Emmanuel Hocdetcc957c32019-11-06 16:05:34 +01002406 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002407 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002408#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002409 if (s->generate_certs && ssl_sock_generate_certificate(trash.area, s, ssl)) {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002410 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002411 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002412 }
2413#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002414 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002415 /* no certificate match, is the default_ctx */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002416 ssl_sock_switchctx_set(ssl, s->default_ctx);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002417 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002418allow_early:
2419#ifdef OPENSSL_IS_BORINGSSL
2420 if (allow_early)
2421 SSL_set_early_data_enabled(ssl, 1);
2422#else
2423 if (!allow_early)
2424 SSL_set_max_early_data(ssl, 0);
2425#endif
2426 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002427 abort:
2428 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2429 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002430#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002431 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002432#else
2433 *al = SSL_AD_UNRECOGNIZED_NAME;
2434 return 0;
2435#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002436}
2437
2438#else /* OPENSSL_IS_BORINGSSL */
2439
Emeric Brunfc0421f2012-09-07 17:30:07 +02002440/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2441 * warning when no match is found, which implies the default (first) cert
2442 * will keep being used.
2443 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002444static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002445{
2446 const char *servername;
2447 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002448 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002449 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002450 int i;
2451 (void)al; /* shut gcc stupid warning */
2452
2453 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002454 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002455#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002456 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2457 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002458#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002459 if (s->strict_sni)
2460 return SSL_TLSEXT_ERR_ALERT_FATAL;
2461 ssl_sock_switchctx_set(ssl, s->default_ctx);
2462 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002463 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002464
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002465 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002466 if (!servername[i])
2467 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002468 trash.area[i] = tolower(servername[i]);
2469 if (!wildp && (trash.area[i] == '.'))
2470 wildp = &trash.area[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002471 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002472 trash.area[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002473
Emmanuel Hocdet26b7b802019-11-04 15:49:46 +01002474 node = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002475 /* lookup in full qualified names */
Emmanuel Hocdet26b7b802019-11-04 15:49:46 +01002476 for (n = ebst_lookup(&s->sni_ctx, trash.area); n; n = ebmb_next_dup(n)) {
2477 /* lookup a not neg filter */
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002478 if (!container_of(n, struct sni_ctx, name)->neg) {
2479 node = n;
2480 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002481 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002482 }
2483 if (!node && wildp) {
2484 /* lookup in wildcards names */
Emmanuel Hocdet26b7b802019-11-04 15:49:46 +01002485 for (n = ebst_lookup(&s->sni_w_ctx, wildp); n; n = ebmb_next_dup(n)) {
2486 /* lookup a not neg filter */
2487 if (!container_of(n, struct sni_ctx, name)->neg) {
2488 node = n;
2489 break;
2490 }
2491 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002492 }
Emmanuel Hocdet26b7b802019-11-04 15:49:46 +01002493 if (!node) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002494#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002495 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2496 /* switch ctx done in ssl_sock_generate_certificate */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002497 return SSL_TLSEXT_ERR_OK;
2498 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002499#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002500 if (s->strict_sni)
2501 return SSL_TLSEXT_ERR_ALERT_FATAL;
2502 ssl_sock_switchctx_set(ssl, s->default_ctx);
2503 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002504 }
2505
2506 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002507 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002508 return SSL_TLSEXT_ERR_OK;
2509}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002510#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002511#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2512
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002513#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002514
2515static DH * ssl_get_dh_1024(void)
2516{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002517 static unsigned char dh1024_p[]={
2518 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2519 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2520 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2521 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2522 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2523 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2524 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2525 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2526 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2527 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2528 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2529 };
2530 static unsigned char dh1024_g[]={
2531 0x02,
2532 };
2533
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002534 BIGNUM *p;
2535 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002536 DH *dh = DH_new();
2537 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002538 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2539 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002540
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002541 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002542 DH_free(dh);
2543 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002544 } else {
2545 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002546 }
2547 }
2548 return dh;
2549}
2550
2551static DH *ssl_get_dh_2048(void)
2552{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002553 static unsigned char dh2048_p[]={
2554 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2555 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2556 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2557 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2558 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2559 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2560 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2561 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2562 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2563 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2564 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2565 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2566 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2567 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2568 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2569 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2570 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2571 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2572 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2573 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2574 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2575 0xB7,0x1F,0x77,0xF3,
2576 };
2577 static unsigned char dh2048_g[]={
2578 0x02,
2579 };
2580
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002581 BIGNUM *p;
2582 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002583 DH *dh = DH_new();
2584 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002585 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2586 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002587
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002588 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002589 DH_free(dh);
2590 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002591 } else {
2592 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002593 }
2594 }
2595 return dh;
2596}
2597
2598static DH *ssl_get_dh_4096(void)
2599{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002600 static unsigned char dh4096_p[]={
2601 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2602 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2603 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2604 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2605 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2606 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2607 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2608 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2609 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2610 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2611 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2612 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2613 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2614 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2615 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2616 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2617 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2618 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2619 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2620 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2621 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2622 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2623 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2624 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2625 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2626 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2627 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2628 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2629 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2630 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2631 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2632 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2633 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2634 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2635 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2636 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2637 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2638 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2639 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2640 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2641 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2642 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2643 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002644 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002645 static unsigned char dh4096_g[]={
2646 0x02,
2647 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002648
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002649 BIGNUM *p;
2650 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002651 DH *dh = DH_new();
2652 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002653 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2654 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002655
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002656 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002657 DH_free(dh);
2658 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002659 } else {
2660 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002661 }
2662 }
2663 return dh;
2664}
2665
2666/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002667 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002668static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2669{
2670 DH *dh = NULL;
2671 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002672 int type;
2673
2674 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002675
2676 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2677 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2678 */
2679 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2680 keylen = EVP_PKEY_bits(pkey);
2681 }
2682
Willy Tarreauef934602016-12-22 23:12:01 +01002683 if (keylen > global_ssl.default_dh_param) {
2684 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002685 }
2686
Remi Gacogned3a341a2015-05-29 16:26:17 +02002687 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002688 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002689 }
2690 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002691 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002692 }
2693 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002694 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002695 }
2696
2697 return dh;
2698}
2699
Remi Gacogne47783ef2015-05-29 15:53:22 +02002700static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002701{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002702 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002703 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002704
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002705 if (in == NULL)
2706 goto end;
2707
Remi Gacogne47783ef2015-05-29 15:53:22 +02002708 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002709 goto end;
2710
Remi Gacogne47783ef2015-05-29 15:53:22 +02002711 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2712
2713end:
2714 if (in)
2715 BIO_free(in);
2716
Emeric Brune1b4ed42018-08-16 15:14:12 +02002717 ERR_clear_error();
2718
Remi Gacogne47783ef2015-05-29 15:53:22 +02002719 return dh;
2720}
2721
2722int ssl_sock_load_global_dh_param_from_file(const char *filename)
2723{
2724 global_dh = ssl_sock_get_dh_from_file(filename);
2725
2726 if (global_dh) {
2727 return 0;
2728 }
2729
2730 return -1;
2731}
2732
Emeric Bruncfc1afe2019-10-17 13:27:40 +02002733/* Loads Diffie-Hellman parameter from a ckchs to an SSL_CTX.
2734 * If there is no DH paramater availaible in the ckchs, the global
2735 * DH parameter is loaded into the SSL_CTX and if there is no
2736 * DH parameter available in ckchs nor in global, the default
2737 * DH parameters are applied on the SSL_CTX.
2738 * Returns a bitfield containing the flags:
2739 * ERR_FATAL in any fatal error case
2740 * ERR_ALERT if a reason of the error is availabine in err
2741 * ERR_WARN if a warning is available into err
2742 * The value 0 means there is no error nor warning and
2743 * the operation succeed.
2744 */
2745static int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file, char **err)
2746 {
2747 int ret = 0;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002748 DH *dh = ssl_sock_get_dh_from_file(file);
2749
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002750 if (dh) {
Emeric Brund6de1512019-10-17 14:53:03 +02002751 if (!SSL_CTX_set_tmp_dh(ctx, dh)) {
2752 memprintf(err, "%sunable to load the DH parameter specified in '%s'",
2753 err && *err ? *err : "", file);
2754#if defined(SSL_CTX_set_dh_auto)
2755 SSL_CTX_set_dh_auto(ctx, 1);
2756 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
2757 err && *err ? *err : "");
2758#else
2759 memprintf(err, "%s, DH ciphers won't be available.\n",
2760 err && *err ? *err : "");
2761#endif
2762 ret |= ERR_WARN;
2763 goto end;
2764 }
Remi Gacogne4f902b82015-05-28 16:23:00 +02002765
2766 if (ssl_dh_ptr_index >= 0) {
2767 /* store a pointer to the DH params to avoid complaining about
2768 ssl-default-dh-param not being set for this SSL_CTX */
2769 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
2770 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002771 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02002772 else if (global_dh) {
Emeric Brund6de1512019-10-17 14:53:03 +02002773 if (!SSL_CTX_set_tmp_dh(ctx, global_dh)) {
2774 memprintf(err, "%sunable to use the global DH parameter for certificate '%s'",
2775 err && *err ? *err : "", file);
2776#if defined(SSL_CTX_set_dh_auto)
2777 SSL_CTX_set_dh_auto(ctx, 1);
2778 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
2779 err && *err ? *err : "");
2780#else
2781 memprintf(err, "%s, DH ciphers won't be available.\n",
2782 err && *err ? *err : "");
2783#endif
2784 ret |= ERR_WARN;
2785 goto end;
2786 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02002787 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002788 else {
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002789 /* Clear openssl global errors stack */
2790 ERR_clear_error();
2791
Willy Tarreauef934602016-12-22 23:12:01 +01002792 if (global_ssl.default_dh_param <= 1024) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002793 /* we are limited to DH parameter of 1024 bits anyway */
Remi Gacognec7e12632016-07-02 16:26:10 +02002794 if (local_dh_1024 == NULL)
2795 local_dh_1024 = ssl_get_dh_1024();
2796
Emeric Bruncfc1afe2019-10-17 13:27:40 +02002797 if (local_dh_1024 == NULL) {
2798 memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
2799 err && *err ? *err : "", file);
2800 ret |= ERR_ALERT | ERR_FATAL;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002801 goto end;
Emeric Bruncfc1afe2019-10-17 13:27:40 +02002802 }
Willy Tarreau6e774b42014-04-25 21:35:23 +02002803
Emeric Brund6de1512019-10-17 14:53:03 +02002804 if (!SSL_CTX_set_tmp_dh(ctx, local_dh_1024)) {
2805 memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
2806 err && *err ? *err : "", file);
2807#if defined(SSL_CTX_set_dh_auto)
2808 SSL_CTX_set_dh_auto(ctx, 1);
2809 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
2810 err && *err ? *err : "");
2811#else
2812 memprintf(err, "%s, DH ciphers won't be available.\n",
2813 err && *err ? *err : "");
2814#endif
2815 ret |= ERR_WARN;
2816 goto end;
2817 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002818 }
2819 else {
2820 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
2821 }
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002822 }
Emeric Brun644cde02012-12-14 11:21:13 +01002823
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002824end:
2825 if (dh)
2826 DH_free(dh);
2827
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002828 return ret;
2829}
2830#endif
2831
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002832static int ssl_sock_add_cert_sni(SSL_CTX *ctx, struct bind_conf *s, struct ssl_bind_conf *conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002833 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002834{
2835 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002836 int wild = 0, neg = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002837 struct ebmb_node *node;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002838
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002839 if (*name == '!') {
2840 neg = 1;
2841 name++;
2842 }
2843 if (*name == '*') {
2844 wild = 1;
2845 name++;
2846 }
2847 /* !* filter is a nop */
2848 if (neg && wild)
2849 return order;
2850 if (*name) {
2851 int j, len;
2852 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002853 for (j = 0; j < len && j < trash.size; j++)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002854 trash.area[j] = tolower(name[j]);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002855 if (j >= trash.size)
William Lallemand24e292c2019-10-03 23:46:33 +02002856 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002857 trash.area[j] = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002858
2859 /* Check for duplicates. */
2860 if (wild)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002861 node = ebst_lookup(&s->sni_w_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002862 else
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002863 node = ebst_lookup(&s->sni_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002864 for (; node; node = ebmb_next_dup(node)) {
2865 sc = ebmb_entry(node, struct sni_ctx, name);
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002866 if (sc->ctx == ctx && sc->conf == conf && sc->neg == neg)
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002867 return order;
2868 }
2869
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002870 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002871 if (!sc)
William Lallemand24e292c2019-10-03 23:46:33 +02002872 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002873 memcpy(sc->name.key, trash.area, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002874 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002875 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002876 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002877 sc->order = order++;
2878 sc->neg = neg;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01002879 if (kinfo.sig != TLSEXT_signature_anonymous)
2880 SSL_CTX_set_ex_data(ctx, ssl_pkey_info_index, &sc->kinfo);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002881 if (wild)
2882 ebst_insert(&s->sni_w_ctx, &sc->name);
2883 else
2884 ebst_insert(&s->sni_ctx, &sc->name);
2885 }
2886 return order;
2887}
2888
yanbzhu488a4d22015-12-01 15:16:07 -05002889
2890/* The following code is used for loading multiple crt files into
2891 * SSL_CTX's based on CN/SAN
2892 */
Willy Tarreau5db847a2019-05-09 14:13:35 +02002893#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu488a4d22015-12-01 15:16:07 -05002894/* This is used to preload the certifcate, private key
2895 * and Cert Chain of a file passed in via the crt
2896 * argument
2897 *
2898 * This way, we do not have to read the file multiple times
2899 */
2900struct cert_key_and_chain {
2901 X509 *cert;
2902 EVP_PKEY *key;
2903 unsigned int num_chain_certs;
2904 /* This is an array of X509 pointers */
2905 X509 **chain_certs;
2906};
2907
yanbzhu08ce6ab2015-12-02 13:01:29 -05002908#define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
2909
2910struct key_combo_ctx {
2911 SSL_CTX *ctx;
2912 int order;
2913};
2914
2915/* Map used for processing multiple keypairs for a single purpose
2916 *
2917 * This maps CN/SNI name to certificate type
2918 */
2919struct sni_keytype {
2920 int keytypes; /* BITMASK for keytypes */
2921 struct ebmb_node name; /* node holding the servername value */
2922};
2923
2924
yanbzhu488a4d22015-12-01 15:16:07 -05002925/* Frees the contents of a cert_key_and_chain
2926 */
2927static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
2928{
2929 int i;
2930
2931 if (!ckch)
2932 return;
2933
2934 /* Free the certificate and set pointer to NULL */
2935 if (ckch->cert)
2936 X509_free(ckch->cert);
2937 ckch->cert = NULL;
2938
2939 /* Free the key and set pointer to NULL */
2940 if (ckch->key)
2941 EVP_PKEY_free(ckch->key);
2942 ckch->key = NULL;
2943
2944 /* Free each certificate in the chain */
2945 for (i = 0; i < ckch->num_chain_certs; i++) {
2946 if (ckch->chain_certs[i])
2947 X509_free(ckch->chain_certs[i]);
2948 }
2949
2950 /* Free the chain obj itself and set to NULL */
2951 if (ckch->num_chain_certs > 0) {
2952 free(ckch->chain_certs);
2953 ckch->num_chain_certs = 0;
2954 ckch->chain_certs = NULL;
2955 }
2956
2957}
2958
2959/* checks if a key and cert exists in the ckch
2960 */
2961static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
2962{
2963 return (ckch->cert != NULL && ckch->key != NULL);
2964}
2965
2966
2967/* Loads the contents of a crt file (path) into a cert_key_and_chain
2968 * This allows us to carry the contents of the file without having to
2969 * read the file multiple times.
2970 *
2971 * returns:
2972 * 0 on Success
2973 * 1 on SSL Failure
2974 * 2 on file not found
2975 */
2976static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
2977{
2978
2979 BIO *in;
2980 X509 *ca = NULL;
2981 int ret = 1;
2982
2983 ssl_sock_free_cert_key_and_chain_contents(ckch);
2984
2985 in = BIO_new(BIO_s_file());
2986 if (in == NULL)
2987 goto end;
2988
2989 if (BIO_read_filename(in, path) <= 0)
2990 goto end;
2991
yanbzhu488a4d22015-12-01 15:16:07 -05002992 /* Read Private Key */
2993 ckch->key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
2994 if (ckch->key == NULL) {
2995 memprintf(err, "%sunable to load private key from file '%s'.\n",
2996 err && *err ? *err : "", path);
2997 goto end;
2998 }
2999
Willy Tarreaubb137a82016-04-06 19:02:38 +02003000 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02003001 if (BIO_reset(in) == -1) {
3002 memprintf(err, "%san error occurred while reading the file '%s'.\n",
3003 err && *err ? *err : "", path);
3004 goto end;
3005 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02003006
3007 /* Read Certificate */
3008 ckch->cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
3009 if (ckch->cert == NULL) {
3010 memprintf(err, "%sunable to load certificate from file '%s'.\n",
3011 err && *err ? *err : "", path);
3012 goto end;
3013 }
3014
yanbzhu488a4d22015-12-01 15:16:07 -05003015 /* Read Certificate Chain */
3016 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
3017 /* Grow the chain certs */
3018 ckch->num_chain_certs++;
3019 ckch->chain_certs = realloc(ckch->chain_certs, (ckch->num_chain_certs * sizeof(X509 *)));
3020
3021 /* use - 1 here since we just incremented it above */
3022 ckch->chain_certs[ckch->num_chain_certs - 1] = ca;
3023 }
3024 ret = ERR_get_error();
3025 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
3026 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
3027 err && *err ? *err : "", path);
3028 ret = 1;
3029 goto end;
3030 }
3031
3032 ret = 0;
3033
3034end:
3035
3036 ERR_clear_error();
3037 if (in)
3038 BIO_free(in);
3039
3040 /* Something went wrong in one of the reads */
3041 if (ret != 0)
3042 ssl_sock_free_cert_key_and_chain_contents(ckch);
3043
3044 return ret;
3045}
3046
3047/* Loads the info in ckch into ctx
Emeric Brun394701d2019-10-17 13:25:14 +02003048 * Returns a bitfield containing the flags:
3049 * ERR_FATAL in any fatal error case
3050 * ERR_ALERT if the reason of the error is available in err
3051 * ERR_WARN if a warning is available into err
3052 * The value 0 means there is no error nor warning and
3053 * the operation succeed.
yanbzhu488a4d22015-12-01 15:16:07 -05003054 */
3055static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
3056{
3057 int i = 0;
Emeric Brun394701d2019-10-17 13:25:14 +02003058 int errcode = 0;
yanbzhu488a4d22015-12-01 15:16:07 -05003059
3060 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
3061 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
3062 err && *err ? *err : "", path);
Emeric Brun394701d2019-10-17 13:25:14 +02003063 errcode |= ERR_ALERT | ERR_FATAL;
3064 return errcode;
yanbzhu488a4d22015-12-01 15:16:07 -05003065 }
3066
3067 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
3068 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
3069 err && *err ? *err : "", path);
Emeric Brun394701d2019-10-17 13:25:14 +02003070 errcode |= ERR_ALERT | ERR_FATAL;
3071 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003072 }
3073
yanbzhu488a4d22015-12-01 15:16:07 -05003074 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
3075 for (i = 0; i < ckch->num_chain_certs; i++) {
3076 if (!SSL_CTX_add1_chain_cert(ctx, ckch->chain_certs[i])) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003077 memprintf(err, "%sunable to load chain certificate #%d into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
3078 err && *err ? *err : "", (i+1), path);
Emeric Brun394701d2019-10-17 13:25:14 +02003079 errcode |= ERR_ALERT | ERR_FATAL;
3080 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003081 }
3082 }
3083
3084 if (SSL_CTX_check_private_key(ctx) <= 0) {
3085 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3086 err && *err ? *err : "", path);
Emeric Brun394701d2019-10-17 13:25:14 +02003087 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu488a4d22015-12-01 15:16:07 -05003088 }
3089
Emeric Brun394701d2019-10-17 13:25:14 +02003090 end:
3091 return errcode;
yanbzhu488a4d22015-12-01 15:16:07 -05003092}
3093
yanbzhu08ce6ab2015-12-02 13:01:29 -05003094
William Lallemand4801c702019-10-04 17:36:55 +02003095static int ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003096{
3097 struct sni_keytype *s_kt = NULL;
3098 struct ebmb_node *node;
3099 int i;
3100
3101 for (i = 0; i < trash.size; i++) {
3102 if (!str[i])
3103 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003104 trash.area[i] = tolower(str[i]);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003105 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003106 trash.area[i] = 0;
3107 node = ebst_lookup(sni_keytypes, trash.area);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003108 if (!node) {
3109 /* CN not found in tree */
3110 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
3111 /* Using memcpy here instead of strncpy.
3112 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
3113 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
3114 */
William Lallemand4801c702019-10-04 17:36:55 +02003115 if (!s_kt)
3116 return -1;
3117
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003118 memcpy(s_kt->name.key, trash.area, i+1);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003119 s_kt->keytypes = 0;
3120 ebst_insert(sni_keytypes, &s_kt->name);
3121 } else {
3122 /* CN found in tree */
3123 s_kt = container_of(node, struct sni_keytype, name);
3124 }
3125
3126 /* Mark that this CN has the keytype of key_index via keytypes mask */
3127 s_kt->keytypes |= 1<<key_index;
3128
William Lallemand4801c702019-10-04 17:36:55 +02003129 return 0;
3130
yanbzhu08ce6ab2015-12-02 13:01:29 -05003131}
3132
3133
3134/* Given a path that does not exist, try to check for path.rsa, path.dsa and path.ecdsa files.
3135 * If any are found, group these files into a set of SSL_CTX*
3136 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
3137 *
Joseph Herlant017b3da2018-11-15 09:07:59 -08003138 * This will allow the user to explicitly group multiple cert/keys for a single purpose
yanbzhu08ce6ab2015-12-02 13:01:29 -05003139 *
Willy Tarreaub131c872019-10-16 16:42:19 +02003140 * Returns a set of ERR_* flags possibly with an error in <err>.
3141 *
yanbzhu08ce6ab2015-12-02 13:01:29 -05003142 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003143static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3144 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003145{
3146 char fp[MAXPATHLEN+1] = {0};
3147 int n = 0;
3148 int i = 0;
3149 struct cert_key_and_chain certs_and_keys[SSL_SOCK_NUM_KEYTYPES] = { {0} };
3150 struct eb_root sni_keytypes_map = { {0} };
3151 struct ebmb_node *node;
3152 struct ebmb_node *next;
3153 /* Array of SSL_CTX pointers corresponding to each possible combo
3154 * of keytypes
3155 */
3156 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
Willy Tarreaub131c872019-10-16 16:42:19 +02003157 int errcode = 0;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003158 X509_NAME *xname = NULL;
3159 char *str = NULL;
3160#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3161 STACK_OF(GENERAL_NAME) *names = NULL;
3162#endif
3163
3164 /* Load all possible certs and keys */
3165 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3166 struct stat buf;
3167
3168 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3169 if (stat(fp, &buf) == 0) {
3170 if (ssl_sock_load_crt_file_into_ckch(fp, &certs_and_keys[n], err) == 1) {
Willy Tarreaub131c872019-10-16 16:42:19 +02003171 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003172 goto end;
3173 }
3174 }
3175 }
3176
3177 /* Process each ckch and update keytypes for each CN/SAN
3178 * for example, if CN/SAN www.a.com is associated with
3179 * certs with keytype 0 and 2, then at the end of the loop,
3180 * www.a.com will have:
3181 * keyindex = 0 | 1 | 4 = 5
3182 */
3183 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
William Lallemand4801c702019-10-04 17:36:55 +02003184 int ret;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003185
3186 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3187 continue;
3188
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003189 if (fcount) {
William Lallemand4801c702019-10-04 17:36:55 +02003190 for (i = 0; i < fcount; i++) {
3191 ret = ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3192 if (ret < 0) {
3193 memprintf(err, "%sunable to allocate SSL context.\n",
3194 err && *err ? *err : "");
Willy Tarreaub131c872019-10-16 16:42:19 +02003195 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand4801c702019-10-04 17:36:55 +02003196 goto end;
3197 }
3198 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003199 } else {
3200 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3201 * so the line that contains logic is marked via comments
3202 */
3203 xname = X509_get_subject_name(certs_and_keys[n].cert);
3204 i = -1;
3205 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3206 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003207 ASN1_STRING *value;
3208 value = X509_NAME_ENTRY_get_data(entry);
3209 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003210 /* Important line is here */
William Lallemand4801c702019-10-04 17:36:55 +02003211 ret = ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003212
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003213 OPENSSL_free(str);
3214 str = NULL;
William Lallemand4801c702019-10-04 17:36:55 +02003215 if (ret < 0) {
3216 memprintf(err, "%sunable to allocate SSL context.\n",
3217 err && *err ? *err : "");
Willy Tarreaub131c872019-10-16 16:42:19 +02003218 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand4801c702019-10-04 17:36:55 +02003219 goto end;
3220 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003221 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003222 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003223
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003224 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003225#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003226 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3227 if (names) {
3228 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3229 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003230
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003231 if (name->type == GEN_DNS) {
3232 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3233 /* Important line is here */
William Lallemand4801c702019-10-04 17:36:55 +02003234 ret = ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003235
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003236 OPENSSL_free(str);
3237 str = NULL;
William Lallemand4801c702019-10-04 17:36:55 +02003238 if (ret < 0) {
3239 memprintf(err, "%sunable to allocate SSL context.\n",
3240 err && *err ? *err : "");
Willy Tarreaub131c872019-10-16 16:42:19 +02003241 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand4801c702019-10-04 17:36:55 +02003242 goto end;
3243 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003244 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003245 }
3246 }
3247 }
3248 }
3249#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3250 }
3251
3252 /* If no files found, return error */
3253 if (eb_is_empty(&sni_keytypes_map)) {
3254 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3255 err && *err ? *err : "", path);
Willy Tarreaub131c872019-10-16 16:42:19 +02003256 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003257 goto end;
3258 }
3259
3260 /* We now have a map of CN/SAN to keytypes that are loaded in
3261 * Iterate through the map to create the SSL_CTX's (if needed)
3262 * and add each CTX to the SNI tree
3263 *
3264 * Some math here:
Joseph Herlant017b3da2018-11-15 09:07:59 -08003265 * There are 2^n - 1 possible combinations, each unique
yanbzhu08ce6ab2015-12-02 13:01:29 -05003266 * combination is denoted by the key in the map. Each key
3267 * has a value between 1 and 2^n - 1. Conveniently, the array
3268 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3269 * entry in the array to correspond to the unique combo (key)
3270 * associated with i. This unique key combo (i) will be associated
3271 * with combos[i-1]
3272 */
3273
3274 node = ebmb_first(&sni_keytypes_map);
3275 while (node) {
3276 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003277 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003278 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003279
3280 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3281 i = container_of(node, struct sni_keytype, name)->keytypes;
3282 cur_ctx = key_combos[i-1].ctx;
3283
3284 if (cur_ctx == NULL) {
3285 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003286 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003287 if (cur_ctx == NULL) {
3288 memprintf(err, "%sunable to allocate SSL context.\n",
3289 err && *err ? *err : "");
Willy Tarreaub131c872019-10-16 16:42:19 +02003290 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003291 goto end;
3292 }
3293
yanbzhube2774d2015-12-10 15:07:30 -05003294 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003295 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3296 if (i & (1<<n)) {
3297 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003298 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
Emeric Brun394701d2019-10-17 13:25:14 +02003299 errcode |= ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err);
3300 if (errcode & ERR_CODE) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003301 SSL_CTX_free(cur_ctx);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003302 goto end;
3303 }
yanbzhube2774d2015-12-10 15:07:30 -05003304
3305#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
3306 /* Load OCSP Info into context */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003307 if (ssl_sock_load_ocsp(cur_ctx, cur_file) < 0) {
yanbzhube2774d2015-12-10 15:07:30 -05003308 if (err)
3309 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
Bertrand Jacquin5424ee02016-11-13 16:37:14 +00003310 *err ? *err : "", cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003311 SSL_CTX_free(cur_ctx);
Willy Tarreaub131c872019-10-16 16:42:19 +02003312 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhube2774d2015-12-10 15:07:30 -05003313 goto end;
3314 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003315#elif (defined OPENSSL_IS_BORINGSSL)
3316 ssl_sock_set_ocsp_response_from_file(cur_ctx, cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003317#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05003318 }
3319 }
3320
3321 /* Load DH params into the ctx to support DHE keys */
3322#ifndef OPENSSL_NO_DH
3323 if (ssl_dh_ptr_index >= 0)
3324 SSL_CTX_set_ex_data(cur_ctx, ssl_dh_ptr_index, NULL);
3325
Emeric Bruncfc1afe2019-10-17 13:27:40 +02003326 errcode |= ssl_sock_load_dh_params(cur_ctx, NULL, err);
3327 if (errcode & ERR_CODE) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003328 if (err)
3329 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3330 *err ? *err : "", path);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003331 goto end;
3332 }
3333#endif
3334
3335 /* Update key_combos */
3336 key_combos[i-1].ctx = cur_ctx;
3337 }
3338
3339 /* Update SNI Tree */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003340 key_combos[i-1].order = ssl_sock_add_cert_sni(cur_ctx, bind_conf, ssl_conf,
William Lallemand24e292c2019-10-03 23:46:33 +02003341 kinfo, str, key_combos[i-1].order);
3342 if (key_combos[i-1].order < 0) {
3343 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Willy Tarreaub131c872019-10-16 16:42:19 +02003344 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand24e292c2019-10-03 23:46:33 +02003345 goto end;
3346 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003347 node = ebmb_next(node);
3348 }
3349
3350
3351 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3352 if (!bind_conf->default_ctx) {
3353 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3354 if (key_combos[i].ctx) {
3355 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003356 bind_conf->default_ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003357 break;
3358 }
3359 }
3360 }
3361
3362end:
3363
3364 if (names)
3365 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
3366
3367 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
3368 ssl_sock_free_cert_key_and_chain_contents(&certs_and_keys[n]);
3369
3370 node = ebmb_first(&sni_keytypes_map);
3371 while (node) {
3372 next = ebmb_next(node);
3373 ebmb_delete(node);
William Lallemande92c0302019-10-04 17:24:39 +02003374 free(ebmb_entry(node, struct sni_keytype, name));
yanbzhu08ce6ab2015-12-02 13:01:29 -05003375 node = next;
3376 }
3377
Willy Tarreaub131c872019-10-16 16:42:19 +02003378 return errcode;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003379}
3380#else
3381/* This is a dummy, that just logs an error and returns error */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003382static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3383 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003384{
3385 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3386 err && *err ? *err : "", path, strerror(errno));
3387 return 1;
3388}
3389
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003390#endif /* #if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
yanbzhu488a4d22015-12-01 15:16:07 -05003391
Emeric Brunfc0421f2012-09-07 17:30:07 +02003392/* Loads a certificate key and CA chain from a file. Returns 0 on error, -1 if
3393 * an early error happens and the caller must call SSL_CTX_free() by itelf.
3394 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003395static int ssl_sock_load_cert_chain_file(SSL_CTX *ctx, const char *file, struct bind_conf *s,
3396 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003397{
3398 BIO *in;
3399 X509 *x = NULL, *ca;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003400 int i, err;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003401 int ret = -1;
3402 int order = 0;
3403 X509_NAME *xname;
3404 char *str;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003405 pem_password_cb *passwd_cb;
3406 void *passwd_cb_userdata;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003407 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003408 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003409
Emeric Brunfc0421f2012-09-07 17:30:07 +02003410#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3411 STACK_OF(GENERAL_NAME) *names;
3412#endif
3413
3414 in = BIO_new(BIO_s_file());
3415 if (in == NULL)
3416 goto end;
3417
3418 if (BIO_read_filename(in, file) <= 0)
3419 goto end;
3420
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003421
3422 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
3423 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
3424
3425 x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003426 if (x == NULL)
3427 goto end;
3428
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003429 pkey = X509_get_pubkey(x);
3430 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003431 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003432 switch(EVP_PKEY_base_id(pkey)) {
3433 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003434 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003435 break;
3436 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003437 kinfo.sig = TLSEXT_signature_ecdsa;
3438 break;
3439 case EVP_PKEY_DSA:
3440 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003441 break;
3442 }
3443 EVP_PKEY_free(pkey);
3444 }
3445
Emeric Brun50bcecc2013-04-22 13:05:23 +02003446 if (fcount) {
William Lallemand24e292c2019-10-03 23:46:33 +02003447 while (fcount--) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003448 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, sni_filter[fcount], order);
William Lallemand24e292c2019-10-03 23:46:33 +02003449 if (order < 0)
3450 goto end;
3451 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003452 }
3453 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003454#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003455 names = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
3456 if (names) {
3457 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3458 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
3459 if (name->type == GEN_DNS) {
3460 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003461 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003462 OPENSSL_free(str);
William Lallemand24e292c2019-10-03 23:46:33 +02003463 if (order < 0)
3464 goto end;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003465 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003466 }
3467 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003468 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003469 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003470#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003471 xname = X509_get_subject_name(x);
3472 i = -1;
3473 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3474 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003475 ASN1_STRING *value;
3476
3477 value = X509_NAME_ENTRY_get_data(entry);
3478 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003479 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003480 OPENSSL_free(str);
William Lallemand24e292c2019-10-03 23:46:33 +02003481 if (order < 0)
3482 goto end;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003483 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003484 }
3485 }
3486
3487 ret = 0; /* the caller must not free the SSL_CTX argument anymore */
3488 if (!SSL_CTX_use_certificate(ctx, x))
3489 goto end;
3490
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003491#ifdef SSL_CTX_clear_extra_chain_certs
3492 SSL_CTX_clear_extra_chain_certs(ctx);
3493#else
Emeric Brunfc0421f2012-09-07 17:30:07 +02003494 if (ctx->extra_certs != NULL) {
3495 sk_X509_pop_free(ctx->extra_certs, X509_free);
3496 ctx->extra_certs = NULL;
3497 }
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003498#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003499
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003500 while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_cb_userdata))) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003501 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3502 X509_free(ca);
3503 goto end;
3504 }
3505 }
3506
3507 err = ERR_get_error();
3508 if (!err || (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
3509 /* we successfully reached the last cert in the file */
3510 ret = 1;
3511 }
3512 ERR_clear_error();
3513
3514end:
3515 if (x)
3516 X509_free(x);
3517
3518 if (in)
3519 BIO_free(in);
3520
3521 return ret;
3522}
3523
Willy Tarreaub131c872019-10-16 16:42:19 +02003524/* Returns a set of ERR_* flags possibly with an error in <err>. */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003525static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3526 char **sni_filter, int fcount, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003527{
Emeric Bruncfc1afe2019-10-17 13:27:40 +02003528 int errcode = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003529 int ret;
3530 SSL_CTX *ctx;
3531
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003532 ctx = SSL_CTX_new(SSLv23_server_method());
Emeric Brunfc0421f2012-09-07 17:30:07 +02003533 if (!ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003534 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3535 err && *err ? *err : "", path);
Willy Tarreaub131c872019-10-16 16:42:19 +02003536 return ERR_ALERT | ERR_FATAL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003537 }
3538
3539 if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003540 memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n",
3541 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003542 SSL_CTX_free(ctx);
Willy Tarreaub131c872019-10-16 16:42:19 +02003543 return ERR_ALERT | ERR_FATAL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003544 }
3545
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003546 ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, ssl_conf, sni_filter, fcount);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003547 if (ret <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003548 memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n",
3549 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003550 if (ret < 0) /* serious error, must do that ourselves */
3551 SSL_CTX_free(ctx);
Willy Tarreaub131c872019-10-16 16:42:19 +02003552 return ERR_ALERT | ERR_FATAL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003553 }
Emeric Brun61694ab2012-10-26 13:35:33 +02003554
3555 if (SSL_CTX_check_private_key(ctx) <= 0) {
3556 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3557 err && *err ? *err : "", path);
Willy Tarreaub131c872019-10-16 16:42:19 +02003558 return ERR_ALERT | ERR_FATAL;
Emeric Brun61694ab2012-10-26 13:35:33 +02003559 }
3560
Emeric Brunfc0421f2012-09-07 17:30:07 +02003561 /* we must not free the SSL_CTX anymore below, since it's already in
3562 * the tree, so it will be discovered and cleaned in time.
3563 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003564#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +02003565 /* store a NULL pointer to indicate we have not yet loaded
3566 a custom DH param file */
3567 if (ssl_dh_ptr_index >= 0) {
3568 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3569 }
3570
Emeric Bruncfc1afe2019-10-17 13:27:40 +02003571 errcode |= ssl_sock_load_dh_params(ctx, path, err);
3572 if (errcode & ERR_CODE) {
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003573 if (err)
3574 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3575 *err ? *err : "", path);
Emeric Bruncfc1afe2019-10-17 13:27:40 +02003576 return errcode;
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003577 }
3578#endif
3579
Lukas Tribuse4e30f72014-12-09 16:32:51 +01003580#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +02003581 ret = ssl_sock_load_ocsp(ctx, path);
3582 if (ret < 0) {
3583 if (err)
3584 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3585 *err ? *err : "", path);
Willy Tarreaub131c872019-10-16 16:42:19 +02003586 return ERR_ALERT | ERR_FATAL;
Emeric Brun4147b2e2014-06-16 18:36:30 +02003587 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003588#elif (defined OPENSSL_IS_BORINGSSL)
3589 ssl_sock_set_ocsp_response_from_file(ctx, path);
Emeric Brun4147b2e2014-06-16 18:36:30 +02003590#endif
3591
Willy Tarreau5db847a2019-05-09 14:13:35 +02003592#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01003593 if (sctl_ex_index >= 0) {
3594 ret = ssl_sock_load_sctl(ctx, path);
3595 if (ret < 0) {
3596 if (err)
3597 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3598 *err ? *err : "", path);
Willy Tarreaub131c872019-10-16 16:42:19 +02003599 return ERR_ALERT | ERR_FATAL;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01003600 }
3601 }
3602#endif
3603
Emeric Brunfc0421f2012-09-07 17:30:07 +02003604#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003605 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003606 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
3607 err && *err ? *err : "");
Willy Tarreaub131c872019-10-16 16:42:19 +02003608 return ERR_ALERT | ERR_FATAL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003609 }
3610#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003611 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003612 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003613 bind_conf->default_ssl_conf = ssl_conf;
3614 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003615
Emeric Bruncfc1afe2019-10-17 13:27:40 +02003616 return errcode;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003617}
3618
Willy Tarreaub131c872019-10-16 16:42:19 +02003619
3620/* Returns a set of ERR_* flags possibly with an error in <err>. */
Willy Tarreau03209342016-12-22 17:08:28 +01003621int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003622{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003623 struct dirent **de_list;
3624 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003625 DIR *dir;
3626 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01003627 char *end;
3628 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02003629 int cfgerr = 0;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003630#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05003631 int is_bundle;
3632 int j;
3633#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003634
yanbzhu08ce6ab2015-12-02 13:01:29 -05003635 if (stat(path, &buf) == 0) {
3636 dir = opendir(path);
3637 if (!dir)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003638 return ssl_sock_load_cert_file(path, bind_conf, NULL, NULL, 0, err);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003639
yanbzhu08ce6ab2015-12-02 13:01:29 -05003640 /* strip trailing slashes, including first one */
3641 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
3642 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003643
yanbzhu08ce6ab2015-12-02 13:01:29 -05003644 n = scandir(path, &de_list, 0, alphasort);
3645 if (n < 0) {
3646 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
3647 err && *err ? *err : "", path, strerror(errno));
Willy Tarreaub131c872019-10-16 16:42:19 +02003648 cfgerr |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003649 }
3650 else {
3651 for (i = 0; i < n; i++) {
3652 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02003653
yanbzhu08ce6ab2015-12-02 13:01:29 -05003654 end = strrchr(de->d_name, '.');
3655 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
3656 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003657
yanbzhu08ce6ab2015-12-02 13:01:29 -05003658 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
3659 if (stat(fp, &buf) != 0) {
3660 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3661 err && *err ? *err : "", fp, strerror(errno));
Willy Tarreaub131c872019-10-16 16:42:19 +02003662 cfgerr |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003663 goto ignore_entry;
3664 }
3665 if (!S_ISREG(buf.st_mode))
3666 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05003667
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003668#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05003669 is_bundle = 0;
3670 /* Check if current entry in directory is part of a multi-cert bundle */
3671
3672 if (end) {
3673 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
3674 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
3675 is_bundle = 1;
3676 break;
3677 }
3678 }
3679
3680 if (is_bundle) {
yanbzhu63ea8462015-12-09 13:35:14 -05003681 int dp_len;
3682
3683 dp_len = end - de->d_name;
yanbzhu63ea8462015-12-09 13:35:14 -05003684
3685 /* increment i and free de until we get to a non-bundle cert
3686 * Note here that we look at de_list[i + 1] before freeing de
Willy Tarreau5b8a8652019-10-29 10:48:50 +01003687 * this is important since ignore_entry will free de. This also
3688 * guarantees that de->d_name continues to hold the same prefix.
yanbzhu63ea8462015-12-09 13:35:14 -05003689 */
Willy Tarreau5b8a8652019-10-29 10:48:50 +01003690 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, de->d_name, dp_len)) {
yanbzhu63ea8462015-12-09 13:35:14 -05003691 free(de);
3692 i++;
3693 de = de_list[i];
3694 }
3695
Willy Tarreau5b8a8652019-10-29 10:48:50 +01003696 snprintf(fp, sizeof(fp), "%s/%.*s", path, dp_len, de->d_name);
Willy Tarreaub131c872019-10-16 16:42:19 +02003697 cfgerr |= ssl_sock_load_multi_cert(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05003698 /* Successfully processed the bundle */
3699 goto ignore_entry;
3700 }
3701 }
3702
3703#endif
Willy Tarreaub131c872019-10-16 16:42:19 +02003704 cfgerr |= ssl_sock_load_cert_file(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003705ignore_entry:
3706 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003707 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003708 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003709 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003710 closedir(dir);
3711 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003712 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003713
Willy Tarreaub131c872019-10-16 16:42:19 +02003714 cfgerr |= ssl_sock_load_multi_cert(path, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003715
Emeric Brunfc0421f2012-09-07 17:30:07 +02003716 return cfgerr;
3717}
3718
Thierry Fournier383085f2013-01-24 14:15:43 +01003719/* Make sure openssl opens /dev/urandom before the chroot. The work is only
3720 * done once. Zero is returned if the operation fails. No error is returned
3721 * if the random is said as not implemented, because we expect that openssl
3722 * will use another method once needed.
3723 */
3724static int ssl_initialize_random()
3725{
3726 unsigned char random;
3727 static int random_initialized = 0;
3728
3729 if (!random_initialized && RAND_bytes(&random, 1) != 0)
3730 random_initialized = 1;
3731
3732 return random_initialized;
3733}
3734
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003735/* release ssl bind conf */
3736void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003737{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003738 if (conf) {
Bernard Spil13c53f82018-02-15 13:34:58 +01003739#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003740 free(conf->npn_str);
3741 conf->npn_str = NULL;
3742#endif
3743#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
3744 free(conf->alpn_str);
3745 conf->alpn_str = NULL;
3746#endif
3747 free(conf->ca_file);
3748 conf->ca_file = NULL;
3749 free(conf->crl_file);
3750 conf->crl_file = NULL;
3751 free(conf->ciphers);
3752 conf->ciphers = NULL;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02003753#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02003754 free(conf->ciphersuites);
3755 conf->ciphersuites = NULL;
3756#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01003757 free(conf->curves);
3758 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003759 free(conf->ecdhe);
3760 conf->ecdhe = NULL;
3761 }
3762}
3763
Willy Tarreaub131c872019-10-16 16:42:19 +02003764/* Returns a set of ERR_* flags possibly with an error in <err>. */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003765int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
3766{
3767 char thisline[CRT_LINESIZE];
3768 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003769 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05003770 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003771 int linenum = 0;
3772 int cfgerr = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003773
Willy Tarreauad1731d2013-04-02 17:35:58 +02003774 if ((f = fopen(file, "r")) == NULL) {
3775 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Willy Tarreaub131c872019-10-16 16:42:19 +02003776 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003777 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003778
3779 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003780 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003781 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003782 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003783 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003784 char *crt_path;
3785 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003786
3787 linenum++;
3788 end = line + strlen(line);
3789 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
3790 /* Check if we reached the limit and the last char is not \n.
3791 * Watch out for the last line without the terminating '\n'!
3792 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02003793 memprintf(err, "line %d too long in file '%s', limit is %d characters",
3794 linenum, file, (int)sizeof(thisline)-1);
Willy Tarreaub131c872019-10-16 16:42:19 +02003795 cfgerr |= ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003796 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003797 }
3798
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003799 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02003800 newarg = 1;
3801 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003802 if (*line == '#' || *line == '\n' || *line == '\r') {
3803 /* end of string, end of loop */
3804 *line = 0;
3805 break;
Willy Tarreau26e4ab42020-02-25 07:51:59 +01003806 } else if (isspace((unsigned char)*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02003807 newarg = 1;
3808 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003809 } else if (*line == '[') {
3810 if (ssl_b) {
3811 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
Willy Tarreaub131c872019-10-16 16:42:19 +02003812 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003813 break;
3814 }
3815 if (!arg) {
3816 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
Willy Tarreaub131c872019-10-16 16:42:19 +02003817 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003818 break;
3819 }
3820 ssl_b = arg;
3821 newarg = 1;
3822 *line = 0;
3823 } else if (*line == ']') {
3824 if (ssl_e) {
3825 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Willy Tarreaub131c872019-10-16 16:42:19 +02003826 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brun50bcecc2013-04-22 13:05:23 +02003827 break;
3828 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003829 if (!ssl_b) {
3830 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
Willy Tarreaub131c872019-10-16 16:42:19 +02003831 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003832 break;
3833 }
3834 ssl_e = arg;
3835 newarg = 1;
3836 *line = 0;
3837 } else if (newarg) {
3838 if (arg == MAX_CRT_ARGS) {
3839 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
Willy Tarreaub131c872019-10-16 16:42:19 +02003840 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003841 break;
3842 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003843 newarg = 0;
3844 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003845 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003846 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003847 }
Willy Tarreaub131c872019-10-16 16:42:19 +02003848 if (cfgerr & ERR_CODE)
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003849 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003850 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003851
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003852 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003853 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003854 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003855
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003856 crt_path = args[0];
3857 if (*crt_path != '/' && global_ssl.crt_base) {
3858 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
3859 memprintf(err, "'%s' : path too long on line %d in file '%s'",
3860 crt_path, linenum, file);
Willy Tarreaub131c872019-10-16 16:42:19 +02003861 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003862 break;
3863 }
3864 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
3865 crt_path = path;
3866 }
3867
3868 ssl_conf = calloc(1, sizeof *ssl_conf);
3869 cur_arg = ssl_b ? ssl_b : 1;
3870 while (cur_arg < ssl_e) {
3871 newarg = 0;
3872 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
3873 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
3874 newarg = 1;
Willy Tarreaub131c872019-10-16 16:42:19 +02003875 cfgerr |= ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003876 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
3877 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
3878 args[cur_arg], linenum, file);
Willy Tarreaub131c872019-10-16 16:42:19 +02003879 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003880 }
3881 cur_arg += 1 + ssl_bind_kws[i].skip;
3882 break;
3883 }
3884 }
3885 if (!cfgerr && !newarg) {
3886 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
3887 args[cur_arg], linenum, file);
Willy Tarreaub131c872019-10-16 16:42:19 +02003888 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003889 break;
3890 }
3891 }
Willy Tarreaub131c872019-10-16 16:42:19 +02003892
3893 if (cfgerr & ERR_CODE) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003894 ssl_sock_free_ssl_conf(ssl_conf);
3895 free(ssl_conf);
3896 ssl_conf = NULL;
3897 break;
3898 }
3899
3900 if (stat(crt_path, &buf) == 0) {
Willy Tarreaub131c872019-10-16 16:42:19 +02003901 cfgerr |= ssl_sock_load_cert_file(crt_path, bind_conf, ssl_conf,
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003902 &args[cur_arg], arg - cur_arg - 1, err);
Willy Tarreaub131c872019-10-16 16:42:19 +02003903 } else {
3904 cfgerr |= ssl_sock_load_multi_cert(crt_path, bind_conf, ssl_conf,
3905 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003906 }
3907
Willy Tarreaub131c872019-10-16 16:42:19 +02003908 if (cfgerr & ERR_CODE) {
Willy Tarreauad1731d2013-04-02 17:35:58 +02003909 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003910 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003911 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003912 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003913 fclose(f);
3914 return cfgerr;
3915}
3916
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003917/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003918static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003919ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003920{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003921 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003922 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003923 SSL_OP_ALL | /* all known workarounds for bugs */
3924 SSL_OP_NO_SSLv2 |
3925 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003926 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02003927 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003928 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02003929 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003930 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003931 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003932 SSL_MODE_ENABLE_PARTIAL_WRITE |
3933 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01003934 SSL_MODE_RELEASE_BUFFERS |
3935 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02003936 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003937 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003938 int flags = MC_SSL_O_ALL;
3939 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003940
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003941 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003942 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003943
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003944 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01003945 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
3946 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3947 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003948 else
3949 flags = conf_ssl_methods->flags;
3950
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003951 min = conf_ssl_methods->min;
3952 max = conf_ssl_methods->max;
3953 /* start with TLSv10 to remove SSLv3 per default */
3954 if (!min && (!max || max >= CONF_TLSV10))
3955 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003956 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003957 if (min)
3958 flags |= (methodVersions[min].flag - 1);
3959 if (max)
3960 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003961 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003962 min = max = CONF_TLSV_NONE;
3963 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003964 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003965 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003966 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003967 if (min) {
3968 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003969 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
3970 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3971 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
3972 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003973 hole = 0;
3974 }
3975 max = i;
3976 }
3977 else {
3978 min = max = i;
3979 }
3980 }
3981 else {
3982 if (min)
3983 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003984 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003985 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003986 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
3987 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003988 cfgerr += 1;
3989 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02003990 /* save real min/max in bind_conf */
3991 conf_ssl_methods->min = min;
3992 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003993
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003994#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003995 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08003996 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003997 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003998 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003999 else
William Lallemand6dbb9a12020-06-11 17:34:00 +02004000 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++) {
4001 /* clear every version flags in case SSL_CTX_new()
4002 * returns an SSL_CTX with disabled versions */
4003 SSL_CTX_clear_options(ctx, methodVersions[i].option);
4004
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004005 if (flags & methodVersions[i].flag)
4006 options |= methodVersions[i].option;
William Lallemand6dbb9a12020-06-11 17:34:00 +02004007
4008 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004009#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004010 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004011 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4012 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02004013#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004014
4015 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
4016 options |= SSL_OP_NO_TICKET;
4017 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
4018 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
Dirkjan Bussink526894f2019-01-21 09:35:03 -08004019
4020#ifdef SSL_OP_NO_RENEGOTIATION
4021 options |= SSL_OP_NO_RENEGOTIATION;
4022#endif
4023
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004024 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004025
Willy Tarreau5db847a2019-05-09 14:13:35 +02004026#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004027 if (global_ssl.async)
4028 mode |= SSL_MODE_ASYNC;
4029#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004030 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004031 if (global_ssl.life_time)
4032 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004033
4034#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
4035#ifdef OPENSSL_IS_BORINGSSL
4036 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
4037 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Willy Tarreau5db847a2019-05-09 14:13:35 +02004038#elif (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houcharde82c1d42019-12-17 15:39:54 +01004039 if (bind_conf->ssl_conf.early_data)
Olivier Houchard51088ce2019-01-02 18:46:41 +01004040 SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02004041 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
4042 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004043#else
4044 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004045#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02004046 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004047#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004048 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004049}
4050
William Lallemand4f45bb92017-10-30 20:08:51 +01004051
4052static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
4053{
4054 if (first == block) {
4055 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4056 if (first->len > 0)
4057 sh_ssl_sess_tree_delete(sh_ssl_sess);
4058 }
4059}
4060
4061/* return first block from sh_ssl_sess */
4062static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
4063{
4064 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
4065
4066}
4067
4068/* store a session into the cache
4069 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
4070 * data: asn1 encoded session
4071 * data_len: asn1 encoded session length
4072 * Returns 1 id session was stored (else 0)
4073 */
4074static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
4075{
4076 struct shared_block *first;
4077 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
4078
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004079 first = shctx_row_reserve_hot(ssl_shctx, NULL, data_len + sizeof(struct sh_ssl_sess_hdr));
William Lallemand4f45bb92017-10-30 20:08:51 +01004080 if (!first) {
4081 /* Could not retrieve enough free blocks to store that session */
4082 return 0;
4083 }
4084
4085 /* STORE the key in the first elem */
4086 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4087 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
4088 first->len = sizeof(struct sh_ssl_sess_hdr);
4089
4090 /* it returns the already existing node
4091 or current node if none, never returns null */
4092 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
4093 if (oldsh_ssl_sess != sh_ssl_sess) {
4094 /* NOTE: Row couldn't be in use because we lock read & write function */
4095 /* release the reserved row */
4096 shctx_row_dec_hot(ssl_shctx, first);
4097 /* replace the previous session already in the tree */
4098 sh_ssl_sess = oldsh_ssl_sess;
4099 /* ignore the previous session data, only use the header */
4100 first = sh_ssl_sess_first_block(sh_ssl_sess);
4101 shctx_row_inc_hot(ssl_shctx, first);
4102 first->len = sizeof(struct sh_ssl_sess_hdr);
4103 }
4104
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004105 if (shctx_row_data_append(ssl_shctx, first, NULL, data, data_len) < 0) {
William Lallemand99b90af2018-01-03 19:15:51 +01004106 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004107 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01004108 }
4109
4110 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004111
4112 return 1;
4113}
William Lallemanded0b5ad2017-10-30 19:36:36 +01004114
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004115/* SSL callback used when a new session is created while connecting to a server */
4116static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
4117{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004118 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004119 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004120
Willy Tarreau07d94e42018-09-20 10:57:52 +02004121 s = __objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004122
Olivier Houcharde6060c52017-11-16 17:42:52 +01004123 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
4124 int len;
4125 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004126
Olivier Houcharde6060c52017-11-16 17:42:52 +01004127 len = i2d_SSL_SESSION(sess, NULL);
4128 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
4129 ptr = s->ssl_ctx.reused_sess[tid].ptr;
4130 } else {
4131 free(s->ssl_ctx.reused_sess[tid].ptr);
4132 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
4133 s->ssl_ctx.reused_sess[tid].allocated_size = len;
4134 }
4135 if (s->ssl_ctx.reused_sess[tid].ptr) {
4136 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
4137 &ptr);
4138 }
4139 } else {
4140 free(s->ssl_ctx.reused_sess[tid].ptr);
4141 s->ssl_ctx.reused_sess[tid].ptr = NULL;
4142 }
4143
4144 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004145}
4146
Olivier Houcharde6060c52017-11-16 17:42:52 +01004147
William Lallemanded0b5ad2017-10-30 19:36:36 +01004148/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01004149int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004150{
4151 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
4152 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
4153 unsigned char *p;
4154 int data_len;
Emeric Brun7b34de32019-10-08 18:27:37 +02004155 unsigned int sid_length;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004156 const unsigned char *sid_data;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004157
4158 /* Session id is already stored in to key and session id is known
4159 * so we dont store it to keep size.
Emeric Brun7b34de32019-10-08 18:27:37 +02004160 * note: SSL_SESSION_set1_id is using
4161 * a memcpy so we need to use a different pointer
4162 * than sid_data or sid_ctx_data to avoid valgrind
4163 * complaining.
William Lallemanded0b5ad2017-10-30 19:36:36 +01004164 */
4165
4166 sid_data = SSL_SESSION_get_id(sess, &sid_length);
Emeric Brun7b34de32019-10-08 18:27:37 +02004167
4168 /* copy value in an other buffer */
4169 memcpy(encid, sid_data, sid_length);
4170
4171 /* pad with 0 */
4172 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
4173 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
4174
4175 /* force length to zero to avoid ASN1 encoding */
4176 SSL_SESSION_set1_id(sess, encid, 0);
4177
4178 /* force length to zero to avoid ASN1 encoding */
4179 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, 0);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004180
4181 /* check if buffer is large enough for the ASN1 encoded session */
4182 data_len = i2d_SSL_SESSION(sess, NULL);
4183 if (data_len > SHSESS_MAX_DATA_LEN)
4184 goto err;
4185
4186 p = encsess;
4187
4188 /* process ASN1 session encoding before the lock */
4189 i2d_SSL_SESSION(sess, &p);
4190
William Lallemanded0b5ad2017-10-30 19:36:36 +01004191
William Lallemanda3c77cf2017-10-30 23:44:40 +01004192 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004193 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004194 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01004195 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004196err:
4197 /* reset original length values */
Emeric Brun7b34de32019-10-08 18:27:37 +02004198 SSL_SESSION_set1_id(sess, encid, sid_length);
4199 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004200
4201 return 0; /* do not increment session reference count */
4202}
4203
4204/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004205SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004206{
William Lallemand4f45bb92017-10-30 20:08:51 +01004207 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004208 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
4209 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01004210 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01004211 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004212
4213 global.shctx_lookups++;
4214
4215 /* allow the session to be freed automatically by openssl */
4216 *do_copy = 0;
4217
4218 /* tree key is zeros padded sessionid */
4219 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4220 memcpy(tmpkey, key, key_len);
4221 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
4222 key = tmpkey;
4223 }
4224
4225 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004226 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004227
4228 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004229 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
4230 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004231 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004232 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004233 global.shctx_misses++;
4234 return NULL;
4235 }
4236
William Lallemand4f45bb92017-10-30 20:08:51 +01004237 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
4238 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004239
William Lallemand4f45bb92017-10-30 20:08:51 +01004240 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004241
William Lallemanda3c77cf2017-10-30 23:44:40 +01004242 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004243
4244 /* decode ASN1 session */
4245 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004246 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004247 /* Reset session id and session id contenxt */
4248 if (sess) {
4249 SSL_SESSION_set1_id(sess, key, key_len);
4250 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4251 }
4252
4253 return sess;
4254}
4255
William Lallemand4f45bb92017-10-30 20:08:51 +01004256
William Lallemanded0b5ad2017-10-30 19:36:36 +01004257/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004258void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004259{
William Lallemand4f45bb92017-10-30 20:08:51 +01004260 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004261 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4262 unsigned int sid_length;
4263 const unsigned char *sid_data;
4264 (void)ctx;
4265
4266 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4267 /* tree key is zeros padded sessionid */
4268 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4269 memcpy(tmpkey, sid_data, sid_length);
4270 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4271 sid_data = tmpkey;
4272 }
4273
William Lallemanda3c77cf2017-10-30 23:44:40 +01004274 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004275
4276 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004277 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4278 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004279 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004280 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004281 }
4282
4283 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004284 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004285}
4286
4287/* Set session cache mode to server and disable openssl internal cache.
4288 * Set shared cache callbacks on an ssl context.
4289 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004290void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004291{
4292 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4293
4294 if (!ssl_shctx) {
4295 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4296 return;
4297 }
4298
4299 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4300 SSL_SESS_CACHE_NO_INTERNAL |
4301 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4302
4303 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004304 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4305 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4306 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004307}
4308
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004309int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx)
4310{
4311 struct proxy *curproxy = bind_conf->frontend;
4312 int cfgerr = 0;
4313 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004314 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004315 const char *conf_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004316#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004317 const char *conf_ciphersuites;
4318#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004319 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004320
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004321 if (ssl_conf) {
4322 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4323 int i, min, max;
4324 int flags = MC_SSL_O_ALL;
4325
4326 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004327 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4328 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004329 if (min)
4330 flags |= (methodVersions[min].flag - 1);
4331 if (max)
4332 flags |= ~((methodVersions[max].flag << 1) - 1);
4333 min = max = CONF_TLSV_NONE;
4334 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4335 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4336 if (min)
4337 max = i;
4338 else
4339 min = max = i;
4340 }
4341 /* save real min/max */
4342 conf_ssl_methods->min = min;
4343 conf_ssl_methods->max = max;
4344 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004345 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4346 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004347 cfgerr += 1;
4348 }
4349 }
4350
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004351 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01004352 case SSL_SOCK_VERIFY_NONE:
4353 verify = SSL_VERIFY_NONE;
4354 break;
4355 case SSL_SOCK_VERIFY_OPTIONAL:
4356 verify = SSL_VERIFY_PEER;
4357 break;
4358 case SSL_SOCK_VERIFY_REQUIRED:
4359 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
4360 break;
4361 }
4362 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
4363 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004364 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
4365 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
4366 if (ca_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004367 /* load CAfile to verify */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004368 if (!SSL_CTX_load_verify_locations(ctx, ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004369 ha_alert("Proxy '%s': unable to load CA file '%s' for bind '%s' at [%s:%d].\n",
4370 curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004371 cfgerr++;
4372 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02004373 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
4374 /* set CA names for client cert request, function returns void */
4375 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(ca_file));
4376 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004377 }
Emeric Brun850efd52014-01-29 12:24:34 +01004378 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004379 ha_alert("Proxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
4380 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun850efd52014-01-29 12:24:34 +01004381 cfgerr++;
4382 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004383#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004384 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004385 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
4386
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004387 if (!store || !X509_STORE_load_locations(store, crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004388 ha_alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
4389 curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004390 cfgerr++;
4391 }
Emeric Brun561e5742012-10-02 15:20:55 +02004392 else {
4393 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4394 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004395 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004396#endif
Emeric Brun644cde02012-12-14 11:21:13 +01004397 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02004398 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004399#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02004400 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004401 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004402 ha_alert("Proxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
4403 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004404 cfgerr++;
4405 }
4406 }
4407#endif
4408
William Lallemand4f45bb92017-10-30 20:08:51 +01004409 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004410 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
4411 if (conf_ciphers &&
4412 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004413 ha_alert("Proxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
4414 curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004415 cfgerr++;
4416 }
4417
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004418#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004419 conf_ciphersuites = (ssl_conf && ssl_conf->ciphersuites) ? ssl_conf->ciphersuites : bind_conf->ssl_conf.ciphersuites;
4420 if (conf_ciphersuites &&
4421 !SSL_CTX_set_ciphersuites(ctx, conf_ciphersuites)) {
4422 ha_alert("Proxy '%s': unable to set TLS 1.3 cipher suites to '%s' for bind '%s' at [%s:%d].\n",
4423 curproxy->id, conf_ciphersuites, bind_conf->arg, bind_conf->file, bind_conf->line);
4424 cfgerr++;
4425 }
4426#endif
4427
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004428#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02004429 /* If tune.ssl.default-dh-param has not been set,
4430 neither has ssl-default-dh-file and no static DH
4431 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01004432 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02004433 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02004434 (ssl_dh_ptr_index == -1 ||
4435 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004436 STACK_OF(SSL_CIPHER) * ciphers = NULL;
4437 const SSL_CIPHER * cipher = NULL;
4438 char cipher_description[128];
4439 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
4440 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
4441 which is not ephemeral DH. */
4442 const char dhe_description[] = " Kx=DH ";
4443 const char dhe_export_description[] = " Kx=DH(";
4444 int idx = 0;
4445 int dhe_found = 0;
4446 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004447
Remi Gacogne23d5d372014-10-10 17:04:26 +02004448 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004449
Remi Gacogne23d5d372014-10-10 17:04:26 +02004450 if (ssl) {
4451 ciphers = SSL_get_ciphers(ssl);
4452
4453 if (ciphers) {
4454 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
4455 cipher = sk_SSL_CIPHER_value(ciphers, idx);
4456 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
4457 if (strstr(cipher_description, dhe_description) != NULL ||
4458 strstr(cipher_description, dhe_export_description) != NULL) {
4459 dhe_found = 1;
4460 break;
4461 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02004462 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004463 }
4464 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02004465 SSL_free(ssl);
4466 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004467 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004468
Lukas Tribus90132722014-08-18 00:56:33 +02004469 if (dhe_found) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004470 ha_warning("Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n");
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004471 }
4472
Willy Tarreauef934602016-12-22 23:12:01 +01004473 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004474 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004475
Willy Tarreauef934602016-12-22 23:12:01 +01004476 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004477 if (local_dh_1024 == NULL) {
4478 local_dh_1024 = ssl_get_dh_1024();
4479 }
Willy Tarreauef934602016-12-22 23:12:01 +01004480 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004481 if (local_dh_2048 == NULL) {
4482 local_dh_2048 = ssl_get_dh_2048();
4483 }
Willy Tarreauef934602016-12-22 23:12:01 +01004484 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004485 if (local_dh_4096 == NULL) {
4486 local_dh_4096 = ssl_get_dh_4096();
4487 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004488 }
4489 }
4490 }
4491#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004492
Emeric Brunfc0421f2012-09-07 17:30:07 +02004493 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004494#if HA_OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02004495 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004496#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02004497
Bernard Spil13c53f82018-02-15 13:34:58 +01004498#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004499 ssl_conf_cur = NULL;
4500 if (ssl_conf && ssl_conf->npn_str)
4501 ssl_conf_cur = ssl_conf;
4502 else if (bind_conf->ssl_conf.npn_str)
4503 ssl_conf_cur = &bind_conf->ssl_conf;
4504 if (ssl_conf_cur)
4505 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004506#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004507#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004508 ssl_conf_cur = NULL;
4509 if (ssl_conf && ssl_conf->alpn_str)
4510 ssl_conf_cur = ssl_conf;
4511 else if (bind_conf->ssl_conf.alpn_str)
4512 ssl_conf_cur = &bind_conf->ssl_conf;
4513 if (ssl_conf_cur)
4514 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02004515#endif
Lukas Tribusd13e9252019-11-24 18:20:40 +01004516#if ((HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL) || defined(LIBRESSL_VERSION_NUMBER))
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004517 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
4518 if (conf_curves) {
4519 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004520 ha_alert("Proxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
4521 curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004522 cfgerr++;
4523 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01004524 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004525 }
4526#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004527#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004528 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02004529 int i;
4530 EC_KEY *ecdh;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004531#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004532 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02004533 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4534 NULL);
4535
4536 if (ecdhe == NULL) {
Eric Salama27c21cd2019-11-20 11:33:40 +01004537 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
Olivier Houchardc2aae742017-09-22 18:26:28 +02004538 return cfgerr;
4539 }
4540#else
4541 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
4542 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4543 ECDHE_DEFAULT_CURVE);
4544#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004545
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004546 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02004547 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004548 ha_alert("Proxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
4549 curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun2b58d042012-09-20 17:10:03 +02004550 cfgerr++;
4551 }
4552 else {
4553 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
4554 EC_KEY_free(ecdh);
4555 }
4556 }
4557#endif
4558
Emeric Brunfc0421f2012-09-07 17:30:07 +02004559 return cfgerr;
4560}
4561
Evan Broderbe554312013-06-27 00:05:25 -07004562static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
4563{
4564 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
4565 size_t prefixlen, suffixlen;
4566
4567 /* Trivial case */
4568 if (strcmp(pattern, hostname) == 0)
4569 return 1;
4570
Evan Broderbe554312013-06-27 00:05:25 -07004571 /* The rest of this logic is based on RFC 6125, section 6.4.3
4572 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
4573
Emeric Bruna848dae2013-10-08 11:27:28 +02004574 pattern_wildcard = NULL;
4575 pattern_left_label_end = pattern;
4576 while (*pattern_left_label_end != '.') {
4577 switch (*pattern_left_label_end) {
4578 case 0:
4579 /* End of label not found */
4580 return 0;
4581 case '*':
4582 /* If there is more than one wildcards */
4583 if (pattern_wildcard)
4584 return 0;
4585 pattern_wildcard = pattern_left_label_end;
4586 break;
4587 }
4588 pattern_left_label_end++;
4589 }
4590
4591 /* If it's not trivial and there is no wildcard, it can't
4592 * match */
4593 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07004594 return 0;
4595
4596 /* Make sure all labels match except the leftmost */
4597 hostname_left_label_end = strchr(hostname, '.');
4598 if (!hostname_left_label_end
4599 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
4600 return 0;
4601
4602 /* Make sure the leftmost label of the hostname is long enough
4603 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02004604 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07004605 return 0;
4606
4607 /* Finally compare the string on either side of the
4608 * wildcard */
4609 prefixlen = pattern_wildcard - pattern;
4610 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02004611 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
4612 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07004613 return 0;
4614
4615 return 1;
4616}
4617
4618static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
4619{
4620 SSL *ssl;
4621 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01004622 struct ssl_sock_ctx *ssl_ctx;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004623 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02004624 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07004625
4626 int depth;
4627 X509 *cert;
4628 STACK_OF(GENERAL_NAME) *alt_names;
4629 int i;
4630 X509_NAME *cert_subject;
4631 char *str;
4632
4633 if (ok == 0)
4634 return ok;
4635
4636 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004637 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard66ab4982019-02-26 18:37:15 +01004638 ssl_ctx = conn->xprt_ctx;
Evan Broderbe554312013-06-27 00:05:25 -07004639
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004640 /* We're checking if the provided hostnames match the desired one. The
4641 * desired hostname comes from the SNI we presented if any, or if not
4642 * provided then it may have been explicitly stated using a "verifyhost"
4643 * directive. If neither is set, we don't care about the name so the
4644 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02004645 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01004646 servername = SSL_get_servername(ssl_ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02004647 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004648 if (!servername) {
Willy Tarreau07d94e42018-09-20 10:57:52 +02004649 servername = __objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004650 if (!servername)
4651 return ok;
4652 }
Evan Broderbe554312013-06-27 00:05:25 -07004653
4654 /* We only need to verify the CN on the actual server cert,
4655 * not the indirect CAs */
4656 depth = X509_STORE_CTX_get_error_depth(ctx);
4657 if (depth != 0)
4658 return ok;
4659
4660 /* At this point, the cert is *not* OK unless we can find a
4661 * hostname match */
4662 ok = 0;
4663
4664 cert = X509_STORE_CTX_get_current_cert(ctx);
4665 /* It seems like this might happen if verify peer isn't set */
4666 if (!cert)
4667 return ok;
4668
4669 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
4670 if (alt_names) {
4671 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
4672 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
4673 if (name->type == GEN_DNS) {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004674#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Emeric Bruna33410c2013-09-17 15:47:48 +02004675 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
4676#else
Evan Broderbe554312013-06-27 00:05:25 -07004677 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004678#endif
Evan Broderbe554312013-06-27 00:05:25 -07004679 ok = ssl_sock_srv_hostcheck(str, servername);
4680 OPENSSL_free(str);
4681 }
4682 }
4683 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02004684 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07004685 }
4686
4687 cert_subject = X509_get_subject_name(cert);
4688 i = -1;
4689 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
4690 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02004691 ASN1_STRING *value;
4692 value = X509_NAME_ENTRY_get_data(entry);
4693 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07004694 ok = ssl_sock_srv_hostcheck(str, servername);
4695 OPENSSL_free(str);
4696 }
4697 }
4698
Willy Tarreau71d058c2017-07-26 20:09:56 +02004699 /* report the mismatch and indicate if SNI was used or not */
4700 if (!ok && !conn->err_code)
4701 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07004702 return ok;
4703}
4704
Emeric Brun94324a42012-10-11 14:00:19 +02004705/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01004706int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02004707{
Willy Tarreau03209342016-12-22 17:08:28 +01004708 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02004709 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004710 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02004711 SSL_OP_ALL | /* all known workarounds for bugs */
4712 SSL_OP_NO_SSLv2 |
4713 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004714 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02004715 SSL_MODE_ENABLE_PARTIAL_WRITE |
4716 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004717 SSL_MODE_RELEASE_BUFFERS |
4718 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01004719 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004720 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004721 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004722 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004723 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02004724
Thierry Fournier383085f2013-01-24 14:15:43 +01004725 /* Make sure openssl opens /dev/urandom before the chroot */
4726 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004727 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01004728 cfgerr++;
4729 }
4730
Willy Tarreaufce03112015-01-15 21:32:40 +01004731 /* Automatic memory computations need to know we use SSL there */
4732 global.ssl_used_backend = 1;
4733
4734 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02004735 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01004736 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004737 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
4738 curproxy->id, srv->id,
4739 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004740 cfgerr++;
4741 return cfgerr;
4742 }
4743 }
Christopher Faulet68d35ae2020-03-27 18:55:49 +01004744 if (srv->use_ssl == 1)
Emeric Brun94324a42012-10-11 14:00:19 +02004745 srv->xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02004746
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004747 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004748 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004749 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
4750 proxy_type_str(curproxy), curproxy->id,
4751 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02004752 cfgerr++;
4753 return cfgerr;
4754 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004755
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004756 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004757 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
4758 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4759 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004760 else
4761 flags = conf_ssl_methods->flags;
4762
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004763 /* Real min and max should be determinate with configuration and openssl's capabilities */
4764 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004765 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004766 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004767 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004768
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004769 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004770 min = max = CONF_TLSV_NONE;
4771 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004772 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004773 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004774 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004775 if (min) {
4776 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004777 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
4778 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4779 proxy_type_str(curproxy), curproxy->id, srv->id,
4780 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004781 hole = 0;
4782 }
4783 max = i;
4784 }
4785 else {
4786 min = max = i;
4787 }
4788 }
4789 else {
4790 if (min)
4791 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004792 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004793 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004794 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
4795 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004796 cfgerr += 1;
4797 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004798
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004799#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004800 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08004801 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004802 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004803 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004804 else
4805 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4806 if (flags & methodVersions[i].flag)
4807 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004808#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004809 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004810 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4811 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004812#endif
4813
4814 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
4815 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004816 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004817
Willy Tarreau5db847a2019-05-09 14:13:35 +02004818#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004819 if (global_ssl.async)
4820 mode |= SSL_MODE_ASYNC;
4821#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004822 SSL_CTX_set_mode(ctx, mode);
4823 srv->ssl_ctx.ctx = ctx;
4824
Emeric Bruna7aa3092012-10-26 12:58:00 +02004825 if (srv->ssl_ctx.client_crt) {
4826 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004827 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
4828 proxy_type_str(curproxy), curproxy->id,
4829 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004830 cfgerr++;
4831 }
4832 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004833 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
4834 proxy_type_str(curproxy), curproxy->id,
4835 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004836 cfgerr++;
4837 }
4838 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004839 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
4840 proxy_type_str(curproxy), curproxy->id,
4841 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004842 cfgerr++;
4843 }
4844 }
Emeric Brun94324a42012-10-11 14:00:19 +02004845
Emeric Brun850efd52014-01-29 12:24:34 +01004846 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
4847 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01004848 switch (srv->ssl_ctx.verify) {
4849 case SSL_SOCK_VERIFY_NONE:
4850 verify = SSL_VERIFY_NONE;
4851 break;
4852 case SSL_SOCK_VERIFY_REQUIRED:
4853 verify = SSL_VERIFY_PEER;
4854 break;
4855 }
Evan Broderbe554312013-06-27 00:05:25 -07004856 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01004857 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02004858 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01004859 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02004860 if (srv->ssl_ctx.ca_file) {
4861 /* load CAfile to verify */
4862 if (!SSL_CTX_load_verify_locations(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004863 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to load CA file '%s'.\n",
4864 curproxy->id, srv->id,
4865 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004866 cfgerr++;
4867 }
4868 }
Emeric Brun850efd52014-01-29 12:24:34 +01004869 else {
4870 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01004871 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
4872 curproxy->id, srv->id,
4873 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004874 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01004875 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
4876 curproxy->id, srv->id,
4877 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004878 cfgerr++;
4879 }
Emeric Brunef42d922012-10-11 16:11:36 +02004880#ifdef X509_V_FLAG_CRL_CHECK
4881 if (srv->ssl_ctx.crl_file) {
4882 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
4883
4884 if (!store || !X509_STORE_load_locations(store, srv->ssl_ctx.crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004885 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
4886 curproxy->id, srv->id,
4887 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004888 cfgerr++;
4889 }
4890 else {
4891 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4892 }
4893 }
4894#endif
4895 }
4896
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004897 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
4898 SSL_SESS_CACHE_NO_INTERNAL_STORE);
4899 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02004900 if (srv->ssl_ctx.ciphers &&
4901 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004902 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
4903 curproxy->id, srv->id,
4904 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02004905 cfgerr++;
4906 }
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004907
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004908#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004909 if (srv->ssl_ctx.ciphersuites &&
Pierre Cheynierbc34cd12019-03-21 16:15:47 +00004910 !SSL_CTX_set_ciphersuites(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphersuites)) {
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004911 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set TLS 1.3 cipher suites to '%s'.\n",
4912 curproxy->id, srv->id,
4913 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphersuites);
4914 cfgerr++;
4915 }
4916#endif
Olivier Houchardc7566002018-11-20 23:33:50 +01004917#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
4918 if (srv->ssl_ctx.npn_str)
4919 SSL_CTX_set_next_proto_select_cb(ctx, ssl_sock_srv_select_protos, srv);
4920#endif
4921#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4922 if (srv->ssl_ctx.alpn_str)
4923 SSL_CTX_set_alpn_protos(ctx, (unsigned char *)srv->ssl_ctx.alpn_str, srv->ssl_ctx.alpn_len);
4924#endif
4925
Emeric Brun94324a42012-10-11 14:00:19 +02004926
4927 return cfgerr;
4928}
4929
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004930/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004931 * be NULL, in which case nothing is done. Returns the number of errors
4932 * encountered.
4933 */
Willy Tarreau03209342016-12-22 17:08:28 +01004934int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004935{
4936 struct ebmb_node *node;
4937 struct sni_ctx *sni;
4938 int err = 0;
4939
Willy Tarreaufce03112015-01-15 21:32:40 +01004940 /* Automatic memory computations need to know we use SSL there */
4941 global.ssl_used_frontend = 1;
4942
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004943 /* Make sure openssl opens /dev/urandom before the chroot */
4944 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004945 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004946 err++;
4947 }
4948 /* Create initial_ctx used to start the ssl connection before do switchctx */
4949 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004950 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004951 /* It should not be necessary to call this function, but it's
4952 necessary first to check and move all initialisation related
4953 to initial_ctx in ssl_sock_initial_ctx. */
4954 err += ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx);
4955 }
Emeric Brun0bed9942014-10-30 19:25:24 +01004956 if (bind_conf->default_ctx)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004957 err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx);
Emeric Brun0bed9942014-10-30 19:25:24 +01004958
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004959 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004960 while (node) {
4961 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004962 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4963 /* only initialize the CTX on its first occurrence and
4964 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004965 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004966 node = ebmb_next(node);
4967 }
4968
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004969 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004970 while (node) {
4971 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004972 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4973 /* only initialize the CTX on its first occurrence and
4974 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004975 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004976 node = ebmb_next(node);
4977 }
4978 return err;
4979}
4980
Willy Tarreau55d37912016-12-21 23:38:39 +01004981/* Prepares all the contexts for a bind_conf and allocates the shared SSL
4982 * context if needed. Returns < 0 on error, 0 on success. The warnings and
4983 * alerts are directly emitted since the rest of the stack does it below.
4984 */
4985int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
4986{
4987 struct proxy *px = bind_conf->frontend;
4988 int alloc_ctx;
4989 int err;
4990
4991 if (!bind_conf->is_ssl) {
4992 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004993 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
4994 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01004995 }
4996 return 0;
4997 }
4998 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004999 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005000 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
5001 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005002 }
5003 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005004 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
5005 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005006 return -1;
5007 }
Willy Tarreau55d37912016-12-21 23:38:39 +01005008 }
William Lallemandc61c0b32017-12-04 18:46:39 +01005009 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01005010 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
Frédéric Lécailleb7838af2018-10-22 16:21:39 +02005011 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE, -1,
William Lallemandc3cd35f2017-11-28 11:04:43 +01005012 sizeof(*sh_ssl_sess_tree),
5013 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
Frédéric Lécaille4c8aa112018-10-25 20:22:46 +02005014 if (alloc_ctx <= 0) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01005015 if (alloc_ctx == SHCTX_E_INIT_LOCK)
5016 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
5017 else
5018 ha_alert("Unable to allocate SSL session cache.\n");
5019 return -1;
5020 }
5021 /* free block callback */
5022 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
5023 /* init the root tree within the extra space */
5024 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
5025 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01005026 }
Willy Tarreau55d37912016-12-21 23:38:39 +01005027 err = 0;
5028 /* initialize all certificate contexts */
5029 err += ssl_sock_prepare_all_ctx(bind_conf);
5030
5031 /* initialize CA variables if the certificates generation is enabled */
5032 err += ssl_sock_load_ca(bind_conf);
5033
5034 return -err;
5035}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005036
5037/* release ssl context allocated for servers. */
5038void ssl_sock_free_srv_ctx(struct server *srv)
5039{
Olivier Houchardc7566002018-11-20 23:33:50 +01005040#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
5041 if (srv->ssl_ctx.alpn_str)
5042 free(srv->ssl_ctx.alpn_str);
5043#endif
Lukas Tribusda95fd92018-11-25 13:21:27 +01005044#ifdef OPENSSL_NPN_NEGOTIATED
Olivier Houchardc7566002018-11-20 23:33:50 +01005045 if (srv->ssl_ctx.npn_str)
5046 free(srv->ssl_ctx.npn_str);
Lukas Tribus7706b852018-11-26 22:57:17 +01005047#endif
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005048 if (srv->ssl_ctx.ctx)
5049 SSL_CTX_free(srv->ssl_ctx.ctx);
5050}
5051
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005052/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02005053 * be NULL, in which case nothing is done. The default_ctx is nullified too.
5054 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005055void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02005056{
5057 struct ebmb_node *node, *back;
5058 struct sni_ctx *sni;
5059
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005060 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005061 while (node) {
5062 sni = ebmb_entry(node, struct sni_ctx, name);
5063 back = ebmb_next(node);
5064 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005065 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005066 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005067 ssl_sock_free_ssl_conf(sni->conf);
5068 free(sni->conf);
5069 sni->conf = NULL;
5070 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005071 free(sni);
5072 node = back;
5073 }
5074
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005075 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005076 while (node) {
5077 sni = ebmb_entry(node, struct sni_ctx, name);
5078 back = ebmb_next(node);
5079 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005080 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005081 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005082 ssl_sock_free_ssl_conf(sni->conf);
5083 free(sni->conf);
5084 sni->conf = NULL;
5085 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005086 free(sni);
5087 node = back;
5088 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005089 SSL_CTX_free(bind_conf->initial_ctx);
5090 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005091 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005092 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02005093}
5094
Willy Tarreau795cdab2016-12-22 17:30:54 +01005095/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
5096void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
5097{
5098 ssl_sock_free_ca(bind_conf);
5099 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005100 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01005101 free(bind_conf->ca_sign_file);
5102 free(bind_conf->ca_sign_pass);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02005103 if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) {
Willy Tarreau795cdab2016-12-22 17:30:54 +01005104 free(bind_conf->keys_ref->filename);
5105 free(bind_conf->keys_ref->tlskeys);
5106 LIST_DEL(&bind_conf->keys_ref->list);
5107 free(bind_conf->keys_ref);
5108 }
5109 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005110 bind_conf->ca_sign_pass = NULL;
5111 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005112}
5113
Christopher Faulet31af49d2015-06-09 17:29:50 +02005114/* Load CA cert file and private key used to generate certificates */
5115int
Willy Tarreau03209342016-12-22 17:08:28 +01005116ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005117{
Willy Tarreau03209342016-12-22 17:08:28 +01005118 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005119 FILE *fp;
5120 X509 *cacert = NULL;
5121 EVP_PKEY *capkey = NULL;
5122 int err = 0;
5123
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02005124 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005125 return err;
5126
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005127#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02005128 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01005129 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005130 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02005131 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005132 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02005133#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02005134
Christopher Faulet31af49d2015-06-09 17:29:50 +02005135 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005136 ha_alert("Proxy '%s': cannot enable certificate generation, "
5137 "no CA certificate File configured at [%s:%d].\n",
5138 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005139 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005140 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005141
5142 /* read in the CA certificate */
5143 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005144 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5145 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005146 goto load_error;
5147 }
5148 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005149 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5150 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005151 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005152 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005153 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005154 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005155 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
5156 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005157 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005158 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005159
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005160 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005161 bind_conf->ca_sign_cert = cacert;
5162 bind_conf->ca_sign_pkey = capkey;
5163 return err;
5164
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005165 read_error:
5166 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005167 if (capkey) EVP_PKEY_free(capkey);
5168 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005169 load_error:
5170 bind_conf->generate_certs = 0;
5171 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005172 return err;
5173}
5174
5175/* Release CA cert and private key used to generate certificated */
5176void
5177ssl_sock_free_ca(struct bind_conf *bind_conf)
5178{
Christopher Faulet31af49d2015-06-09 17:29:50 +02005179 if (bind_conf->ca_sign_pkey)
5180 EVP_PKEY_free(bind_conf->ca_sign_pkey);
5181 if (bind_conf->ca_sign_cert)
5182 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01005183 bind_conf->ca_sign_pkey = NULL;
5184 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005185}
5186
Emeric Brun46591952012-05-18 15:47:34 +02005187/*
5188 * This function is called if SSL * context is not yet allocated. The function
5189 * is designed to be called before any other data-layer operation and sets the
5190 * handshake flag on the connection. It is safe to call it multiple times.
5191 * It returns 0 on success and -1 in error case.
5192 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005193static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005194{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005195 struct ssl_sock_ctx *ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005196 /* already initialized */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005197 if (*xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005198 return 0;
5199
Willy Tarreau3c728722014-01-23 13:50:42 +01005200 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005201 return 0;
5202
Olivier Houchard66ab4982019-02-26 18:37:15 +01005203 ctx = pool_alloc(ssl_sock_ctx_pool);
5204 if (!ctx) {
5205 conn->err_code = CO_ER_SSL_NO_MEM;
5206 return -1;
5207 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005208 ctx->wait_event.tasklet = tasklet_new();
5209 if (!ctx->wait_event.tasklet) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005210 conn->err_code = CO_ER_SSL_NO_MEM;
5211 pool_free(ssl_sock_ctx_pool, ctx);
5212 return -1;
5213 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005214 ctx->wait_event.tasklet->process = ssl_sock_io_cb;
5215 ctx->wait_event.tasklet->context = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005216 ctx->wait_event.events = 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005217 ctx->sent_early_data = 0;
Olivier Houchardf6715e72019-12-19 15:02:39 +01005218 ctx->early_buf = BUF_NULL;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005219 ctx->conn = conn;
Olivier Houchard81284e62019-06-06 13:21:23 +02005220 ctx->send_wait = NULL;
5221 ctx->recv_wait = NULL;
Emeric Brun87cfd662019-09-06 15:36:02 +02005222 ctx->xprt_st = 0;
5223 ctx->xprt_ctx = NULL;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005224
5225 /* Only work with sockets for now, this should be adapted when we'll
5226 * add QUIC support.
5227 */
5228 ctx->xprt = xprt_get(XPRT_RAW);
Olivier Houchard19afb272019-05-23 18:24:07 +02005229 if (ctx->xprt->init) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005230 if (ctx->xprt->init(conn, &ctx->xprt_ctx) != 0)
5231 goto err;
Olivier Houchard19afb272019-05-23 18:24:07 +02005232 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005233
Willy Tarreau20879a02012-12-03 16:32:10 +01005234 if (global.maxsslconn && sslconns >= global.maxsslconn) {
5235 conn->err_code = CO_ER_SSL_TOO_MANY;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005236 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005237 }
Willy Tarreau403edff2012-09-06 11:58:37 +02005238
Emeric Brun46591952012-05-18 15:47:34 +02005239 /* If it is in client mode initiate SSL session
5240 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005241 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005242 int may_retry = 1;
5243
5244 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02005245 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005246 ctx->ssl = SSL_new(__objt_server(conn->target)->ssl_ctx.ctx);
5247 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005248 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005249 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005250 goto retry_connect;
5251 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005252 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005253 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005254 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005255 ctx->bio = BIO_new(ha_meth);
5256 if (!ctx->bio) {
Olivier Houchardb451b972020-01-24 15:17:38 +01005257 SSL_free(ctx->ssl);
5258 ctx->ssl = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005259 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005260 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005261 goto retry_connect;
5262 }
Emeric Brun55476152014-11-12 17:35:37 +01005263 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005264 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005265 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005266 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005267 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005268
Evan Broderbe554312013-06-27 00:05:25 -07005269 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005270 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5271 SSL_free(ctx->ssl);
5272 ctx->ssl = NULL;
Emeric Brun55476152014-11-12 17:35:37 +01005273 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005274 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005275 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005276 goto retry_connect;
5277 }
Emeric Brun55476152014-11-12 17:35:37 +01005278 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005279 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005280 }
5281
Olivier Houchard66ab4982019-02-26 18:37:15 +01005282 SSL_set_connect_state(ctx->ssl);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005283 if (__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5284 const unsigned char *ptr = __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
5285 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, __objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005286 if (sess && !SSL_set_session(ctx->ssl, sess)) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005287 SSL_SESSION_free(sess);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005288 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5289 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Olivier Houcharde6060c52017-11-16 17:42:52 +01005290 } else if (sess) {
5291 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01005292 }
5293 }
Evan Broderbe554312013-06-27 00:05:25 -07005294
Emeric Brun46591952012-05-18 15:47:34 +02005295 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005296 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02005297
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005298 _HA_ATOMIC_ADD(&sslconns, 1);
5299 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005300 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005301 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005302 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005303 if (conn->flags & CO_FL_ERROR)
5304 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005305 return 0;
5306 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005307 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005308 int may_retry = 1;
5309
5310 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02005311 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005312 ctx->ssl = SSL_new(__objt_listener(conn->target)->bind_conf->initial_ctx);
5313 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005314 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005315 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005316 goto retry_accept;
5317 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005318 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005319 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005320 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005321 ctx->bio = BIO_new(ha_meth);
5322 if (!ctx->bio) {
Olivier Houchardb451b972020-01-24 15:17:38 +01005323 SSL_free(ctx->ssl);
5324 ctx->ssl = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005325 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005326 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005327 goto retry_accept;
5328 }
Emeric Brun55476152014-11-12 17:35:37 +01005329 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005330 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005331 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005332 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005333 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005334
Emeric Brune1f38db2012-09-03 20:36:47 +02005335 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005336 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5337 SSL_free(ctx->ssl);
5338 ctx->ssl = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005339 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005340 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005341 goto retry_accept;
5342 }
Emeric Brun55476152014-11-12 17:35:37 +01005343 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005344 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005345 }
5346
Frédéric Lécaille583362f2020-01-24 14:56:18 +01005347#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
5348 if (__objt_listener(conn->target)->bind_conf->ssl_conf.early_data) {
5349 b_alloc(&ctx->early_buf);
5350 SSL_set_max_early_data(ctx->ssl,
5351 /* Only allow early data if we managed to allocate
5352 * a buffer.
5353 */
5354 (!b_is_null(&ctx->early_buf)) ?
5355 global.tune.bufsize - global.tune.maxrewrite : 0);
5356 }
5357#endif
5358
Olivier Houchard66ab4982019-02-26 18:37:15 +01005359 SSL_set_accept_state(ctx->ssl);
Emeric Brune1f38db2012-09-03 20:36:47 +02005360
Emeric Brun46591952012-05-18 15:47:34 +02005361 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005362 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Emmanuel Hocdet510fce52019-08-05 18:04:16 +02005363#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005364 conn->flags |= CO_FL_EARLY_SSL_HS;
5365#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02005366
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005367 _HA_ATOMIC_ADD(&sslconns, 1);
5368 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005369 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005370 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005371 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005372 if (conn->flags & CO_FL_ERROR)
5373 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005374 return 0;
5375 }
5376 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01005377 conn->err_code = CO_ER_SSL_NO_TARGET;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005378err:
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005379 if (ctx && ctx->wait_event.tasklet)
5380 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005381 pool_free(ssl_sock_ctx_pool, ctx);
Emeric Brun46591952012-05-18 15:47:34 +02005382 return -1;
5383}
5384
5385
5386/* This is the callback which is used when an SSL handshake is pending. It
5387 * updates the FD status if it wants some polling before being called again.
5388 * It returns 0 if it fails in a fatal way or needs to poll to go further,
5389 * otherwise it returns non-zero and removes itself from the connection's
5390 * flags (the bit is provided in <flag> by the caller).
5391 */
Olivier Houchard000694c2019-05-23 14:45:12 +02005392static int ssl_sock_handshake(struct connection *conn, unsigned int flag)
Emeric Brun46591952012-05-18 15:47:34 +02005393{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005394 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005395 int ret;
5396
Willy Tarreau3c728722014-01-23 13:50:42 +01005397 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005398 return 0;
5399
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005400 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005401 goto out_error;
5402
Willy Tarreau5db847a2019-05-09 14:13:35 +02005403#if HA_OPENSSL_VERSION_NUMBER >= 0x10101000L
Olivier Houchardc2aae742017-09-22 18:26:28 +02005404 /*
5405 * Check if we have early data. If we do, we have to read them
5406 * before SSL_do_handshake() is called, And there's no way to
5407 * detect early data, except to try to read them
5408 */
5409 if (conn->flags & CO_FL_EARLY_SSL_HS) {
Olivier Houchardf6715e72019-12-19 15:02:39 +01005410 size_t read_data = 0;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005411
Olivier Houchardf6715e72019-12-19 15:02:39 +01005412 while (1) {
5413 ret = SSL_read_early_data(ctx->ssl,
5414 b_tail(&ctx->early_buf), b_room(&ctx->early_buf),
5415 &read_data);
5416 if (ret == SSL_READ_EARLY_DATA_ERROR)
5417 goto check_error;
5418 if (read_data > 0) {
5419 conn->flags |= CO_FL_EARLY_DATA;
5420 b_add(&ctx->early_buf, read_data);
5421 }
5422 if (ret == SSL_READ_EARLY_DATA_FINISH) {
5423 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5424 if (!b_data(&ctx->early_buf))
5425 b_free(&ctx->early_buf);
5426 break;
5427 }
5428 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005429 }
5430#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005431 /* If we use SSL_do_handshake to process a reneg initiated by
5432 * the remote peer, it sometimes returns SSL_ERROR_SSL.
5433 * Usually SSL_write and SSL_read are used and process implicitly
5434 * the reneg handshake.
5435 * Here we use SSL_peek as a workaround for reneg.
5436 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005437 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005438 char c;
5439
Olivier Houchard66ab4982019-02-26 18:37:15 +01005440 ret = SSL_peek(ctx->ssl, &c, 1);
Emeric Brun674b7432012-11-08 19:21:55 +01005441 if (ret <= 0) {
5442 /* handshake may have not been completed, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005443 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005444
Emeric Brun674b7432012-11-08 19:21:55 +01005445 if (ret == SSL_ERROR_WANT_WRITE) {
5446 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005447 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005448 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01005449 return 0;
5450 }
5451 else if (ret == SSL_ERROR_WANT_READ) {
5452 /* handshake may have been completed but we have
5453 * no more data to read.
5454 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005455 if (!SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005456 ret = 1;
5457 goto reneg_ok;
5458 }
5459 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005460 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005461 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01005462 return 0;
5463 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005464#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005465 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005466 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005467 return 0;
5468 }
5469#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005470 else if (ret == SSL_ERROR_SYSCALL) {
5471 /* if errno is null, then connection was successfully established */
5472 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5473 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01005474 if (!conn->err_code) {
Lukas Tribus5db881f2019-07-08 14:29:15 +02005475#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
5476 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005477 conn->err_code = CO_ER_SSL_HANDSHAKE;
5478#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005479 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005480#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus5db881f2019-07-08 14:29:15 +02005481 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005482 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)ctx->ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005483 empty_handshake = state == TLS_ST_BEFORE;
5484#else
Lukas Tribus5db881f2019-07-08 14:29:15 +02005485 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
5486 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005487#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005488 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02005489 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005490 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005491 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5492 else
5493 conn->err_code = CO_ER_SSL_EMPTY;
5494 }
5495 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005496 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005497 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5498 else
5499 conn->err_code = CO_ER_SSL_ABORT;
5500 }
5501 }
5502 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005503 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005504 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01005505 else
Emeric Brun29f037d2014-04-25 19:05:36 +02005506 conn->err_code = CO_ER_SSL_HANDSHAKE;
5507 }
Lukas Tribus5db881f2019-07-08 14:29:15 +02005508#endif /* BoringSSL or LibreSSL */
Willy Tarreau20879a02012-12-03 16:32:10 +01005509 }
Emeric Brun674b7432012-11-08 19:21:55 +01005510 goto out_error;
5511 }
5512 else {
5513 /* Fail on all other handshake errors */
5514 /* Note: OpenSSL may leave unread bytes in the socket's
5515 * buffer, causing an RST to be emitted upon close() on
5516 * TCP sockets. We first try to drain possibly pending
5517 * data to avoid this as much as possible.
5518 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005519 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005520 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005521 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02005522 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01005523 goto out_error;
5524 }
5525 }
5526 /* read some data: consider handshake completed */
5527 goto reneg_ok;
5528 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005529 ret = SSL_do_handshake(ctx->ssl);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005530check_error:
Emeric Brun46591952012-05-18 15:47:34 +02005531 if (ret != 1) {
5532 /* handshake did not complete, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005533 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005534
5535 if (ret == SSL_ERROR_WANT_WRITE) {
5536 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005537 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005538 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02005539 return 0;
5540 }
5541 else if (ret == SSL_ERROR_WANT_READ) {
5542 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchardea8dd942019-05-20 14:02:16 +02005543 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005544 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
5545 SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02005546 return 0;
5547 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005548#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005549 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005550 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005551 return 0;
5552 }
5553#endif
Willy Tarreau89230192012-09-28 20:22:13 +02005554 else if (ret == SSL_ERROR_SYSCALL) {
5555 /* if errno is null, then connection was successfully established */
5556 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5557 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005558 if (!conn->err_code) {
Lukas Tribus5db881f2019-07-08 14:29:15 +02005559#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
5560 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005561 conn->err_code = CO_ER_SSL_HANDSHAKE;
5562#else
5563 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005564#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus5db881f2019-07-08 14:29:15 +02005565 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005566 OSSL_HANDSHAKE_STATE state = SSL_get_state(ctx->ssl);
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005567 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005568#else
Lukas Tribus5db881f2019-07-08 14:29:15 +02005569 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
5570 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005571#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005572 if (empty_handshake) {
5573 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005574 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005575 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5576 else
5577 conn->err_code = CO_ER_SSL_EMPTY;
5578 }
5579 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005580 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005581 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5582 else
5583 conn->err_code = CO_ER_SSL_ABORT;
5584 }
Emeric Brun29f037d2014-04-25 19:05:36 +02005585 }
5586 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005587 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005588 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5589 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005590 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02005591 }
Lukas Tribus5db881f2019-07-08 14:29:15 +02005592#endif /* BoringSSL or LibreSSL */
Emeric Brun29f037d2014-04-25 19:05:36 +02005593 }
Willy Tarreau89230192012-09-28 20:22:13 +02005594 goto out_error;
5595 }
Emeric Brun46591952012-05-18 15:47:34 +02005596 else {
5597 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02005598 /* Note: OpenSSL may leave unread bytes in the socket's
5599 * buffer, causing an RST to be emitted upon close() on
5600 * TCP sockets. We first try to drain possibly pending
5601 * data to avoid this as much as possible.
5602 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005603 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005604 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005605 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02005606 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005607 goto out_error;
5608 }
5609 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005610#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard522eea72017-11-03 16:27:47 +01005611 else {
5612 /*
5613 * If the server refused the early data, we have to send a
5614 * 425 to the client, as we no longer have the data to sent
5615 * them again.
5616 */
5617 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005618 if (SSL_get_early_data_status(ctx->ssl) == SSL_EARLY_DATA_REJECTED) {
Olivier Houchard522eea72017-11-03 16:27:47 +01005619 conn->err_code = CO_ER_SSL_EARLY_FAILED;
5620 goto out_error;
5621 }
5622 }
5623 }
5624#endif
5625
Emeric Brun46591952012-05-18 15:47:34 +02005626
Emeric Brun674b7432012-11-08 19:21:55 +01005627reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00005628
Willy Tarreau5db847a2019-05-09 14:13:35 +02005629#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005630 /* ASYNC engine API doesn't support moving read/write
5631 * buffers. So we disable ASYNC mode right after
5632 * the handshake to avoid buffer oveflows.
5633 */
5634 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005635 SSL_clear_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005636#endif
Emeric Brun46591952012-05-18 15:47:34 +02005637 /* Handshake succeeded */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005638 if (!SSL_session_reused(ctx->ssl)) {
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005639 if (objt_server(conn->target)) {
5640 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
5641 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
5642 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02005643 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005644 else {
5645 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
5646 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
5647 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
5648 }
Emeric Brun46591952012-05-18 15:47:34 +02005649 }
5650
5651 /* The connection is now established at both layers, it's time to leave */
5652 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
5653 return 1;
5654
5655 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005656 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005657 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005658 ERR_clear_error();
5659
Emeric Brun9fa89732012-10-04 17:09:56 +02005660 /* free resumed session if exists */
Willy Tarreau07d94e42018-09-20 10:57:52 +02005661 if (objt_server(conn->target) && __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5662 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5663 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02005664 }
5665
Emeric Brun46591952012-05-18 15:47:34 +02005666 /* Fail on all other handshake errors */
5667 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01005668 if (!conn->err_code)
5669 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005670 return 0;
5671}
5672
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005673static int ssl_subscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01005674{
Olivier Houchardea8dd942019-05-20 14:02:16 +02005675 struct wait_event *sw;
5676 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005677
Olivier Houcharda37eb6a2019-06-24 18:57:39 +02005678 if (!ctx)
5679 return -1;
5680
Olivier Houchardea8dd942019-05-20 14:02:16 +02005681 if (event_type & SUB_RETRY_RECV) {
5682 sw = param;
5683 BUG_ON(ctx->recv_wait != NULL || (sw->events & SUB_RETRY_RECV));
5684 sw->events |= SUB_RETRY_RECV;
5685 ctx->recv_wait = sw;
5686 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
5687 !(ctx->wait_event.events & SUB_RETRY_RECV))
5688 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
5689 event_type &= ~SUB_RETRY_RECV;
5690 }
5691 if (event_type & SUB_RETRY_SEND) {
5692sw = param;
5693 BUG_ON(ctx->send_wait != NULL || (sw->events & SUB_RETRY_SEND));
5694 sw->events |= SUB_RETRY_SEND;
5695 ctx->send_wait = sw;
5696 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
5697 !(ctx->wait_event.events & SUB_RETRY_SEND))
5698 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
5699 event_type &= ~SUB_RETRY_SEND;
5700
5701 }
5702 if (event_type != 0)
5703 return -1;
5704 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01005705}
5706
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005707static int ssl_unsubscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01005708{
Olivier Houchardea8dd942019-05-20 14:02:16 +02005709 struct wait_event *sw;
5710 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005711
Olivier Houchardea8dd942019-05-20 14:02:16 +02005712 if (event_type & SUB_RETRY_RECV) {
5713 sw = param;
5714 BUG_ON(ctx->recv_wait != sw);
5715 ctx->recv_wait = NULL;
5716 sw->events &= ~SUB_RETRY_RECV;
5717 /* If we subscribed, and we're not doing the handshake,
5718 * then we subscribed because the upper layer asked for it,
5719 * as the upper layer is no longer interested, we can
5720 * unsubscribe too.
5721 */
5722 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
5723 (ctx->wait_event.events & SUB_RETRY_RECV))
5724 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV,
5725 &ctx->wait_event);
5726 }
5727 if (event_type & SUB_RETRY_SEND) {
5728 sw = param;
5729 BUG_ON(ctx->send_wait != sw);
5730 ctx->send_wait = NULL;
5731 sw->events &= ~SUB_RETRY_SEND;
5732 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
5733 (ctx->wait_event.events & SUB_RETRY_SEND))
5734 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND,
5735 &ctx->wait_event);
5736
5737 }
5738
5739 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01005740}
5741
Olivier Houchard2e055482019-05-27 19:50:12 +02005742/* Use the provided XPRT as an underlying XPRT, and provide the old one.
5743 * Returns 0 on success, and non-zero on failure.
5744 */
5745static int ssl_add_xprt(struct connection *conn, void *xprt_ctx, void *toadd_ctx, const struct xprt_ops *toadd_ops, void **oldxprt_ctx, const struct xprt_ops **oldxprt_ops)
5746{
5747 struct ssl_sock_ctx *ctx = xprt_ctx;
5748
5749 if (oldxprt_ops != NULL)
5750 *oldxprt_ops = ctx->xprt;
5751 if (oldxprt_ctx != NULL)
5752 *oldxprt_ctx = ctx->xprt_ctx;
5753 ctx->xprt = toadd_ops;
5754 ctx->xprt_ctx = toadd_ctx;
5755 return 0;
5756}
5757
Olivier Houchard5149b592019-05-23 17:47:36 +02005758/* Remove the specified xprt. If if it our underlying XPRT, remove it and
5759 * return 0, otherwise just call the remove_xprt method from the underlying
5760 * XPRT.
5761 */
5762static int ssl_remove_xprt(struct connection *conn, void *xprt_ctx, void *toremove_ctx, const struct xprt_ops *newops, void *newctx)
5763{
5764 struct ssl_sock_ctx *ctx = xprt_ctx;
5765
5766 if (ctx->xprt_ctx == toremove_ctx) {
5767 ctx->xprt_ctx = newctx;
5768 ctx->xprt = newops;
5769 return 0;
5770 }
5771 return (ctx->xprt->remove_xprt(conn, ctx->xprt_ctx, toremove_ctx, newops, newctx));
5772}
5773
Olivier Houchardea8dd942019-05-20 14:02:16 +02005774static struct task *ssl_sock_io_cb(struct task *t, void *context, unsigned short state)
5775{
5776 struct ssl_sock_ctx *ctx = context;
5777
5778 /* First if we're doing an handshake, try that */
5779 if (ctx->conn->flags & CO_FL_SSL_WAIT_HS)
5780 ssl_sock_handshake(ctx->conn, CO_FL_SSL_WAIT_HS);
5781 /* If we had an error, or the handshake is done and I/O is available,
5782 * let the upper layer know.
5783 * If no mux was set up yet, and nobody subscribed, then call
5784 * xprt_done_cb() ourself if it's set, or destroy the connection,
5785 * we can't be sure conn_fd_handler() will be called again.
5786 */
5787 if ((ctx->conn->flags & CO_FL_ERROR) ||
5788 !(ctx->conn->flags & CO_FL_SSL_WAIT_HS)) {
5789 int ret = 0;
5790 int woke = 0;
5791
5792 /* On error, wake any waiter */
5793 if (ctx->recv_wait) {
5794 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005795 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005796 ctx->recv_wait = NULL;
5797 woke = 1;
5798 }
5799 if (ctx->send_wait) {
5800 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005801 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005802 ctx->send_wait = NULL;
5803 woke = 1;
5804 }
5805 /* If we're the first xprt for the connection, let the
5806 * upper layers know. If xprt_done_cb() is set, call it,
5807 * otherwise, we should have a mux, so call its wake
5808 * method if we didn't woke a tasklet already.
5809 */
5810 if (ctx->conn->xprt_ctx == ctx) {
5811 if (ctx->conn->xprt_done_cb)
5812 ret = ctx->conn->xprt_done_cb(ctx->conn);
5813 if (ret >= 0 && !woke && ctx->conn->mux && ctx->conn->mux->wake)
5814 ctx->conn->mux->wake(ctx->conn);
5815 return NULL;
5816 }
5817 }
Olivier Houchardf6715e72019-12-19 15:02:39 +01005818#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
5819 /* If we have early data and somebody wants to receive, let them */
5820 else if (b_data(&ctx->early_buf) && ctx->recv_wait) {
5821 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
5822 tasklet_wakeup(ctx->recv_wait->tasklet);
5823 ctx->recv_wait = NULL;
5824
5825 }
5826#endif
Olivier Houchardea8dd942019-05-20 14:02:16 +02005827 return NULL;
5828}
5829
Emeric Brun46591952012-05-18 15:47:34 +02005830/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01005831 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02005832 * buffer wraps, in which case a second call may be performed. The connection's
5833 * flags are updated with whatever special event is detected (error, read0,
5834 * empty). The caller is responsible for taking care of those events and
5835 * avoiding the call if inappropriate. The function does not call the
5836 * connection's polling update function, so the caller is responsible for this.
5837 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005838static size_t ssl_sock_to_buf(struct connection *conn, void *xprt_ctx, struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005839{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005840 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreaubfc4d772018-07-18 11:22:03 +02005841 ssize_t ret;
5842 size_t try, done = 0;
Emeric Brun46591952012-05-18 15:47:34 +02005843
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005844 conn_refresh_polling_flags(conn);
5845
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005846 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005847 goto out_error;
5848
Olivier Houchardf6715e72019-12-19 15:02:39 +01005849#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
5850 if (b_data(&ctx->early_buf)) {
5851 try = b_contig_space(buf);
5852 if (try > b_data(&ctx->early_buf))
5853 try = b_data(&ctx->early_buf);
5854 memcpy(b_tail(buf), b_head(&ctx->early_buf), try);
5855 b_add(buf, try);
5856 b_del(&ctx->early_buf, try);
5857 if (b_data(&ctx->early_buf) == 0)
5858 b_free(&ctx->early_buf);
5859 return try;
5860 }
5861#endif
5862
Emeric Brun46591952012-05-18 15:47:34 +02005863 if (conn->flags & CO_FL_HANDSHAKE)
5864 /* a handshake was requested */
5865 return 0;
5866
Emeric Brun46591952012-05-18 15:47:34 +02005867 /* read the largest possible block. For this, we perform only one call
5868 * to recv() unless the buffer wraps and we exactly fill the first hunk,
5869 * in which case we accept to do it once again. A new attempt is made on
5870 * EINTR too.
5871 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01005872 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005873
Willy Tarreau591d4452018-06-15 17:21:00 +02005874 try = b_contig_space(buf);
5875 if (!try)
5876 break;
5877
Willy Tarreauabf08d92014-01-14 11:31:27 +01005878 if (try > count)
5879 try = count;
Willy Tarreau591d4452018-06-15 17:21:00 +02005880
Olivier Houchard66ab4982019-02-26 18:37:15 +01005881 ret = SSL_read(ctx->ssl, b_tail(buf), try);
Emmanuel Hocdet510fce52019-08-05 18:04:16 +02005882
Emeric Brune1f38db2012-09-03 20:36:47 +02005883 if (conn->flags & CO_FL_ERROR) {
5884 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005885 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005886 }
Emeric Brun46591952012-05-18 15:47:34 +02005887 if (ret > 0) {
Olivier Houchardacd14032018-06-28 18:17:23 +02005888 b_add(buf, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005889 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005890 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005891 }
Emeric Brun46591952012-05-18 15:47:34 +02005892 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005893 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005894 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005895 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02005896 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005897 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02005898#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005899 /* Async mode can be re-enabled, because we're leaving data state.*/
5900 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005901 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005902#endif
Emeric Brun46591952012-05-18 15:47:34 +02005903 break;
5904 }
5905 else if (ret == SSL_ERROR_WANT_READ) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005906 if (SSL_renegotiate_pending(ctx->ssl)) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005907 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
5908 SUB_RETRY_RECV,
5909 &ctx->wait_event);
Emeric Brun282a76a2012-11-08 18:02:56 +01005910 /* handshake is running, and it may need to re-enable read */
5911 conn->flags |= CO_FL_SSL_WAIT_HS;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005912#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005913 /* Async mode can be re-enabled, because we're leaving data state.*/
5914 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005915 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005916#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005917 break;
5918 }
Emeric Brun46591952012-05-18 15:47:34 +02005919 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005920 } else if (ret == SSL_ERROR_ZERO_RETURN)
5921 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005922 /* For SSL_ERROR_SYSCALL, make sure to clear the error
5923 * stack before shutting down the connection for
5924 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005925 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
5926 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02005927 /* otherwise it's a real error */
5928 goto out_error;
5929 }
5930 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005931 leave:
Emeric Brun46591952012-05-18 15:47:34 +02005932 return done;
5933
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005934 clear_ssl_error:
5935 /* Clear openssl global errors stack */
5936 ssl_sock_dump_errors(conn);
5937 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02005938 read0:
5939 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005940 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005941
Emeric Brun46591952012-05-18 15:47:34 +02005942 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005943 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01005944 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005945 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005946 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005947 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005948}
5949
5950
Willy Tarreau787db9a2018-06-14 18:31:46 +02005951/* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s
5952 * socket. <flags> may contain some CO_SFL_* flags to hint the system about
5953 * other pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02005954 * Only one call to send() is performed, unless the buffer wraps, in which case
5955 * a second call may be performed. The connection's flags are updated with
5956 * whatever special event is detected (error, empty). The caller is responsible
5957 * for taking care of those events and avoiding the call if inappropriate. The
5958 * function does not call the connection's polling update function, so the caller
Willy Tarreau787db9a2018-06-14 18:31:46 +02005959 * is responsible for this. The buffer's output is not adjusted, it's up to the
5960 * caller to take care of this. It's up to the caller to update the buffer's
5961 * contents based on the return value.
Emeric Brun46591952012-05-18 15:47:34 +02005962 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005963static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005964{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005965 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreau787db9a2018-06-14 18:31:46 +02005966 ssize_t ret;
5967 size_t try, done;
Emeric Brun46591952012-05-18 15:47:34 +02005968
5969 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005970 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005971
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005972 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005973 goto out_error;
5974
Olivier Houchard010941f2019-05-03 20:56:19 +02005975 if (conn->flags & (CO_FL_HANDSHAKE | CO_FL_EARLY_SSL_HS))
Emeric Brun46591952012-05-18 15:47:34 +02005976 /* a handshake was requested */
5977 return 0;
5978
5979 /* send the largest possible block. For this we perform only one call
5980 * to send() unless the buffer wraps and we exactly fill the first hunk,
5981 * in which case we accept to do it once again.
5982 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02005983 while (count) {
Willy Tarreau5db847a2019-05-09 14:13:35 +02005984#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005985 size_t written_data;
5986#endif
5987
Willy Tarreau787db9a2018-06-14 18:31:46 +02005988 try = b_contig_data(buf, done);
5989 if (try > count)
5990 try = count;
Willy Tarreaubfd59462013-02-21 07:46:09 +01005991
Willy Tarreau7bed9452014-02-02 02:00:24 +01005992 if (!(flags & CO_SFL_STREAMER) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005993 !(ctx->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01005994 global_ssl.max_record && try > global_ssl.max_record) {
5995 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005996 }
5997 else {
5998 /* we need to keep the information about the fact that
5999 * we're not limiting the upcoming send(), because if it
6000 * fails, we'll have to retry with at least as many data.
6001 */
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006002 ctx->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau518cedd2014-02-17 15:43:01 +01006003 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01006004
Willy Tarreau5db847a2019-05-09 14:13:35 +02006005#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard010941f2019-05-03 20:56:19 +02006006 if (!SSL_is_init_finished(ctx->ssl) && conn_is_back(conn)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02006007 unsigned int max_early;
6008
Olivier Houchard522eea72017-11-03 16:27:47 +01006009 if (objt_listener(conn->target))
Olivier Houchard66ab4982019-02-26 18:37:15 +01006010 max_early = SSL_get_max_early_data(ctx->ssl);
Olivier Houchard522eea72017-11-03 16:27:47 +01006011 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006012 if (SSL_get0_session(ctx->ssl))
6013 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(ctx->ssl));
Olivier Houchard522eea72017-11-03 16:27:47 +01006014 else
6015 max_early = 0;
6016 }
6017
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006018 if (try + ctx->sent_early_data > max_early) {
6019 try -= (try + ctx->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01006020 if (try <= 0) {
Olivier Houchard010941f2019-05-03 20:56:19 +02006021 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006022 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006023 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01006024 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02006025 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01006026 ret = SSL_write_early_data(ctx->ssl, b_peek(buf, done), try, &written_data);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006027 if (ret == 1) {
6028 ret = written_data;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006029 ctx->sent_early_data += ret;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006030 if (objt_server(conn->target)) {
Olivier Houchard522eea72017-11-03 16:27:47 +01006031 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006032 /* Initiate the handshake, now */
6033 tasklet_wakeup(ctx->wait_event.tasklet);
6034 }
Olivier Houchard522eea72017-11-03 16:27:47 +01006035
Olivier Houchardc2aae742017-09-22 18:26:28 +02006036 }
6037
6038 } else
6039#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006040 ret = SSL_write(ctx->ssl, b_peek(buf, done), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01006041
Emeric Brune1f38db2012-09-03 20:36:47 +02006042 if (conn->flags & CO_FL_ERROR) {
6043 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01006044 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02006045 }
Emeric Brun46591952012-05-18 15:47:34 +02006046 if (ret > 0) {
Olivier Houchardf24502b2019-01-17 19:09:11 +01006047 /* A send succeeded, so we can consier ourself connected */
6048 conn->flags |= CO_FL_CONNECTED;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006049 ctx->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau787db9a2018-06-14 18:31:46 +02006050 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02006051 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02006052 }
6053 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006054 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006055
Emeric Brun46591952012-05-18 15:47:34 +02006056 if (ret == SSL_ERROR_WANT_WRITE) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006057 if (SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun282a76a2012-11-08 18:02:56 +01006058 /* handshake is running, and it may need to re-enable write */
6059 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006060 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006061#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006062 /* Async mode can be re-enabled, because we're leaving data state.*/
6063 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006064 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006065#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01006066 break;
6067 }
Olivier Houchardea8dd942019-05-20 14:02:16 +02006068
Emeric Brun46591952012-05-18 15:47:34 +02006069 break;
6070 }
6071 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01006072 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02006073 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006074 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6075 SUB_RETRY_RECV,
6076 &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006077#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006078 /* Async mode can be re-enabled, because we're leaving data state.*/
6079 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006080 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006081#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006082 break;
6083 }
Emeric Brun46591952012-05-18 15:47:34 +02006084 goto out_error;
6085 }
6086 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006087 leave:
Emeric Brun46591952012-05-18 15:47:34 +02006088 return done;
6089
6090 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01006091 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006092 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006093 ERR_clear_error();
6094
Emeric Brun46591952012-05-18 15:47:34 +02006095 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006096 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02006097}
6098
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006099static void ssl_sock_close(struct connection *conn, void *xprt_ctx) {
Emeric Brun46591952012-05-18 15:47:34 +02006100
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006101 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006102
Olivier Houchardea8dd942019-05-20 14:02:16 +02006103
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006104 if (ctx) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006105 if (ctx->wait_event.events != 0)
6106 ctx->xprt->unsubscribe(ctx->conn, ctx->xprt_ctx,
6107 ctx->wait_event.events,
6108 &ctx->wait_event);
6109 if (ctx->send_wait) {
6110 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006111 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006112 }
6113 if (ctx->recv_wait) {
6114 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006115 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006116 }
Olivier Houchard692c1d02019-05-23 18:41:47 +02006117 if (ctx->xprt->close)
6118 ctx->xprt->close(conn, ctx->xprt_ctx);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006119#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02006120 if (global_ssl.async) {
6121 OSSL_ASYNC_FD all_fd[32], afd;
6122 size_t num_all_fds = 0;
6123 int i;
6124
Olivier Houchard66ab4982019-02-26 18:37:15 +01006125 SSL_get_all_async_fds(ctx->ssl, NULL, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006126 if (num_all_fds > 32) {
6127 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
6128 return;
6129 }
6130
Olivier Houchard66ab4982019-02-26 18:37:15 +01006131 SSL_get_all_async_fds(ctx->ssl, all_fd, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006132
6133 /* If an async job is pending, we must try to
6134 to catch the end using polling before calling
6135 SSL_free */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006136 if (num_all_fds && SSL_waiting_for_async(ctx->ssl)) {
Emeric Brun3854e012017-05-17 20:42:48 +02006137 for (i=0 ; i < num_all_fds ; i++) {
6138 /* switch on an handler designed to
6139 * handle the SSL_free
6140 */
6141 afd = all_fd[i];
6142 fdtab[afd].iocb = ssl_async_fd_free;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006143 fdtab[afd].owner = ctx->ssl;
Emeric Brun3854e012017-05-17 20:42:48 +02006144 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00006145 /* To ensure that the fd cache won't be used
6146 * and we'll catch a real RD event.
6147 */
6148 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02006149 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006150 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006151 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006152 _HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006153 return;
6154 }
Emeric Brun3854e012017-05-17 20:42:48 +02006155 /* Else we can remove the fds from the fdtab
6156 * and call SSL_free.
6157 * note: we do a fd_remove and not a delete
6158 * because the fd is owned by the engine.
6159 * the engine is responsible to close
6160 */
6161 for (i=0 ; i < num_all_fds ; i++)
6162 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006163 }
6164#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006165 SSL_free(ctx->ssl);
Olivier Houchardf6715e72019-12-19 15:02:39 +01006166 b_free(&ctx->early_buf);
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006167 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006168 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006169 _HA_ATOMIC_SUB(&sslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006170 }
Emeric Brun46591952012-05-18 15:47:34 +02006171}
6172
6173/* This function tries to perform a clean shutdown on an SSL connection, and in
6174 * any case, flags the connection as reusable if no handshake was in progress.
6175 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006176static void ssl_sock_shutw(struct connection *conn, void *xprt_ctx, int clean)
Emeric Brun46591952012-05-18 15:47:34 +02006177{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006178 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006179
Emeric Brun46591952012-05-18 15:47:34 +02006180 if (conn->flags & CO_FL_HANDSHAKE)
6181 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01006182 if (!clean)
6183 /* don't sent notify on SSL_shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006184 SSL_set_quiet_shutdown(ctx->ssl, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006185 /* no handshake was in progress, try a clean ssl shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006186 if (SSL_shutdown(ctx->ssl) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01006187 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006188 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006189 ERR_clear_error();
6190 }
Emeric Brun46591952012-05-18 15:47:34 +02006191}
6192
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006193/* used for ppv2 pkey alog (can be used for logging) */
Willy Tarreau83061a82018-07-13 11:56:34 +02006194int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006195{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006196 struct ssl_sock_ctx *ctx;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006197 struct pkey_info *pkinfo;
6198 int bits = 0;
6199 int sig = TLSEXT_signature_anonymous;
6200 int len = -1;
6201
6202 if (!ssl_sock_is_ssl(conn))
6203 return 0;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006204 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006205 pkinfo = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ctx->ssl), ssl_pkey_info_index);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006206 if (pkinfo) {
6207 sig = pkinfo->sig;
6208 bits = pkinfo->bits;
6209 } else {
6210 /* multicert and generated cert have no pkey info */
6211 X509 *crt;
6212 EVP_PKEY *pkey;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006213 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006214 if (!crt)
6215 return 0;
6216 pkey = X509_get_pubkey(crt);
6217 if (pkey) {
6218 bits = EVP_PKEY_bits(pkey);
6219 switch(EVP_PKEY_base_id(pkey)) {
6220 case EVP_PKEY_RSA:
6221 sig = TLSEXT_signature_rsa;
6222 break;
6223 case EVP_PKEY_EC:
6224 sig = TLSEXT_signature_ecdsa;
6225 break;
6226 case EVP_PKEY_DSA:
6227 sig = TLSEXT_signature_dsa;
6228 break;
6229 }
6230 EVP_PKEY_free(pkey);
6231 }
6232 }
6233
6234 switch(sig) {
6235 case TLSEXT_signature_rsa:
6236 len = chunk_printf(out, "RSA%d", bits);
6237 break;
6238 case TLSEXT_signature_ecdsa:
6239 len = chunk_printf(out, "EC%d", bits);
6240 break;
6241 case TLSEXT_signature_dsa:
6242 len = chunk_printf(out, "DSA%d", bits);
6243 break;
6244 default:
6245 return 0;
6246 }
6247 if (len < 0)
6248 return 0;
6249 return 1;
6250}
6251
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006252/* used for ppv2 cert signature (can be used for logging) */
6253const char *ssl_sock_get_cert_sig(struct connection *conn)
6254{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006255 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006256
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006257 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
6258 X509 *crt;
6259
6260 if (!ssl_sock_is_ssl(conn))
6261 return NULL;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006262 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006263 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006264 if (!crt)
6265 return NULL;
6266 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6267 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
6268}
6269
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006270/* used for ppv2 authority */
6271const char *ssl_sock_get_sni(struct connection *conn)
6272{
6273#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006274 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006275
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006276 if (!ssl_sock_is_ssl(conn))
6277 return NULL;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006278 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006279 return SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006280#else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006281 return NULL;
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006282#endif
6283}
6284
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006285/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006286const char *ssl_sock_get_cipher_name(struct connection *conn)
6287{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006288 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006289
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006290 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006291 return NULL;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006292 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006293 return SSL_get_cipher_name(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006294}
6295
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006296/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006297const char *ssl_sock_get_proto_version(struct connection *conn)
6298{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006299 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006300
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006301 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006302 return NULL;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006303 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006304 return SSL_get_version(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006305}
6306
Willy Tarreau8d598402012-10-22 17:58:39 +02006307/* Extract a serial from a cert, and copy it to a chunk.
6308 * Returns 1 if serial is found and copied, 0 if no serial found and
6309 * -1 if output is not large enough.
6310 */
6311static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006312ssl_sock_get_serial(X509 *crt, struct buffer *out)
Willy Tarreau8d598402012-10-22 17:58:39 +02006313{
6314 ASN1_INTEGER *serial;
6315
6316 serial = X509_get_serialNumber(crt);
6317 if (!serial)
6318 return 0;
6319
6320 if (out->size < serial->length)
6321 return -1;
6322
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006323 memcpy(out->area, serial->data, serial->length);
6324 out->data = serial->length;
Willy Tarreau8d598402012-10-22 17:58:39 +02006325 return 1;
6326}
6327
Emeric Brun43e79582014-10-29 19:03:26 +01006328/* Extract a cert to der, and copy it to a chunk.
Joseph Herlant017b3da2018-11-15 09:07:59 -08006329 * Returns 1 if the cert is found and copied, 0 on der conversion failure
6330 * and -1 if the output is not large enough.
Emeric Brun43e79582014-10-29 19:03:26 +01006331 */
6332static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006333ssl_sock_crt2der(X509 *crt, struct buffer *out)
Emeric Brun43e79582014-10-29 19:03:26 +01006334{
6335 int len;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006336 unsigned char *p = (unsigned char *) out->area;;
Emeric Brun43e79582014-10-29 19:03:26 +01006337
6338 len =i2d_X509(crt, NULL);
6339 if (len <= 0)
6340 return 1;
6341
6342 if (out->size < len)
6343 return -1;
6344
6345 i2d_X509(crt,&p);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006346 out->data = len;
Emeric Brun43e79582014-10-29 19:03:26 +01006347 return 1;
6348}
6349
Emeric Brunce5ad802012-10-22 14:11:22 +02006350
Willy Tarreau83061a82018-07-13 11:56:34 +02006351/* Copy Date in ASN1_UTCTIME format in struct buffer out.
Emeric Brunce5ad802012-10-22 14:11:22 +02006352 * Returns 1 if serial is found and copied, 0 if no valid time found
6353 * and -1 if output is not large enough.
6354 */
6355static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006356ssl_sock_get_time(ASN1_TIME *tm, struct buffer *out)
Emeric Brunce5ad802012-10-22 14:11:22 +02006357{
6358 if (tm->type == V_ASN1_GENERALIZEDTIME) {
6359 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
6360
6361 if (gentm->length < 12)
6362 return 0;
6363 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
6364 return 0;
6365 if (out->size < gentm->length-2)
6366 return -1;
6367
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006368 memcpy(out->area, gentm->data+2, gentm->length-2);
6369 out->data = gentm->length-2;
Emeric Brunce5ad802012-10-22 14:11:22 +02006370 return 1;
6371 }
6372 else if (tm->type == V_ASN1_UTCTIME) {
6373 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
6374
6375 if (utctm->length < 10)
6376 return 0;
6377 if (utctm->data[0] >= 0x35)
6378 return 0;
6379 if (out->size < utctm->length)
6380 return -1;
6381
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006382 memcpy(out->area, utctm->data, utctm->length);
6383 out->data = utctm->length;
Emeric Brunce5ad802012-10-22 14:11:22 +02006384 return 1;
6385 }
6386
6387 return 0;
6388}
6389
Emeric Brun87855892012-10-17 17:39:35 +02006390/* Extract an entry from a X509_NAME and copy its value to an output chunk.
6391 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
6392 */
6393static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006394ssl_sock_get_dn_entry(X509_NAME *a, const struct buffer *entry, int pos,
6395 struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006396{
6397 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006398 ASN1_OBJECT *obj;
6399 ASN1_STRING *data;
6400 const unsigned char *data_ptr;
6401 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006402 int i, j, n;
6403 int cur = 0;
6404 const char *s;
6405 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006406 int name_count;
6407
6408 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006409
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006410 out->data = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006411 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02006412 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006413 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02006414 else
6415 j = i;
6416
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006417 ne = X509_NAME_get_entry(a, j);
6418 obj = X509_NAME_ENTRY_get_object(ne);
6419 data = X509_NAME_ENTRY_get_data(ne);
6420 data_ptr = ASN1_STRING_get0_data(data);
6421 data_len = ASN1_STRING_length(data);
6422 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006423 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006424 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006425 s = tmp;
6426 }
6427
6428 if (chunk_strcasecmp(entry, s) != 0)
6429 continue;
6430
6431 if (pos < 0)
6432 cur--;
6433 else
6434 cur++;
6435
6436 if (cur != pos)
6437 continue;
6438
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006439 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02006440 return -1;
6441
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006442 memcpy(out->area, data_ptr, data_len);
6443 out->data = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006444 return 1;
6445 }
6446
6447 return 0;
6448
6449}
6450
6451/* Extract and format full DN from a X509_NAME and copy result into a chunk
6452 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
6453 */
6454static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006455ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006456{
6457 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006458 ASN1_OBJECT *obj;
6459 ASN1_STRING *data;
6460 const unsigned char *data_ptr;
6461 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006462 int i, n, ln;
6463 int l = 0;
6464 const char *s;
6465 char *p;
6466 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006467 int name_count;
6468
6469
6470 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006471
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006472 out->data = 0;
6473 p = out->area;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006474 for (i = 0; i < name_count; i++) {
6475 ne = X509_NAME_get_entry(a, i);
6476 obj = X509_NAME_ENTRY_get_object(ne);
6477 data = X509_NAME_ENTRY_get_data(ne);
6478 data_ptr = ASN1_STRING_get0_data(data);
6479 data_len = ASN1_STRING_length(data);
6480 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006481 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006482 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006483 s = tmp;
6484 }
6485 ln = strlen(s);
6486
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006487 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006488 if (l > out->size)
6489 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006490 out->data = l;
Emeric Brun87855892012-10-17 17:39:35 +02006491
6492 *(p++)='/';
6493 memcpy(p, s, ln);
6494 p += ln;
6495 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006496 memcpy(p, data_ptr, data_len);
6497 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006498 }
6499
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006500 if (!out->data)
Emeric Brun87855892012-10-17 17:39:35 +02006501 return 0;
6502
6503 return 1;
6504}
6505
Olivier Houchardab28a322018-12-21 19:45:40 +01006506void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int len)
6507{
6508#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006509 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006510
Olivier Houchardaa2ecea2019-06-28 14:10:33 +02006511 if (!ssl_sock_is_ssl(conn))
6512 return;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006513 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006514 SSL_set_alpn_protos(ctx->ssl, alpn, len);
Olivier Houchardab28a322018-12-21 19:45:40 +01006515#endif
6516}
6517
Willy Tarreau119a4082016-12-22 21:58:38 +01006518/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
6519 * to disable SNI.
6520 */
Willy Tarreau63076412015-07-10 11:33:32 +02006521void ssl_sock_set_servername(struct connection *conn, const char *hostname)
6522{
6523#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006524 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006525
Willy Tarreau119a4082016-12-22 21:58:38 +01006526 char *prev_name;
6527
Willy Tarreau63076412015-07-10 11:33:32 +02006528 if (!ssl_sock_is_ssl(conn))
6529 return;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006530 ctx = conn->xprt_ctx;
Willy Tarreau63076412015-07-10 11:33:32 +02006531
Willy Tarreau119a4082016-12-22 21:58:38 +01006532 /* if the SNI changes, we must destroy the reusable context so that a
6533 * new connection will present a new SNI. As an optimization we could
6534 * later imagine having a small cache of ssl_ctx to hold a few SNI per
6535 * server.
6536 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006537 prev_name = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau119a4082016-12-22 21:58:38 +01006538 if ((!prev_name && hostname) ||
6539 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
Olivier Houchard66ab4982019-02-26 18:37:15 +01006540 SSL_set_session(ctx->ssl, NULL);
Willy Tarreau119a4082016-12-22 21:58:38 +01006541
Olivier Houchard66ab4982019-02-26 18:37:15 +01006542 SSL_set_tlsext_host_name(ctx->ssl, hostname);
Willy Tarreau63076412015-07-10 11:33:32 +02006543#endif
6544}
6545
Emeric Brun0abf8362014-06-24 18:26:41 +02006546/* Extract peer certificate's common name into the chunk dest
6547 * Returns
6548 * the len of the extracted common name
6549 * or 0 if no CN found in DN
6550 * or -1 on error case (i.e. no peer certificate)
6551 */
Willy Tarreau83061a82018-07-13 11:56:34 +02006552int ssl_sock_get_remote_common_name(struct connection *conn,
6553 struct buffer *dest)
David Safb76832014-05-08 23:42:08 -04006554{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006555 struct ssl_sock_ctx *ctx;
David Safb76832014-05-08 23:42:08 -04006556 X509 *crt = NULL;
6557 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04006558 const char find_cn[] = "CN";
Willy Tarreau83061a82018-07-13 11:56:34 +02006559 const struct buffer find_cn_chunk = {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006560 .area = (char *)&find_cn,
6561 .data = sizeof(find_cn)-1
David Safb76832014-05-08 23:42:08 -04006562 };
Emeric Brun0abf8362014-06-24 18:26:41 +02006563 int result = -1;
David Safb76832014-05-08 23:42:08 -04006564
6565 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02006566 goto out;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006567 ctx = conn->xprt_ctx;
David Safb76832014-05-08 23:42:08 -04006568
6569 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006570 crt = SSL_get_peer_certificate(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04006571 if (!crt)
6572 goto out;
6573
6574 name = X509_get_subject_name(crt);
6575 if (!name)
6576 goto out;
David Safb76832014-05-08 23:42:08 -04006577
Emeric Brun0abf8362014-06-24 18:26:41 +02006578 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
6579out:
David Safb76832014-05-08 23:42:08 -04006580 if (crt)
6581 X509_free(crt);
6582
6583 return result;
6584}
6585
Dave McCowan328fb582014-07-30 10:39:13 -04006586/* returns 1 if client passed a certificate for this session, 0 if not */
6587int ssl_sock_get_cert_used_sess(struct connection *conn)
6588{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006589 struct ssl_sock_ctx *ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04006590 X509 *crt = NULL;
6591
6592 if (!ssl_sock_is_ssl(conn))
6593 return 0;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006594 ctx = conn->xprt_ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04006595
6596 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006597 crt = SSL_get_peer_certificate(ctx->ssl);
Dave McCowan328fb582014-07-30 10:39:13 -04006598 if (!crt)
6599 return 0;
6600
6601 X509_free(crt);
6602 return 1;
6603}
6604
6605/* returns 1 if client passed a certificate for this connection, 0 if not */
6606int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04006607{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006608 struct ssl_sock_ctx *ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006609
David Safb76832014-05-08 23:42:08 -04006610 if (!ssl_sock_is_ssl(conn))
6611 return 0;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006612 ctx = conn->xprt_ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006613 return SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
David Safb76832014-05-08 23:42:08 -04006614}
6615
6616/* returns result from SSL verify */
6617unsigned int ssl_sock_get_verify_result(struct connection *conn)
6618{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006619 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006620
David Safb76832014-05-08 23:42:08 -04006621 if (!ssl_sock_is_ssl(conn))
6622 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006623 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006624 return (unsigned int)SSL_get_verify_result(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04006625}
6626
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006627/* Returns the application layer protocol name in <str> and <len> when known.
6628 * Zero is returned if the protocol name was not found, otherwise non-zero is
6629 * returned. The string is allocated in the SSL context and doesn't have to be
6630 * freed by the caller. NPN is also checked if available since older versions
6631 * of openssl (1.0.1) which are more common in field only support this one.
6632 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006633static int ssl_sock_get_alpn(const struct connection *conn, void *xprt_ctx, const char **str, int *len)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006634{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006635#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) || \
6636 defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006637 struct ssl_sock_ctx *ctx = xprt_ctx;
6638 if (!ctx)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006639 return 0;
6640
6641 *str = NULL;
6642
6643#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Olivier Houchard66ab4982019-02-26 18:37:15 +01006644 SSL_get0_alpn_selected(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006645 if (*str)
6646 return 1;
6647#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01006648#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006649 SSL_get0_next_proto_negotiated(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006650 if (*str)
6651 return 1;
6652#endif
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006653#endif
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006654 return 0;
6655}
6656
Willy Tarreau7875d092012-09-10 08:20:03 +02006657/***** Below are some sample fetching functions for ACL/patterns *****/
6658
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006659static int
6660smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
6661{
6662 struct connection *conn;
6663
6664 conn = objt_conn(smp->sess->origin);
6665 if (!conn || conn->xprt != &ssl_sock)
6666 return 0;
6667
6668 smp->flags = 0;
6669 smp->data.type = SMP_T_BOOL;
Emmanuel Hocdetbb8643c2019-08-07 14:44:49 +02006670#ifdef OPENSSL_IS_BORINGSSL
6671 {
6672 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6673 smp->data.u.sint = (SSL_in_early_data(ctx->ssl) &&
6674 SSL_early_data_accepted(ctx->ssl));
6675 }
6676#else
Olivier Houchard25ae45a2017-11-29 19:51:19 +01006677 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
Olivier Houchard629693f2020-01-23 14:57:36 +01006678 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS))) ? 1 : 0;
Emmanuel Hocdetbb8643c2019-08-07 14:44:49 +02006679#endif
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006680 return 1;
6681}
6682
Emeric Brune64aef12012-09-21 13:15:06 +02006683/* boolean, returns true if client cert was present */
6684static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006685smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02006686{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006687 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006688 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006689
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006690 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006691 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02006692 return 0;
6693
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006694 ctx = conn->xprt_ctx;
6695
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006696 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02006697 smp->flags |= SMP_F_MAY_CHANGE;
6698 return 0;
6699 }
6700
6701 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006702 smp->data.type = SMP_T_BOOL;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006703 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02006704
6705 return 1;
6706}
6707
Emeric Brun43e79582014-10-29 19:03:26 +01006708/* binary, returns a certificate in a binary chunk (der/raw).
6709 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6710 * should be use.
6711 */
6712static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006713smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01006714{
6715 int cert_peer = (kw[4] == 'c') ? 1 : 0;
6716 X509 *crt = NULL;
6717 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006718 struct buffer *smp_trash;
Emeric Brun43e79582014-10-29 19:03:26 +01006719 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006720 struct ssl_sock_ctx *ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01006721
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006722 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01006723 if (!conn || conn->xprt != &ssl_sock)
6724 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006725 ctx = conn->xprt_ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01006726
6727 if (!(conn->flags & CO_FL_CONNECTED)) {
6728 smp->flags |= SMP_F_MAY_CHANGE;
6729 return 0;
6730 }
6731
6732 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006733 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01006734 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006735 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01006736
6737 if (!crt)
6738 goto out;
6739
6740 smp_trash = get_trash_chunk();
6741 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
6742 goto out;
6743
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006744 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006745 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01006746 ret = 1;
6747out:
6748 /* SSL_get_peer_certificate, it increase X509 * ref count */
6749 if (cert_peer && crt)
6750 X509_free(crt);
6751 return ret;
6752}
6753
Emeric Brunba841a12014-04-30 17:05:08 +02006754/* binary, returns serial of certificate in a binary chunk.
6755 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6756 * should be use.
6757 */
Willy Tarreau8d598402012-10-22 17:58:39 +02006758static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006759smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02006760{
Emeric Brunba841a12014-04-30 17:05:08 +02006761 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02006762 X509 *crt = NULL;
6763 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006764 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006765 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006766 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006767
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006768 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006769 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02006770 return 0;
6771
Olivier Houchard66ab4982019-02-26 18:37:15 +01006772 ctx = conn->xprt_ctx;
6773
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006774 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02006775 smp->flags |= SMP_F_MAY_CHANGE;
6776 return 0;
6777 }
6778
Emeric Brunba841a12014-04-30 17:05:08 +02006779 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006780 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006781 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006782 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006783
Willy Tarreau8d598402012-10-22 17:58:39 +02006784 if (!crt)
6785 goto out;
6786
Willy Tarreau47ca5452012-12-23 20:22:19 +01006787 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02006788 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
6789 goto out;
6790
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006791 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006792 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02006793 ret = 1;
6794out:
Emeric Brunba841a12014-04-30 17:05:08 +02006795 /* SSL_get_peer_certificate, it increase X509 * ref count */
6796 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02006797 X509_free(crt);
6798 return ret;
6799}
Emeric Brune64aef12012-09-21 13:15:06 +02006800
Emeric Brunba841a12014-04-30 17:05:08 +02006801/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
6802 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6803 * should be use.
6804 */
James Votha051b4a2013-05-14 20:37:59 +02006805static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006806smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02006807{
Emeric Brunba841a12014-04-30 17:05:08 +02006808 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02006809 X509 *crt = NULL;
6810 const EVP_MD *digest;
6811 int ret = 0;
Willy Tarreau767e8ad2020-02-25 08:59:23 +01006812 unsigned int len = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006813 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006814 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006815 struct ssl_sock_ctx *ctx;
James Votha051b4a2013-05-14 20:37:59 +02006816
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006817 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006818 if (!conn || conn->xprt != &ssl_sock)
6819 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006820 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006821
6822 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02006823 smp->flags |= SMP_F_MAY_CHANGE;
6824 return 0;
6825 }
6826
Emeric Brunba841a12014-04-30 17:05:08 +02006827 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006828 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006829 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006830 crt = SSL_get_certificate(ctx->ssl);
James Votha051b4a2013-05-14 20:37:59 +02006831 if (!crt)
6832 goto out;
6833
6834 smp_trash = get_trash_chunk();
6835 digest = EVP_sha1();
Willy Tarreau767e8ad2020-02-25 08:59:23 +01006836 X509_digest(crt, digest, (unsigned char *) smp_trash->area, &len);
6837 smp_trash->data = len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006838 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006839 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02006840 ret = 1;
6841out:
Emeric Brunba841a12014-04-30 17:05:08 +02006842 /* SSL_get_peer_certificate, it increase X509 * ref count */
6843 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02006844 X509_free(crt);
6845 return ret;
6846}
6847
Emeric Brunba841a12014-04-30 17:05:08 +02006848/* string, returns certificate's notafter date in ASN1_UTCTIME format.
6849 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6850 * should be use.
6851 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006852static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006853smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006854{
Emeric Brunba841a12014-04-30 17:05:08 +02006855 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006856 X509 *crt = NULL;
6857 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006858 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006859 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006860 struct ssl_sock_ctx *ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02006861
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006862 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006863 if (!conn || conn->xprt != &ssl_sock)
6864 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006865 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006866
6867 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006868 smp->flags |= SMP_F_MAY_CHANGE;
6869 return 0;
6870 }
6871
Emeric Brunba841a12014-04-30 17:05:08 +02006872 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006873 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006874 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006875 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02006876 if (!crt)
6877 goto out;
6878
Willy Tarreau47ca5452012-12-23 20:22:19 +01006879 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08006880 if (ssl_sock_get_time(X509_getm_notAfter(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02006881 goto out;
6882
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006883 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006884 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006885 ret = 1;
6886out:
Emeric Brunba841a12014-04-30 17:05:08 +02006887 /* SSL_get_peer_certificate, it increase X509 * ref count */
6888 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006889 X509_free(crt);
6890 return ret;
6891}
6892
Emeric Brunba841a12014-04-30 17:05:08 +02006893/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
6894 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6895 * should be use.
6896 */
Emeric Brun87855892012-10-17 17:39:35 +02006897static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006898smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006899{
Emeric Brunba841a12014-04-30 17:05:08 +02006900 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006901 X509 *crt = NULL;
6902 X509_NAME *name;
6903 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006904 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006905 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006906 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02006907
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006908 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006909 if (!conn || conn->xprt != &ssl_sock)
6910 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006911 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006912
6913 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006914 smp->flags |= SMP_F_MAY_CHANGE;
6915 return 0;
6916 }
6917
Emeric Brunba841a12014-04-30 17:05:08 +02006918 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006919 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006920 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006921 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02006922 if (!crt)
6923 goto out;
6924
6925 name = X509_get_issuer_name(crt);
6926 if (!name)
6927 goto out;
6928
Willy Tarreau47ca5452012-12-23 20:22:19 +01006929 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006930 if (args && args[0].type == ARGT_STR) {
6931 int pos = 1;
6932
6933 if (args[1].type == ARGT_SINT)
6934 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006935
6936 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6937 goto out;
6938 }
6939 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6940 goto out;
6941
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006942 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006943 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006944 ret = 1;
6945out:
Emeric Brunba841a12014-04-30 17:05:08 +02006946 /* SSL_get_peer_certificate, it increase X509 * ref count */
6947 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006948 X509_free(crt);
6949 return ret;
6950}
6951
Emeric Brunba841a12014-04-30 17:05:08 +02006952/* string, returns notbefore date in ASN1_UTCTIME format.
6953 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6954 * should be use.
6955 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006956static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006957smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006958{
Emeric Brunba841a12014-04-30 17:05:08 +02006959 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006960 X509 *crt = NULL;
6961 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006962 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006963 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006964 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006965
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006966 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006967 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02006968 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006969 ctx = conn->xprt_ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02006970
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006971 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006972 smp->flags |= SMP_F_MAY_CHANGE;
6973 return 0;
6974 }
6975
Emeric Brunba841a12014-04-30 17:05:08 +02006976 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006977 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006978 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006979 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02006980 if (!crt)
6981 goto out;
6982
Willy Tarreau47ca5452012-12-23 20:22:19 +01006983 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08006984 if (ssl_sock_get_time(X509_getm_notBefore(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02006985 goto out;
6986
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006987 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006988 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006989 ret = 1;
6990out:
Emeric Brunba841a12014-04-30 17:05:08 +02006991 /* SSL_get_peer_certificate, it increase X509 * ref count */
6992 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006993 X509_free(crt);
6994 return ret;
6995}
6996
Emeric Brunba841a12014-04-30 17:05:08 +02006997/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
6998 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6999 * should be use.
7000 */
Emeric Brun87855892012-10-17 17:39:35 +02007001static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007002smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02007003{
Emeric Brunba841a12014-04-30 17:05:08 +02007004 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02007005 X509 *crt = NULL;
7006 X509_NAME *name;
7007 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007008 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007009 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007010 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02007011
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007012 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007013 if (!conn || conn->xprt != &ssl_sock)
7014 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007015 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007016
7017 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02007018 smp->flags |= SMP_F_MAY_CHANGE;
7019 return 0;
7020 }
7021
Emeric Brunba841a12014-04-30 17:05:08 +02007022 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007023 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007024 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007025 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02007026 if (!crt)
7027 goto out;
7028
7029 name = X509_get_subject_name(crt);
7030 if (!name)
7031 goto out;
7032
Willy Tarreau47ca5452012-12-23 20:22:19 +01007033 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02007034 if (args && args[0].type == ARGT_STR) {
7035 int pos = 1;
7036
7037 if (args[1].type == ARGT_SINT)
7038 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02007039
7040 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
7041 goto out;
7042 }
7043 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
7044 goto out;
7045
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007046 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007047 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02007048 ret = 1;
7049out:
Emeric Brunba841a12014-04-30 17:05:08 +02007050 /* SSL_get_peer_certificate, it increase X509 * ref count */
7051 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02007052 X509_free(crt);
7053 return ret;
7054}
Emeric Brun9143d372012-12-20 15:44:16 +01007055
7056/* integer, returns true if current session use a client certificate */
7057static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007058smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01007059{
7060 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007061 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007062 struct ssl_sock_ctx *ctx;
Emeric Brun9143d372012-12-20 15:44:16 +01007063
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007064 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007065 if (!conn || conn->xprt != &ssl_sock)
7066 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007067 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007068
7069 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01007070 smp->flags |= SMP_F_MAY_CHANGE;
7071 return 0;
7072 }
7073
7074 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007075 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun9143d372012-12-20 15:44:16 +01007076 if (crt) {
7077 X509_free(crt);
7078 }
7079
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007080 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007081 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01007082 return 1;
7083}
7084
Emeric Brunba841a12014-04-30 17:05:08 +02007085/* integer, returns the certificate version
7086 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7087 * should be use.
7088 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02007089static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007090smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007091{
Emeric Brunba841a12014-04-30 17:05:08 +02007092 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007093 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007094 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007095 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007096
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007097 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007098 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007099 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007100 ctx = conn->xprt_ctx;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007101
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007102 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02007103 smp->flags |= SMP_F_MAY_CHANGE;
7104 return 0;
7105 }
7106
Emeric Brunba841a12014-04-30 17:05:08 +02007107 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007108 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007109 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007110 crt = SSL_get_certificate(ctx->ssl);
Emeric Bruna7359fd2012-10-17 15:03:11 +02007111 if (!crt)
7112 return 0;
7113
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007114 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02007115 /* SSL_get_peer_certificate increase X509 * ref count */
7116 if (cert_peer)
7117 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007118 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007119
7120 return 1;
7121}
7122
Emeric Brunba841a12014-04-30 17:05:08 +02007123/* string, returns the certificate's signature algorithm.
7124 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7125 * should be use.
7126 */
Emeric Brun7f56e742012-10-19 18:15:40 +02007127static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007128smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02007129{
Emeric Brunba841a12014-04-30 17:05:08 +02007130 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02007131 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007132 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02007133 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007134 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007135 struct ssl_sock_ctx *ctx;
Emeric Brun7f56e742012-10-19 18:15:40 +02007136
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007137 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007138 if (!conn || conn->xprt != &ssl_sock)
7139 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007140 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007141
7142 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02007143 smp->flags |= SMP_F_MAY_CHANGE;
7144 return 0;
7145 }
7146
Emeric Brunba841a12014-04-30 17:05:08 +02007147 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007148 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007149 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007150 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun7f56e742012-10-19 18:15:40 +02007151 if (!crt)
7152 return 0;
7153
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007154 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
7155 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02007156
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007157 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7158 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007159 /* SSL_get_peer_certificate increase X509 * ref count */
7160 if (cert_peer)
7161 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007162 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007163 }
Emeric Brun7f56e742012-10-19 18:15:40 +02007164
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007165 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007166 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007167 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007168 /* SSL_get_peer_certificate increase X509 * ref count */
7169 if (cert_peer)
7170 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007171
7172 return 1;
7173}
7174
Emeric Brunba841a12014-04-30 17:05:08 +02007175/* string, returns the certificate's key algorithm.
7176 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7177 * should be use.
7178 */
Emeric Brun521a0112012-10-22 12:22:55 +02007179static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007180smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02007181{
Emeric Brunba841a12014-04-30 17:05:08 +02007182 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02007183 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007184 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02007185 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007186 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007187 struct ssl_sock_ctx *ctx;
Emeric Brun521a0112012-10-22 12:22:55 +02007188
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007189 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007190 if (!conn || conn->xprt != &ssl_sock)
7191 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007192 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007193
7194 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02007195 smp->flags |= SMP_F_MAY_CHANGE;
7196 return 0;
7197 }
7198
Emeric Brunba841a12014-04-30 17:05:08 +02007199 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007200 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007201 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007202 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun521a0112012-10-22 12:22:55 +02007203 if (!crt)
7204 return 0;
7205
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007206 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
7207 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02007208
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007209 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7210 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007211 /* SSL_get_peer_certificate increase X509 * ref count */
7212 if (cert_peer)
7213 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007214 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007215 }
Emeric Brun521a0112012-10-22 12:22:55 +02007216
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007217 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007218 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007219 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007220 if (cert_peer)
7221 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007222
7223 return 1;
7224}
7225
Emeric Brun645ae792014-04-30 14:21:06 +02007226/* boolean, returns true if front conn. transport layer is SSL.
7227 * This function is also usable on backend conn if the fetch keyword 5th
7228 * char is 'b'.
7229 */
Willy Tarreau7875d092012-09-10 08:20:03 +02007230static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007231smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007232{
Emeric Bruneb8def92018-02-19 15:59:48 +01007233 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7234 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007235
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007236 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007237 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02007238 return 1;
7239}
7240
Emeric Brun2525b6b2012-10-18 15:59:43 +02007241/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02007242static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007243smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007244{
7245#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007246 struct connection *conn = objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007247 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007248
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007249 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007250 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007251 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007252 SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02007253 return 1;
7254#else
7255 return 0;
7256#endif
7257}
7258
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007259/* boolean, returns true if client session has been resumed.
7260 * This function is also usable on backend conn if the fetch keyword 5th
7261 * char is 'b'.
7262 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007263static int
7264smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
7265{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007266 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7267 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007268 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007269
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007270
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007271 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007272 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007273 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007274 SSL_session_reused(ctx->ssl);
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007275 return 1;
7276}
7277
Emeric Brun645ae792014-04-30 14:21:06 +02007278/* string, returns the used cipher if front conn. transport layer is SSL.
7279 * This function is also usable on backend conn if the fetch keyword 5th
7280 * char is 'b'.
7281 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007282static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007283smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007284{
Emeric Bruneb8def92018-02-19 15:59:48 +01007285 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7286 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007287 struct ssl_sock_ctx *ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007288
Willy Tarreaube508f12016-03-10 11:47:01 +01007289 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007290 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007291 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007292 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007293
Olivier Houchard66ab4982019-02-26 18:37:15 +01007294 smp->data.u.str.area = (char *)SSL_get_cipher_name(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007295 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007296 return 0;
7297
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007298 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007299 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007300 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007301
7302 return 1;
7303}
7304
Emeric Brun645ae792014-04-30 14:21:06 +02007305/* integer, returns the algoritm's keysize if front conn. transport layer
7306 * is SSL.
7307 * This function is also usable on backend conn if the fetch keyword 5th
7308 * char is 'b'.
7309 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007310static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007311smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007312{
Emeric Bruneb8def92018-02-19 15:59:48 +01007313 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7314 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007315 struct ssl_sock_ctx *ctx;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007316 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01007317
Emeric Brun589fcad2012-10-16 14:13:26 +02007318 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007319 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007320 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007321 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007322
Olivier Houchard66ab4982019-02-26 18:37:15 +01007323 if (!SSL_get_cipher_bits(ctx->ssl, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007324 return 0;
7325
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007326 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007327 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007328
7329 return 1;
7330}
7331
Emeric Brun645ae792014-04-30 14:21:06 +02007332/* integer, returns the used keysize if front conn. transport layer is SSL.
7333 * This function is also usable on backend conn if the fetch keyword 5th
7334 * char is 'b'.
7335 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007336static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007337smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007338{
Emeric Bruneb8def92018-02-19 15:59:48 +01007339 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7340 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007341 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007342
Emeric Brun589fcad2012-10-16 14:13:26 +02007343 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007344 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7345 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007346 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007347
Olivier Houchard66ab4982019-02-26 18:37:15 +01007348 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(ctx->ssl, NULL);
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007349 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02007350 return 0;
7351
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007352 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007353
7354 return 1;
7355}
7356
Bernard Spil13c53f82018-02-15 13:34:58 +01007357#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau7875d092012-09-10 08:20:03 +02007358static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007359smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007360{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007361 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007362 struct ssl_sock_ctx *ctx;
Willy Tarreau767e8ad2020-02-25 08:59:23 +01007363 unsigned int len = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007364
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007365 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007366 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007367
Olivier Houchard6b77f492018-11-22 18:18:29 +01007368 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7369 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007370 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7371 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007372 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007373
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007374 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007375 SSL_get0_next_proto_negotiated(ctx->ssl,
Willy Tarreau767e8ad2020-02-25 08:59:23 +01007376 (const unsigned char **)&smp->data.u.str.area,
7377 &len);
Willy Tarreaua33c6542012-10-15 13:19:06 +02007378
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007379 if (!smp->data.u.str.area)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007380 return 0;
7381
Willy Tarreau767e8ad2020-02-25 08:59:23 +01007382 smp->data.u.str.data = len;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007383 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007384}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007385#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02007386
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01007387#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02007388static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007389smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02007390{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007391 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007392 struct ssl_sock_ctx *ctx;
Willy Tarreau767e8ad2020-02-25 08:59:23 +01007393 unsigned int len = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007394
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007395 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007396 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02007397
Olivier Houchard6b77f492018-11-22 18:18:29 +01007398 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7399 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7400
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007401 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02007402 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007403 ctx = conn->xprt_ctx;
Willy Tarreauab861d32013-04-02 02:30:41 +02007404
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007405 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007406 SSL_get0_alpn_selected(ctx->ssl,
Willy Tarreau767e8ad2020-02-25 08:59:23 +01007407 (const unsigned char **)&smp->data.u.str.area,
7408 &len);
Willy Tarreauab861d32013-04-02 02:30:41 +02007409
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007410 if (!smp->data.u.str.area)
Willy Tarreauab861d32013-04-02 02:30:41 +02007411 return 0;
7412
Willy Tarreau767e8ad2020-02-25 08:59:23 +01007413 smp->data.u.str.data = len;
Willy Tarreauab861d32013-04-02 02:30:41 +02007414 return 1;
7415}
7416#endif
7417
Emeric Brun645ae792014-04-30 14:21:06 +02007418/* string, returns the used protocol if front conn. transport layer is SSL.
7419 * This function is also usable on backend conn if the fetch keyword 5th
7420 * char is 'b'.
7421 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02007422static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007423smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007424{
Emeric Bruneb8def92018-02-19 15:59:48 +01007425 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7426 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007427 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007428
Emeric Brun589fcad2012-10-16 14:13:26 +02007429 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007430 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7431 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007432 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007433
Olivier Houchard66ab4982019-02-26 18:37:15 +01007434 smp->data.u.str.area = (char *)SSL_get_version(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007435 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007436 return 0;
7437
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007438 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007439 smp->flags = SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007440 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007441
7442 return 1;
7443}
7444
Willy Tarreau87b09662015-04-03 00:22:06 +02007445/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02007446 * This function is also usable on backend conn if the fetch keyword 5th
7447 * char is 'b'.
7448 */
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007449#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun589fcad2012-10-16 14:13:26 +02007450static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007451smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02007452{
Emeric Bruneb8def92018-02-19 15:59:48 +01007453 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7454 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007455 SSL_SESSION *ssl_sess;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007456 struct ssl_sock_ctx *ctx;
Willy Tarreau767e8ad2020-02-25 08:59:23 +01007457 unsigned int len = 0;
Willy Tarreaube508f12016-03-10 11:47:01 +01007458
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007459 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007460 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02007461
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007462 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7463 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007464 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007465
Olivier Houchard66ab4982019-02-26 18:37:15 +01007466 ssl_sess = SSL_get_session(ctx->ssl);
Willy Tarreau192252e2015-04-04 01:47:55 +02007467 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02007468 return 0;
7469
Willy Tarreau767e8ad2020-02-25 08:59:23 +01007470 smp->data.u.str.area = (char *)SSL_SESSION_get_id(ssl_sess, &len);
Dragan Dosen9dc47c42020-05-04 09:07:28 +02007471 if (!smp->data.u.str.area || !len)
Emeric Brunfe68f682012-10-16 14:59:28 +02007472 return 0;
7473
Willy Tarreau767e8ad2020-02-25 08:59:23 +01007474 smp->data.u.str.data = len;
Emeric Brunfe68f682012-10-16 14:59:28 +02007475 return 1;
Emeric Brunfe68f682012-10-16 14:59:28 +02007476}
Patrick Hemmer41966772018-04-28 19:15:48 -04007477#endif
7478
Emeric Brunfe68f682012-10-16 14:59:28 +02007479
Emmanuel Hocdet839af572019-05-14 16:27:35 +02007480#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmere0275472018-04-28 19:15:51 -04007481static int
Patrick Hemmer65674662019-06-04 08:13:03 -04007482smp_fetch_ssl_fc_random(const struct arg *args, struct sample *smp, const char *kw, void *private)
7483{
7484 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7485 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7486 struct buffer *data;
7487 struct ssl_sock_ctx *ctx;
7488
7489 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7490 return 0;
7491 ctx = conn->xprt_ctx;
7492
7493 data = get_trash_chunk();
7494 if (kw[7] == 'c')
7495 data->data = SSL_get_client_random(ctx->ssl,
7496 (unsigned char *) data->area,
7497 data->size);
7498 else
7499 data->data = SSL_get_server_random(ctx->ssl,
7500 (unsigned char *) data->area,
7501 data->size);
7502 if (!data->data)
7503 return 0;
7504
7505 smp->flags = 0;
7506 smp->data.type = SMP_T_BIN;
7507 smp->data.u.str = *data;
7508
7509 return 1;
7510}
7511
7512static int
Patrick Hemmere0275472018-04-28 19:15:51 -04007513smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
7514{
7515 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7516 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7517 SSL_SESSION *ssl_sess;
Willy Tarreau83061a82018-07-13 11:56:34 +02007518 struct buffer *data;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007519 struct ssl_sock_ctx *ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04007520
7521 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7522 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007523 ctx = conn->xprt_ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04007524
Olivier Houchard66ab4982019-02-26 18:37:15 +01007525 ssl_sess = SSL_get_session(ctx->ssl);
Patrick Hemmere0275472018-04-28 19:15:51 -04007526 if (!ssl_sess)
7527 return 0;
7528
7529 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007530 data->data = SSL_SESSION_get_master_key(ssl_sess,
7531 (unsigned char *) data->area,
7532 data->size);
7533 if (!data->data)
Patrick Hemmere0275472018-04-28 19:15:51 -04007534 return 0;
7535
7536 smp->flags = 0;
7537 smp->data.type = SMP_T_BIN;
7538 smp->data.u.str = *data;
7539
7540 return 1;
7541}
7542#endif
7543
Patrick Hemmer41966772018-04-28 19:15:48 -04007544#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emeric Brunfe68f682012-10-16 14:59:28 +02007545static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007546smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007547{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007548 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007549 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007550
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007551 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007552 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02007553
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007554 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007555 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7556 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007557 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007558
Olivier Houchard66ab4982019-02-26 18:37:15 +01007559 smp->data.u.str.area = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007560 if (!smp->data.u.str.area)
Willy Tarreau3e394c92012-09-14 23:56:58 +02007561 return 0;
7562
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007563 smp->data.u.str.data = strlen(smp->data.u.str.area);
Willy Tarreau7875d092012-09-10 08:20:03 +02007564 return 1;
Willy Tarreau7875d092012-09-10 08:20:03 +02007565}
Patrick Hemmer41966772018-04-28 19:15:48 -04007566#endif
Willy Tarreau7875d092012-09-10 08:20:03 +02007567
David Sc1ad52e2014-04-08 18:48:47 -04007568static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007569smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
7570{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007571 struct connection *conn;
7572 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007573 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007574
7575 conn = objt_conn(smp->sess->origin);
7576 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7577 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007578 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007579
Olivier Houchard66ab4982019-02-26 18:37:15 +01007580 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007581 if (!capture)
7582 return 0;
7583
7584 smp->flags = SMP_F_CONST;
7585 smp->data.type = SMP_T_BIN;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007586 smp->data.u.str.area = capture->ciphersuite;
7587 smp->data.u.str.data = capture->ciphersuite_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007588 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007589}
7590
7591static int
7592smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
7593{
Willy Tarreau83061a82018-07-13 11:56:34 +02007594 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007595
7596 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7597 return 0;
7598
7599 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007600 dump_binary(data, smp->data.u.str.area, smp->data.u.str.data);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007601 smp->data.type = SMP_T_BIN;
7602 smp->data.u.str = *data;
7603 return 1;
7604}
7605
7606static int
7607smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
7608{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007609 struct connection *conn;
7610 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007611 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007612
7613 conn = objt_conn(smp->sess->origin);
7614 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7615 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007616 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007617
Olivier Houchard66ab4982019-02-26 18:37:15 +01007618 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007619 if (!capture)
7620 return 0;
7621
7622 smp->data.type = SMP_T_SINT;
7623 smp->data.u.sint = capture->xxh64;
7624 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007625}
7626
7627static int
7628smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
7629{
Willy Tarreau5db847a2019-05-09 14:13:35 +02007630#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL)
Willy Tarreau83061a82018-07-13 11:56:34 +02007631 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007632 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007633
7634 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7635 return 0;
7636
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007637 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007638 for (i = 0; i + 1 < smp->data.u.str.data; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007639 const char *str;
7640 const SSL_CIPHER *cipher;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007641 const unsigned char *bin = (const unsigned char *) smp->data.u.str.area + i;
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007642 uint16_t id = (bin[0] << 8) | bin[1];
7643#if defined(OPENSSL_IS_BORINGSSL)
7644 cipher = SSL_get_cipher_by_value(id);
7645#else
Willy Tarreaub7290772018-10-15 11:01:59 +02007646 struct connection *conn = __objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007647 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
7648 cipher = SSL_CIPHER_find(ctx->ssl, bin);
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007649#endif
7650 str = SSL_CIPHER_get_name(cipher);
7651 if (!str || strcmp(str, "(NONE)") == 0)
7652 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007653 else
7654 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
7655 }
7656 smp->data.type = SMP_T_STR;
7657 smp->data.u.str = *data;
7658 return 1;
7659#else
7660 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
7661#endif
7662}
7663
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007664#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007665static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007666smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04007667{
Emeric Bruneb8def92018-02-19 15:59:48 +01007668 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7669 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04007670 int finished_len;
Willy Tarreau83061a82018-07-13 11:56:34 +02007671 struct buffer *finished_trash;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007672 struct ssl_sock_ctx *ctx;
David Sc1ad52e2014-04-08 18:48:47 -04007673
7674 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04007675 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7676 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007677 ctx = conn->xprt_ctx;
David Sc1ad52e2014-04-08 18:48:47 -04007678
7679 if (!(conn->flags & CO_FL_CONNECTED)) {
7680 smp->flags |= SMP_F_MAY_CHANGE;
7681 return 0;
7682 }
7683
7684 finished_trash = get_trash_chunk();
Olivier Houchard66ab4982019-02-26 18:37:15 +01007685 if (!SSL_session_reused(ctx->ssl))
7686 finished_len = SSL_get_peer_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007687 finished_trash->area,
7688 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007689 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007690 finished_len = SSL_get_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007691 finished_trash->area,
7692 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007693
7694 if (!finished_len)
7695 return 0;
7696
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007697 finished_trash->data = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007698 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007699 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04007700
7701 return 1;
David Sc1ad52e2014-04-08 18:48:47 -04007702}
Patrick Hemmer41966772018-04-28 19:15:48 -04007703#endif
David Sc1ad52e2014-04-08 18:48:47 -04007704
Emeric Brun2525b6b2012-10-18 15:59:43 +02007705/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007706static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007707smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007708{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007709 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007710 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007711
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007712 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007713 if (!conn || conn->xprt != &ssl_sock)
7714 return 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007715 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007716
7717 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007718 smp->flags = SMP_F_MAY_CHANGE;
7719 return 0;
7720 }
7721
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007722 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007723 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007724 smp->flags = 0;
7725
7726 return 1;
7727}
7728
Emeric Brun2525b6b2012-10-18 15:59:43 +02007729/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007730static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007731smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007732{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007733 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007734 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007735
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007736 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007737 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02007738 return 0;
7739
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007740 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007741 smp->flags = SMP_F_MAY_CHANGE;
7742 return 0;
7743 }
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007744 ctx = conn->xprt_ctx;
Emeric Brunf282a812012-09-21 15:27:54 +02007745
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007746 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007747 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007748 smp->flags = 0;
7749
7750 return 1;
7751}
7752
Emeric Brun2525b6b2012-10-18 15:59:43 +02007753/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02007754static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007755smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007756{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007757 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007758 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007759
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007760 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007761 if (!conn || conn->xprt != &ssl_sock)
7762 return 0;
7763
7764 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007765 smp->flags = SMP_F_MAY_CHANGE;
7766 return 0;
7767 }
7768
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007769 ctx = conn->xprt_ctx;
7770
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007771 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007772 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007773 smp->flags = 0;
7774
7775 return 1;
7776}
7777
Emeric Brun2525b6b2012-10-18 15:59:43 +02007778/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007779static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007780smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007781{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007782 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007783 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007784
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007785 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007786 if (!conn || conn->xprt != &ssl_sock)
7787 return 0;
7788
7789 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007790 smp->flags = SMP_F_MAY_CHANGE;
7791 return 0;
7792 }
7793
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007794 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007795 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007796 ctx = conn->xprt_ctx;
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007797
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007798 smp->data.type = SMP_T_SINT;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007799 smp->data.u.sint = (long long int)SSL_get_verify_result(ctx->ssl);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007800 smp->flags = 0;
7801
7802 return 1;
7803}
7804
Emeric Brunfb510ea2012-10-05 12:00:26 +02007805/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007806static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007807{
7808 if (!*args[cur_arg + 1]) {
7809 if (err)
7810 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7811 return ERR_ALERT | ERR_FATAL;
7812 }
7813
Willy Tarreauef934602016-12-22 23:12:01 +01007814 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7815 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007816 else
7817 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007818
Emeric Brund94b3fe2012-09-20 18:23:56 +02007819 return 0;
7820}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007821static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7822{
7823 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
7824}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007825
Christopher Faulet31af49d2015-06-09 17:29:50 +02007826/* parse the "ca-sign-file" bind keyword */
7827static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7828{
7829 if (!*args[cur_arg + 1]) {
7830 if (err)
7831 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7832 return ERR_ALERT | ERR_FATAL;
7833 }
7834
Willy Tarreauef934602016-12-22 23:12:01 +01007835 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7836 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02007837 else
7838 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
7839
7840 return 0;
7841}
7842
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007843/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02007844static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7845{
7846 if (!*args[cur_arg + 1]) {
7847 if (err)
7848 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
7849 return ERR_ALERT | ERR_FATAL;
7850 }
7851 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
7852 return 0;
7853}
7854
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007855/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007856static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007857{
7858 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007859 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007860 return ERR_ALERT | ERR_FATAL;
7861 }
7862
Emeric Brun76d88952012-10-05 15:47:31 +02007863 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02007864 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007865 return 0;
7866}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007867static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7868{
7869 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
7870}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02007871
Emmanuel Hocdet839af572019-05-14 16:27:35 +02007872#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02007873/* parse the "ciphersuites" bind keyword */
7874static int ssl_bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7875{
7876 if (!*args[cur_arg + 1]) {
7877 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
7878 return ERR_ALERT | ERR_FATAL;
7879 }
7880
7881 free(conf->ciphersuites);
7882 conf->ciphersuites = strdup(args[cur_arg + 1]);
7883 return 0;
7884}
7885static int bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7886{
7887 return ssl_bind_parse_ciphersuites(args, cur_arg, px, &conf->ssl_conf, err);
7888}
7889#endif
7890
Willy Tarreaub131c872019-10-16 16:42:19 +02007891/* parse the "crt" bind keyword. Returns a set of ERR_* flags possibly with an error in <err>. */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007892static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007893{
Willy Tarreau38011032013-08-13 16:59:39 +02007894 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02007895
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007896 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007897 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007898 return ERR_ALERT | ERR_FATAL;
7899 }
7900
Willy Tarreauef934602016-12-22 23:12:01 +01007901 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
7902 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02007903 memprintf(err, "'%s' : path too long", args[cur_arg]);
7904 return ERR_ALERT | ERR_FATAL;
7905 }
Willy Tarreauef934602016-12-22 23:12:01 +01007906 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreaub131c872019-10-16 16:42:19 +02007907 return ssl_sock_load_cert(path, conf, err);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007908 }
7909
Willy Tarreaub131c872019-10-16 16:42:19 +02007910 return ssl_sock_load_cert(args[cur_arg + 1], conf, err);
Emeric Brund94b3fe2012-09-20 18:23:56 +02007911}
7912
Willy Tarreaub131c872019-10-16 16:42:19 +02007913/* parse the "crt-list" bind keyword. Returns a set of ERR_* flags possibly with an error in <err>. */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007914static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7915{
Willy Tarreaub131c872019-10-16 16:42:19 +02007916 int err_code;
7917
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007918 if (!*args[cur_arg + 1]) {
7919 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
7920 return ERR_ALERT | ERR_FATAL;
7921 }
7922
Willy Tarreaub131c872019-10-16 16:42:19 +02007923 err_code = ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err);
7924 if (err_code)
Willy Tarreauad1731d2013-04-02 17:35:58 +02007925 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007926
Willy Tarreaub131c872019-10-16 16:42:19 +02007927 return err_code;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007928}
7929
Emeric Brunfb510ea2012-10-05 12:00:26 +02007930/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007931static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007932{
Emeric Brun051cdab2012-10-02 19:25:50 +02007933#ifndef X509_V_FLAG_CRL_CHECK
7934 if (err)
7935 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
7936 return ERR_ALERT | ERR_FATAL;
7937#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02007938 if (!*args[cur_arg + 1]) {
7939 if (err)
7940 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
7941 return ERR_ALERT | ERR_FATAL;
7942 }
Emeric Brun2b58d042012-09-20 17:10:03 +02007943
Willy Tarreauef934602016-12-22 23:12:01 +01007944 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7945 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007946 else
7947 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007948
Emeric Brun2b58d042012-09-20 17:10:03 +02007949 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02007950#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02007951}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007952static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7953{
7954 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
7955}
Emeric Brun2b58d042012-09-20 17:10:03 +02007956
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007957/* parse the "curves" bind keyword keyword */
7958static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7959{
Lukas Tribusd13e9252019-11-24 18:20:40 +01007960#if ((HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL) || defined(LIBRESSL_VERSION_NUMBER))
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007961 if (!*args[cur_arg + 1]) {
7962 if (err)
7963 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
7964 return ERR_ALERT | ERR_FATAL;
7965 }
7966 conf->curves = strdup(args[cur_arg + 1]);
7967 return 0;
7968#else
7969 if (err)
7970 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
7971 return ERR_ALERT | ERR_FATAL;
7972#endif
7973}
7974static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7975{
7976 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
7977}
7978
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007979/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007980static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02007981{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007982#if HA_OPENSSL_VERSION_NUMBER < 0x0090800fL
Emeric Brun2b58d042012-09-20 17:10:03 +02007983 if (err)
7984 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
7985 return ERR_ALERT | ERR_FATAL;
7986#elif defined(OPENSSL_NO_ECDH)
7987 if (err)
7988 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
7989 return ERR_ALERT | ERR_FATAL;
7990#else
7991 if (!*args[cur_arg + 1]) {
7992 if (err)
7993 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
7994 return ERR_ALERT | ERR_FATAL;
7995 }
7996
7997 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007998
7999 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02008000#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008001}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008002static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8003{
8004 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
8005}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008006
Bertrand Jacquinff13c062016-11-13 16:37:11 +00008007/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02008008static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8009{
8010 int code;
8011 char *p = args[cur_arg + 1];
8012 unsigned long long *ignerr = &conf->crt_ignerr;
8013
8014 if (!*p) {
8015 if (err)
8016 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
8017 return ERR_ALERT | ERR_FATAL;
8018 }
8019
8020 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
8021 ignerr = &conf->ca_ignerr;
8022
8023 if (strcmp(p, "all") == 0) {
8024 *ignerr = ~0ULL;
8025 return 0;
8026 }
8027
8028 while (p) {
8029 code = atoi(p);
8030 if ((code <= 0) || (code > 63)) {
8031 if (err)
8032 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
8033 args[cur_arg], code, args[cur_arg + 1]);
8034 return ERR_ALERT | ERR_FATAL;
8035 }
8036 *ignerr |= 1ULL << code;
8037 p = strchr(p, ',');
8038 if (p)
8039 p++;
8040 }
8041
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008042 return 0;
8043}
8044
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008045/* parse tls_method_options "no-xxx" and "force-xxx" */
8046static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008047{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008048 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008049 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008050 p = strchr(arg, '-');
8051 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008052 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008053 p++;
8054 if (!strcmp(p, "sslv3"))
8055 v = CONF_SSLV3;
8056 else if (!strcmp(p, "tlsv10"))
8057 v = CONF_TLSV10;
8058 else if (!strcmp(p, "tlsv11"))
8059 v = CONF_TLSV11;
8060 else if (!strcmp(p, "tlsv12"))
8061 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008062 else if (!strcmp(p, "tlsv13"))
8063 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008064 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008065 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008066 if (!strncmp(arg, "no-", 3))
8067 methods->flags |= methodVersions[v].flag;
8068 else if (!strncmp(arg, "force-", 6))
8069 methods->min = methods->max = v;
8070 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008071 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008072 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008073 fail:
8074 if (err)
8075 memprintf(err, "'%s' : option not implemented", arg);
8076 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008077}
8078
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008079static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008080{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008081 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008082}
8083
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008084static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008085{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008086 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
8087}
8088
8089/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
8090static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
8091{
8092 uint16_t i, v = 0;
8093 char *argv = args[cur_arg + 1];
8094 if (!*argv) {
8095 if (err)
8096 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
8097 return ERR_ALERT | ERR_FATAL;
8098 }
8099 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
8100 if (!strcmp(argv, methodVersions[i].name))
8101 v = i;
8102 if (!v) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008103 if (err)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008104 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008105 return ERR_ALERT | ERR_FATAL;
8106 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008107 if (!strcmp("ssl-min-ver", args[cur_arg]))
8108 methods->min = v;
8109 else if (!strcmp("ssl-max-ver", args[cur_arg]))
8110 methods->max = v;
8111 else {
8112 if (err)
8113 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
8114 return ERR_ALERT | ERR_FATAL;
8115 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008116 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008117}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008118
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008119static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8120{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008121#if (HA_OPENSSL_VERSION_NUMBER < 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01008122 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008123#endif
8124 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
8125}
8126
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008127static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8128{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008129 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008130}
8131
8132static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8133{
8134 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
8135}
8136
Emeric Brun2d0c4822012-10-02 13:45:20 +02008137/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008138static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02008139{
Emeric Brun89675492012-10-05 13:48:26 +02008140 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02008141 return 0;
8142}
Emeric Brun2d0c4822012-10-02 13:45:20 +02008143
Olivier Houchardc2aae742017-09-22 18:26:28 +02008144/* parse the "allow-0rtt" bind keyword */
8145static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8146{
8147 conf->early_data = 1;
8148 return 0;
8149}
8150
8151static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8152{
Olivier Houchard9679ac92017-10-27 14:58:08 +02008153 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02008154 return 0;
8155}
8156
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008157/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008158static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008159{
Bernard Spil13c53f82018-02-15 13:34:58 +01008160#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008161 char *p1, *p2;
8162
8163 if (!*args[cur_arg + 1]) {
8164 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
8165 return ERR_ALERT | ERR_FATAL;
8166 }
8167
8168 free(conf->npn_str);
8169
Willy Tarreau3724da12016-02-12 17:11:12 +01008170 /* the NPN string is built as a suite of (<len> <name>)*,
8171 * so we reuse each comma to store the next <len> and need
8172 * one more for the end of the string.
8173 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008174 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01008175 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008176 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
8177
8178 /* replace commas with the name length */
8179 p1 = conf->npn_str;
8180 p2 = p1 + 1;
8181 while (1) {
8182 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
8183 if (!p2)
8184 p2 = p1 + 1 + strlen(p1 + 1);
8185
8186 if (p2 - (p1 + 1) > 255) {
8187 *p2 = '\0';
8188 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8189 return ERR_ALERT | ERR_FATAL;
8190 }
8191
8192 *p1 = p2 - (p1 + 1);
8193 p1 = p2;
8194
8195 if (!*p2)
8196 break;
8197
8198 *(p2++) = '\0';
8199 }
8200 return 0;
8201#else
8202 if (err)
8203 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
8204 return ERR_ALERT | ERR_FATAL;
8205#endif
8206}
8207
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008208static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8209{
8210 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
8211}
8212
Willy Tarreauab861d32013-04-02 02:30:41 +02008213/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008214static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02008215{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008216#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02008217 char *p1, *p2;
8218
8219 if (!*args[cur_arg + 1]) {
8220 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
8221 return ERR_ALERT | ERR_FATAL;
8222 }
8223
8224 free(conf->alpn_str);
8225
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008226 /* the ALPN string is built as a suite of (<len> <name>)*,
8227 * so we reuse each comma to store the next <len> and need
8228 * one more for the end of the string.
8229 */
Willy Tarreauab861d32013-04-02 02:30:41 +02008230 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008231 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02008232 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
8233
8234 /* replace commas with the name length */
8235 p1 = conf->alpn_str;
8236 p2 = p1 + 1;
8237 while (1) {
8238 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
8239 if (!p2)
8240 p2 = p1 + 1 + strlen(p1 + 1);
8241
8242 if (p2 - (p1 + 1) > 255) {
8243 *p2 = '\0';
8244 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8245 return ERR_ALERT | ERR_FATAL;
8246 }
8247
8248 *p1 = p2 - (p1 + 1);
8249 p1 = p2;
8250
8251 if (!*p2)
8252 break;
8253
8254 *(p2++) = '\0';
8255 }
8256 return 0;
8257#else
8258 if (err)
8259 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
8260 return ERR_ALERT | ERR_FATAL;
8261#endif
8262}
8263
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008264static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8265{
8266 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
8267}
8268
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008269/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02008270static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008271{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01008272 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02008273 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02008274
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008275 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
8276 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008277#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008278 if (global_ssl.listen_default_ciphersuites && !conf->ssl_conf.ciphersuites)
8279 conf->ssl_conf.ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
8280#endif
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008281 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008282 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
8283 if (!conf->ssl_conf.ssl_methods.min)
8284 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
8285 if (!conf->ssl_conf.ssl_methods.max)
8286 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02008287
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008288 return 0;
8289}
8290
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008291/* parse the "prefer-client-ciphers" bind keyword */
8292static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8293{
8294 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
8295 return 0;
8296}
8297
Christopher Faulet31af49d2015-06-09 17:29:50 +02008298/* parse the "generate-certificates" bind keyword */
8299static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8300{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008301#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02008302 conf->generate_certs = 1;
8303#else
8304 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
8305 err && *err ? *err : "");
8306#endif
8307 return 0;
8308}
8309
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008310/* parse the "strict-sni" bind keyword */
8311static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8312{
8313 conf->strict_sni = 1;
8314 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008315}
8316
8317/* parse the "tls-ticket-keys" bind keyword */
8318static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8319{
8320#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008321 FILE *f = NULL;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008322 int i = 0;
8323 char thisline[LINESIZE];
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008324 struct tls_keys_ref *keys_ref = NULL;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008325
8326 if (!*args[cur_arg + 1]) {
8327 if (err)
8328 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008329 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008330 }
8331
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008332 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008333 if (keys_ref) {
8334 keys_ref->refcount++;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008335 conf->keys_ref = keys_ref;
8336 return 0;
8337 }
8338
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008339 keys_ref = calloc(1, sizeof(*keys_ref));
Emeric Brun09852f72019-01-10 10:51:13 +01008340 if (!keys_ref) {
8341 if (err)
8342 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008343 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01008344 }
8345
Emeric Brun9e754772019-01-10 17:51:55 +01008346 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(union tls_sess_key));
Emeric Brun09852f72019-01-10 10:51:13 +01008347 if (!keys_ref->tlskeys) {
Emeric Brun09852f72019-01-10 10:51:13 +01008348 if (err)
8349 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008350 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01008351 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008352
8353 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
8354 if (err)
8355 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008356 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008357 }
8358
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008359 keys_ref->filename = strdup(args[cur_arg + 1]);
Emeric Brun09852f72019-01-10 10:51:13 +01008360 if (!keys_ref->filename) {
Emeric Brun09852f72019-01-10 10:51:13 +01008361 if (err)
8362 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008363 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01008364 }
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008365
Emeric Brun9e754772019-01-10 17:51:55 +01008366 keys_ref->key_size_bits = 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008367 while (fgets(thisline, sizeof(thisline), f) != NULL) {
8368 int len = strlen(thisline);
Emeric Brun9e754772019-01-10 17:51:55 +01008369 int dec_size;
8370
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008371 /* Strip newline characters from the end */
8372 if(thisline[len - 1] == '\n')
8373 thisline[--len] = 0;
8374
8375 if(thisline[len - 1] == '\r')
8376 thisline[--len] = 0;
8377
Emeric Brun9e754772019-01-10 17:51:55 +01008378 dec_size = base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(union tls_sess_key));
8379 if (dec_size < 0) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008380 if (err)
8381 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008382 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008383 }
Emeric Brun9e754772019-01-10 17:51:55 +01008384 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_128))) {
8385 keys_ref->key_size_bits = 128;
8386 }
8387 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_256))) {
8388 keys_ref->key_size_bits = 256;
8389 }
8390 else if (((dec_size != sizeof(struct tls_sess_key_128)) && (dec_size != sizeof(struct tls_sess_key_256)))
8391 || ((dec_size == sizeof(struct tls_sess_key_128) && (keys_ref->key_size_bits != 128)))
8392 || ((dec_size == sizeof(struct tls_sess_key_256) && (keys_ref->key_size_bits != 256)))) {
Emeric Brun9e754772019-01-10 17:51:55 +01008393 if (err)
8394 memprintf(err, "'%s' : wrong sized key on line %d", args[cur_arg+1], i + 1);
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008395 goto fail;
Emeric Brun9e754772019-01-10 17:51:55 +01008396 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008397 i++;
8398 }
8399
8400 if (i < TLS_TICKETS_NO) {
8401 if (err)
8402 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008403 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008404 }
8405
8406 fclose(f);
8407
8408 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01008409 i -= 2;
8410 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008411 keys_ref->unique_id = -1;
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008412 keys_ref->refcount = 1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01008413 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008414 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008415
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008416 LIST_ADD(&tlskeys_reference, &keys_ref->list);
8417
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008418 return 0;
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008419
8420 fail:
8421 if (f)
8422 fclose(f);
8423 if (keys_ref) {
8424 free(keys_ref->filename);
8425 free(keys_ref->tlskeys);
8426 free(keys_ref);
8427 }
8428 return ERR_ALERT | ERR_FATAL;
8429
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008430#else
8431 if (err)
8432 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
8433 return ERR_ALERT | ERR_FATAL;
8434#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008435}
8436
Emeric Brund94b3fe2012-09-20 18:23:56 +02008437/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008438static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008439{
8440 if (!*args[cur_arg + 1]) {
8441 if (err)
8442 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
8443 return ERR_ALERT | ERR_FATAL;
8444 }
8445
8446 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008447 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008448 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008449 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008450 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008451 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008452 else {
8453 if (err)
8454 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
8455 args[cur_arg], args[cur_arg + 1]);
8456 return ERR_ALERT | ERR_FATAL;
8457 }
8458
8459 return 0;
8460}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008461static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8462{
8463 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
8464}
Emeric Brund94b3fe2012-09-20 18:23:56 +02008465
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008466/* parse the "no-ca-names" bind keyword */
8467static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8468{
8469 conf->no_ca_names = 1;
8470 return 0;
8471}
8472static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8473{
8474 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
8475}
8476
Willy Tarreau92faadf2012-10-10 23:04:25 +02008477/************** "server" keywords ****************/
8478
Olivier Houchardc7566002018-11-20 23:33:50 +01008479/* parse the "npn" bind keyword */
8480static int srv_parse_npn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8481{
8482#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
8483 char *p1, *p2;
8484
8485 if (!*args[*cur_arg + 1]) {
8486 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[*cur_arg]);
8487 return ERR_ALERT | ERR_FATAL;
8488 }
8489
8490 free(newsrv->ssl_ctx.npn_str);
8491
8492 /* the NPN string is built as a suite of (<len> <name>)*,
8493 * so we reuse each comma to store the next <len> and need
8494 * one more for the end of the string.
8495 */
8496 newsrv->ssl_ctx.npn_len = strlen(args[*cur_arg + 1]) + 1;
8497 newsrv->ssl_ctx.npn_str = calloc(1, newsrv->ssl_ctx.npn_len + 1);
8498 memcpy(newsrv->ssl_ctx.npn_str + 1, args[*cur_arg + 1],
8499 newsrv->ssl_ctx.npn_len);
8500
8501 /* replace commas with the name length */
8502 p1 = newsrv->ssl_ctx.npn_str;
8503 p2 = p1 + 1;
8504 while (1) {
8505 p2 = memchr(p1 + 1, ',', newsrv->ssl_ctx.npn_str +
8506 newsrv->ssl_ctx.npn_len - (p1 + 1));
8507 if (!p2)
8508 p2 = p1 + 1 + strlen(p1 + 1);
8509
8510 if (p2 - (p1 + 1) > 255) {
8511 *p2 = '\0';
8512 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8513 return ERR_ALERT | ERR_FATAL;
8514 }
8515
8516 *p1 = p2 - (p1 + 1);
8517 p1 = p2;
8518
8519 if (!*p2)
8520 break;
8521
8522 *(p2++) = '\0';
8523 }
8524 return 0;
8525#else
8526 if (err)
8527 memprintf(err, "'%s' : library does not support TLS NPN extension", args[*cur_arg]);
8528 return ERR_ALERT | ERR_FATAL;
8529#endif
8530}
8531
Olivier Houchard92150142018-12-21 19:47:01 +01008532/* parse the "alpn" or the "check-alpn" server keyword */
Olivier Houchardc7566002018-11-20 23:33:50 +01008533static int srv_parse_alpn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8534{
8535#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
8536 char *p1, *p2;
Olivier Houchard92150142018-12-21 19:47:01 +01008537 char **alpn_str;
8538 int *alpn_len;
Olivier Houchardc7566002018-11-20 23:33:50 +01008539
Olivier Houchard92150142018-12-21 19:47:01 +01008540 if (*args[*cur_arg] == 'c') {
8541 alpn_str = &newsrv->check.alpn_str;
8542 alpn_len = &newsrv->check.alpn_len;
8543 } else {
8544 alpn_str = &newsrv->ssl_ctx.alpn_str;
8545 alpn_len = &newsrv->ssl_ctx.alpn_len;
8546
8547 }
Olivier Houchardc7566002018-11-20 23:33:50 +01008548 if (!*args[*cur_arg + 1]) {
8549 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[*cur_arg]);
8550 return ERR_ALERT | ERR_FATAL;
8551 }
8552
Olivier Houchard92150142018-12-21 19:47:01 +01008553 free(*alpn_str);
Olivier Houchardc7566002018-11-20 23:33:50 +01008554
8555 /* the ALPN string is built as a suite of (<len> <name>)*,
8556 * so we reuse each comma to store the next <len> and need
8557 * one more for the end of the string.
8558 */
Olivier Houchard92150142018-12-21 19:47:01 +01008559 *alpn_len = strlen(args[*cur_arg + 1]) + 1;
8560 *alpn_str = calloc(1, *alpn_len + 1);
8561 memcpy(*alpn_str + 1, args[*cur_arg + 1], *alpn_len);
Olivier Houchardc7566002018-11-20 23:33:50 +01008562
8563 /* replace commas with the name length */
Olivier Houchard92150142018-12-21 19:47:01 +01008564 p1 = *alpn_str;
Olivier Houchardc7566002018-11-20 23:33:50 +01008565 p2 = p1 + 1;
8566 while (1) {
Olivier Houchard92150142018-12-21 19:47:01 +01008567 p2 = memchr(p1 + 1, ',', *alpn_str + *alpn_len - (p1 + 1));
Olivier Houchardc7566002018-11-20 23:33:50 +01008568 if (!p2)
8569 p2 = p1 + 1 + strlen(p1 + 1);
8570
8571 if (p2 - (p1 + 1) > 255) {
8572 *p2 = '\0';
8573 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8574 return ERR_ALERT | ERR_FATAL;
8575 }
8576
8577 *p1 = p2 - (p1 + 1);
8578 p1 = p2;
8579
8580 if (!*p2)
8581 break;
8582
8583 *(p2++) = '\0';
8584 }
8585 return 0;
8586#else
8587 if (err)
8588 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[*cur_arg]);
8589 return ERR_ALERT | ERR_FATAL;
8590#endif
8591}
8592
Emeric Brunef42d922012-10-11 16:11:36 +02008593/* parse the "ca-file" server keyword */
8594static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8595{
8596 if (!*args[*cur_arg + 1]) {
8597 if (err)
8598 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
8599 return ERR_ALERT | ERR_FATAL;
8600 }
8601
Willy Tarreauef934602016-12-22 23:12:01 +01008602 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8603 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008604 else
8605 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
8606
8607 return 0;
8608}
8609
Olivier Houchard9130a962017-10-17 17:33:43 +02008610/* parse the "check-sni" server keyword */
8611static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8612{
8613 if (!*args[*cur_arg + 1]) {
8614 if (err)
8615 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
8616 return ERR_ALERT | ERR_FATAL;
8617 }
8618
8619 newsrv->check.sni = strdup(args[*cur_arg + 1]);
8620 if (!newsrv->check.sni) {
8621 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
8622 return ERR_ALERT | ERR_FATAL;
8623 }
8624 return 0;
8625
8626}
8627
Willy Tarreau92faadf2012-10-10 23:04:25 +02008628/* parse the "check-ssl" server keyword */
8629static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8630{
8631 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008632 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8633 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008634#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008635 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8636 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8637#endif
Willy Tarreauef934602016-12-22 23:12:01 +01008638 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008639 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
8640 if (!newsrv->ssl_ctx.methods.min)
8641 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
8642 if (!newsrv->ssl_ctx.methods.max)
8643 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
8644
Willy Tarreau92faadf2012-10-10 23:04:25 +02008645 return 0;
8646}
8647
8648/* parse the "ciphers" server keyword */
8649static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8650{
8651 if (!*args[*cur_arg + 1]) {
8652 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8653 return ERR_ALERT | ERR_FATAL;
8654 }
8655
8656 free(newsrv->ssl_ctx.ciphers);
8657 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
8658 return 0;
8659}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008660
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008661#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008662/* parse the "ciphersuites" server keyword */
8663static int srv_parse_ciphersuites(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8664{
8665 if (!*args[*cur_arg + 1]) {
8666 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8667 return ERR_ALERT | ERR_FATAL;
8668 }
8669
8670 free(newsrv->ssl_ctx.ciphersuites);
8671 newsrv->ssl_ctx.ciphersuites = strdup(args[*cur_arg + 1]);
8672 return 0;
8673}
8674#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02008675
Emeric Brunef42d922012-10-11 16:11:36 +02008676/* parse the "crl-file" server keyword */
8677static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8678{
8679#ifndef X509_V_FLAG_CRL_CHECK
8680 if (err)
8681 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
8682 return ERR_ALERT | ERR_FATAL;
8683#else
8684 if (!*args[*cur_arg + 1]) {
8685 if (err)
8686 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
8687 return ERR_ALERT | ERR_FATAL;
8688 }
8689
Willy Tarreauef934602016-12-22 23:12:01 +01008690 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8691 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008692 else
8693 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
8694
8695 return 0;
8696#endif
8697}
8698
Emeric Bruna7aa3092012-10-26 12:58:00 +02008699/* parse the "crt" server keyword */
8700static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8701{
8702 if (!*args[*cur_arg + 1]) {
8703 if (err)
8704 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
8705 return ERR_ALERT | ERR_FATAL;
8706 }
8707
Willy Tarreauef934602016-12-22 23:12:01 +01008708 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01008709 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02008710 else
8711 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
8712
8713 return 0;
8714}
Emeric Brunef42d922012-10-11 16:11:36 +02008715
Frédéric Lécaille340ae602017-03-13 10:38:04 +01008716/* parse the "no-check-ssl" server keyword */
8717static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8718{
Christopher Faulet68d35ae2020-03-27 18:55:49 +01008719 newsrv->check.use_ssl = -1;
Frédéric Lécaille340ae602017-03-13 10:38:04 +01008720 free(newsrv->ssl_ctx.ciphers);
8721 newsrv->ssl_ctx.ciphers = NULL;
8722 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
8723 return 0;
8724}
8725
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01008726/* parse the "no-send-proxy-v2-ssl" server keyword */
8727static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8728{
8729 newsrv->pp_opts &= ~SRV_PP_V2;
8730 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8731 return 0;
8732}
8733
8734/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
8735static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8736{
8737 newsrv->pp_opts &= ~SRV_PP_V2;
8738 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8739 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
8740 return 0;
8741}
8742
Frédéric Lécaillee381d762017-03-13 11:54:17 +01008743/* parse the "no-ssl" server keyword */
8744static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8745{
Christopher Faulet68d35ae2020-03-27 18:55:49 +01008746 newsrv->use_ssl = -1;
Frédéric Lécaillee381d762017-03-13 11:54:17 +01008747 free(newsrv->ssl_ctx.ciphers);
8748 newsrv->ssl_ctx.ciphers = NULL;
8749 return 0;
8750}
8751
Olivier Houchard522eea72017-11-03 16:27:47 +01008752/* parse the "allow-0rtt" server keyword */
8753static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8754{
8755 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
8756 return 0;
8757}
8758
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01008759/* parse the "no-ssl-reuse" server keyword */
8760static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8761{
8762 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
8763 return 0;
8764}
8765
Emeric Brunf9c5c472012-10-11 15:28:34 +02008766/* parse the "no-tls-tickets" server keyword */
8767static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8768{
8769 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
8770 return 0;
8771}
David Safb76832014-05-08 23:42:08 -04008772/* parse the "send-proxy-v2-ssl" server keyword */
8773static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8774{
8775 newsrv->pp_opts |= SRV_PP_V2;
8776 newsrv->pp_opts |= SRV_PP_V2_SSL;
8777 return 0;
8778}
8779
8780/* parse the "send-proxy-v2-ssl-cn" server keyword */
8781static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8782{
8783 newsrv->pp_opts |= SRV_PP_V2;
8784 newsrv->pp_opts |= SRV_PP_V2_SSL;
8785 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
8786 return 0;
8787}
Emeric Brunf9c5c472012-10-11 15:28:34 +02008788
Willy Tarreau732eac42015-07-09 11:40:25 +02008789/* parse the "sni" server keyword */
8790static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8791{
8792#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
8793 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
8794 return ERR_ALERT | ERR_FATAL;
8795#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008796 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02008797
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008798 arg = args[*cur_arg + 1];
8799 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02008800 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
8801 return ERR_ALERT | ERR_FATAL;
8802 }
8803
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008804 free(newsrv->sni_expr);
8805 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02008806
Willy Tarreau732eac42015-07-09 11:40:25 +02008807 return 0;
8808#endif
8809}
8810
Willy Tarreau92faadf2012-10-10 23:04:25 +02008811/* parse the "ssl" server keyword */
8812static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8813{
8814 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008815 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8816 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008817#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008818 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8819 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8820#endif
Jerome Magnin770bc8a2020-04-22 11:40:18 +02008821 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
8822 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
8823
8824 if (!newsrv->ssl_ctx.methods.min)
8825 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
8826
8827 if (!newsrv->ssl_ctx.methods.max)
8828 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
8829
8830
Willy Tarreau92faadf2012-10-10 23:04:25 +02008831 return 0;
8832}
8833
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008834/* parse the "ssl-reuse" server keyword */
8835static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8836{
8837 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
8838 return 0;
8839}
8840
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008841/* parse the "tls-tickets" server keyword */
8842static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8843{
8844 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
8845 return 0;
8846}
8847
Emeric Brunef42d922012-10-11 16:11:36 +02008848/* parse the "verify" server keyword */
8849static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8850{
8851 if (!*args[*cur_arg + 1]) {
8852 if (err)
8853 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
8854 return ERR_ALERT | ERR_FATAL;
8855 }
8856
8857 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008858 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02008859 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008860 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02008861 else {
8862 if (err)
8863 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
8864 args[*cur_arg], args[*cur_arg + 1]);
8865 return ERR_ALERT | ERR_FATAL;
8866 }
8867
Evan Broderbe554312013-06-27 00:05:25 -07008868 return 0;
8869}
8870
8871/* parse the "verifyhost" server keyword */
8872static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8873{
8874 if (!*args[*cur_arg + 1]) {
8875 if (err)
8876 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
8877 return ERR_ALERT | ERR_FATAL;
8878 }
8879
Frédéric Lécaille273f3212017-03-13 15:52:01 +01008880 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07008881 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
8882
Emeric Brunef42d922012-10-11 16:11:36 +02008883 return 0;
8884}
8885
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008886/* parse the "ssl-default-bind-options" keyword in global section */
8887static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
8888 struct proxy *defpx, const char *file, int line,
8889 char **err) {
8890 int i = 1;
8891
8892 if (*(args[i]) == 0) {
8893 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8894 return -1;
8895 }
8896 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008897 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008898 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008899 else if (!strcmp(args[i], "prefer-client-ciphers"))
8900 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008901 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8902 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
8903 i++;
8904 else {
8905 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8906 return -1;
8907 }
8908 }
8909 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008910 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8911 return -1;
8912 }
8913 i++;
8914 }
8915 return 0;
8916}
8917
8918/* parse the "ssl-default-server-options" keyword in global section */
8919static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
8920 struct proxy *defpx, const char *file, int line,
8921 char **err) {
8922 int i = 1;
8923
8924 if (*(args[i]) == 0) {
8925 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8926 return -1;
8927 }
8928 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008929 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008930 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008931 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8932 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
8933 i++;
8934 else {
8935 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8936 return -1;
8937 }
8938 }
8939 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008940 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8941 return -1;
8942 }
8943 i++;
8944 }
8945 return 0;
8946}
8947
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008948/* parse the "ca-base" / "crt-base" keywords in global section.
8949 * Returns <0 on alert, >0 on warning, 0 on success.
8950 */
8951static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
8952 struct proxy *defpx, const char *file, int line,
8953 char **err)
8954{
8955 char **target;
8956
Willy Tarreauef934602016-12-22 23:12:01 +01008957 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008958
8959 if (too_many_args(1, args, err, NULL))
8960 return -1;
8961
8962 if (*target) {
8963 memprintf(err, "'%s' already specified.", args[0]);
8964 return -1;
8965 }
8966
8967 if (*(args[1]) == 0) {
8968 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
8969 return -1;
8970 }
8971 *target = strdup(args[1]);
8972 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008973}
8974
8975/* parse the "ssl-mode-async" keyword in global section.
8976 * Returns <0 on alert, >0 on warning, 0 on success.
8977 */
8978static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
8979 struct proxy *defpx, const char *file, int line,
8980 char **err)
8981{
Willy Tarreau5db847a2019-05-09 14:13:35 +02008982#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008983 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01008984 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008985 return 0;
8986#else
8987 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
8988 return -1;
8989#endif
8990}
8991
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008992#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008993static int ssl_check_async_engine_count(void) {
8994 int err_code = 0;
8995
Emeric Brun3854e012017-05-17 20:42:48 +02008996 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01008997 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008998 err_code = ERR_ABORT;
8999 }
9000 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009001}
9002
Grant Zhang872f9c22017-01-21 01:10:18 +00009003/* parse the "ssl-engine" keyword in global section.
9004 * Returns <0 on alert, >0 on warning, 0 on success.
9005 */
9006static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
9007 struct proxy *defpx, const char *file, int line,
9008 char **err)
9009{
9010 char *algo;
9011 int ret = -1;
9012
9013 if (*(args[1]) == 0) {
9014 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
9015 return ret;
9016 }
9017
9018 if (*(args[2]) == 0) {
9019 /* if no list of algorithms is given, it defaults to ALL */
9020 algo = strdup("ALL");
9021 goto add_engine;
9022 }
9023
9024 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
9025 if (strcmp(args[2], "algo") != 0) {
9026 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
9027 return ret;
9028 }
9029
9030 if (*(args[3]) == 0) {
9031 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
9032 return ret;
9033 }
9034 algo = strdup(args[3]);
9035
9036add_engine:
9037 if (ssl_init_single_engine(args[1], algo)==0) {
9038 openssl_engines_initialized++;
9039 ret = 0;
9040 }
9041 free(algo);
9042 return ret;
9043}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009044#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00009045
Willy Tarreauf22e9682016-12-21 23:23:19 +01009046/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
9047 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
9048 */
9049static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
9050 struct proxy *defpx, const char *file, int line,
9051 char **err)
9052{
9053 char **target;
9054
Willy Tarreauef934602016-12-22 23:12:01 +01009055 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01009056
9057 if (too_many_args(1, args, err, NULL))
9058 return -1;
9059
9060 if (*(args[1]) == 0) {
9061 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
9062 return -1;
9063 }
9064
9065 free(*target);
9066 *target = strdup(args[1]);
9067 return 0;
9068}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009069
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009070#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009071/* parse the "ssl-default-bind-ciphersuites" / "ssl-default-server-ciphersuites" keywords
9072 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
9073 */
9074static int ssl_parse_global_ciphersuites(char **args, int section_type, struct proxy *curpx,
9075 struct proxy *defpx, const char *file, int line,
9076 char **err)
9077{
9078 char **target;
9079
9080 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphersuites : &global_ssl.connect_default_ciphersuites;
9081
9082 if (too_many_args(1, args, err, NULL))
9083 return -1;
9084
9085 if (*(args[1]) == 0) {
9086 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
9087 return -1;
9088 }
9089
9090 free(*target);
9091 *target = strdup(args[1]);
9092 return 0;
9093}
9094#endif
Willy Tarreauf22e9682016-12-21 23:23:19 +01009095
Willy Tarreau9ceda382016-12-21 23:13:03 +01009096/* parse various global tune.ssl settings consisting in positive integers.
9097 * Returns <0 on alert, >0 on warning, 0 on success.
9098 */
9099static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
9100 struct proxy *defpx, const char *file, int line,
9101 char **err)
9102{
9103 int *target;
9104
9105 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
9106 target = &global.tune.sslcachesize;
9107 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009108 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009109 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009110 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009111 else if (strcmp(args[0], "maxsslconn") == 0)
9112 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009113 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
9114 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009115 else {
9116 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
9117 return -1;
9118 }
9119
9120 if (too_many_args(1, args, err, NULL))
9121 return -1;
9122
9123 if (*(args[1]) == 0) {
9124 memprintf(err, "'%s' expects an integer argument.", args[0]);
9125 return -1;
9126 }
9127
9128 *target = atoi(args[1]);
9129 if (*target < 0) {
9130 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
9131 return -1;
9132 }
9133 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009134}
9135
9136static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
9137 struct proxy *defpx, const char *file, int line,
9138 char **err)
9139{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009140 int ret;
9141
9142 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
9143 if (ret != 0)
9144 return ret;
9145
Willy Tarreaubafbe012017-11-24 17:34:44 +01009146 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009147 memprintf(err, "'%s' is already configured.", args[0]);
9148 return -1;
9149 }
9150
Willy Tarreaubafbe012017-11-24 17:34:44 +01009151 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
9152 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009153 memprintf(err, "Out of memory error.");
9154 return -1;
9155 }
9156 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009157}
9158
9159/* parse "ssl.force-private-cache".
9160 * Returns <0 on alert, >0 on warning, 0 on success.
9161 */
9162static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
9163 struct proxy *defpx, const char *file, int line,
9164 char **err)
9165{
9166 if (too_many_args(0, args, err, NULL))
9167 return -1;
9168
Willy Tarreauef934602016-12-22 23:12:01 +01009169 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009170 return 0;
9171}
9172
9173/* parse "ssl.lifetime".
9174 * Returns <0 on alert, >0 on warning, 0 on success.
9175 */
9176static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
9177 struct proxy *defpx, const char *file, int line,
9178 char **err)
9179{
9180 const char *res;
9181
9182 if (too_many_args(1, args, err, NULL))
9183 return -1;
9184
9185 if (*(args[1]) == 0) {
9186 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
9187 return -1;
9188 }
9189
Willy Tarreauef934602016-12-22 23:12:01 +01009190 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9faebe32019-06-07 19:00:37 +02009191 if (res == PARSE_TIME_OVER) {
9192 memprintf(err, "timer overflow in argument '%s' to <%s> (maximum value is 2147483647 s or ~68 years).",
9193 args[1], args[0]);
9194 return -1;
9195 }
9196 else if (res == PARSE_TIME_UNDER) {
9197 memprintf(err, "timer underflow in argument '%s' to <%s> (minimum non-null value is 1 s).",
9198 args[1], args[0]);
9199 return -1;
9200 }
9201 else if (res) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009202 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
9203 return -1;
9204 }
9205 return 0;
9206}
9207
9208#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01009209/* parse "ssl-dh-param-file".
9210 * Returns <0 on alert, >0 on warning, 0 on success.
9211 */
9212static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
9213 struct proxy *defpx, const char *file, int line,
9214 char **err)
9215{
9216 if (too_many_args(1, args, err, NULL))
9217 return -1;
9218
9219 if (*(args[1]) == 0) {
9220 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
9221 return -1;
9222 }
9223
9224 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
9225 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
9226 return -1;
9227 }
9228 return 0;
9229}
9230
Willy Tarreau9ceda382016-12-21 23:13:03 +01009231/* parse "ssl.default-dh-param".
9232 * Returns <0 on alert, >0 on warning, 0 on success.
9233 */
9234static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
9235 struct proxy *defpx, const char *file, int line,
9236 char **err)
9237{
9238 if (too_many_args(1, args, err, NULL))
9239 return -1;
9240
9241 if (*(args[1]) == 0) {
9242 memprintf(err, "'%s' expects an integer argument.", args[0]);
9243 return -1;
9244 }
9245
Willy Tarreauef934602016-12-22 23:12:01 +01009246 global_ssl.default_dh_param = atoi(args[1]);
9247 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009248 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
9249 return -1;
9250 }
9251 return 0;
9252}
9253#endif
9254
9255
William Lallemand32af2032016-10-29 18:09:35 +02009256/* This function is used with TLS ticket keys management. It permits to browse
9257 * each reference. The variable <getnext> must contain the current node,
9258 * <end> point to the root node.
9259 */
9260#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9261static inline
9262struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
9263{
9264 struct tls_keys_ref *ref = getnext;
9265
9266 while (1) {
9267
9268 /* Get next list entry. */
9269 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
9270
9271 /* If the entry is the last of the list, return NULL. */
9272 if (&ref->list == end)
9273 return NULL;
9274
9275 return ref;
9276 }
9277}
9278
9279static inline
9280struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
9281{
9282 int id;
9283 char *error;
9284
9285 /* If the reference starts by a '#', this is numeric id. */
9286 if (reference[0] == '#') {
9287 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
9288 id = strtol(reference + 1, &error, 10);
9289 if (*error != '\0')
9290 return NULL;
9291
9292 /* Perform the unique id lookup. */
9293 return tlskeys_ref_lookupid(id);
9294 }
9295
9296 /* Perform the string lookup. */
9297 return tlskeys_ref_lookup(reference);
9298}
9299#endif
9300
9301
9302#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9303
9304static int cli_io_handler_tlskeys_files(struct appctx *appctx);
9305
9306static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
9307 return cli_io_handler_tlskeys_files(appctx);
9308}
9309
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009310/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
9311 * (next index to be dumped), and cli.p0 (next key reference).
9312 */
William Lallemand32af2032016-10-29 18:09:35 +02009313static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
9314
9315 struct stream_interface *si = appctx->owner;
9316
9317 switch (appctx->st2) {
9318 case STAT_ST_INIT:
9319 /* Display the column headers. If the message cannot be sent,
Joseph Herlant017b3da2018-11-15 09:07:59 -08009320 * quit the function with returning 0. The function is called
William Lallemand32af2032016-10-29 18:09:35 +02009321 * later and restart at the state "STAT_ST_INIT".
9322 */
9323 chunk_reset(&trash);
9324
9325 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
9326 chunk_appendf(&trash, "# id secret\n");
9327 else
9328 chunk_appendf(&trash, "# id (file)\n");
9329
Willy Tarreau06d80a92017-10-19 14:32:15 +02009330 if (ci_putchk(si_ic(si), &trash) == -1) {
Willy Tarreaudb398432018-11-15 11:08:52 +01009331 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009332 return 0;
9333 }
9334
William Lallemand32af2032016-10-29 18:09:35 +02009335 /* Now, we start the browsing of the references lists.
9336 * Note that the following call to LIST_ELEM return bad pointer. The only
9337 * available field of this pointer is <list>. It is used with the function
9338 * tlskeys_list_get_next() for retruning the first available entry
9339 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009340 if (appctx->ctx.cli.p0 == NULL) {
9341 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
9342 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009343 }
9344
9345 appctx->st2 = STAT_ST_LIST;
9346 /* fall through */
9347
9348 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009349 while (appctx->ctx.cli.p0) {
9350 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +02009351
9352 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009353 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +02009354 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009355
9356 if (appctx->ctx.cli.i1 == 0)
9357 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
9358
William Lallemand32af2032016-10-29 18:09:35 +02009359 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +01009360 int head;
9361
9362 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
9363 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009364 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
Willy Tarreau83061a82018-07-13 11:56:34 +02009365 struct buffer *t2 = get_trash_chunk();
William Lallemand32af2032016-10-29 18:09:35 +02009366
9367 chunk_reset(t2);
9368 /* should never fail here because we dump only a key in the t2 buffer */
Emeric Brun9e754772019-01-10 17:51:55 +01009369 if (ref->key_size_bits == 128) {
9370 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9371 sizeof(struct tls_sess_key_128),
9372 t2->area, t2->size);
9373 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9374 t2->area);
9375 }
9376 else if (ref->key_size_bits == 256) {
9377 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9378 sizeof(struct tls_sess_key_256),
9379 t2->area, t2->size);
9380 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9381 t2->area);
9382 }
9383 else {
9384 /* This case should never happen */
9385 chunk_appendf(&trash, "%d.%d <unknown>\n", ref->unique_id, appctx->ctx.cli.i1);
9386 }
William Lallemand32af2032016-10-29 18:09:35 +02009387
Willy Tarreau06d80a92017-10-19 14:32:15 +02009388 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009389 /* let's try again later from this stream. We add ourselves into
9390 * this stream's users so that it can remove us upon termination.
9391 */
Christopher Faulet16f45c82018-02-16 11:23:49 +01009392 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreaudb398432018-11-15 11:08:52 +01009393 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009394 return 0;
9395 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009396 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +02009397 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01009398 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009399 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009400 }
Willy Tarreau06d80a92017-10-19 14:32:15 +02009401 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009402 /* let's try again later from this stream. We add ourselves into
9403 * this stream's users so that it can remove us upon termination.
9404 */
Willy Tarreaudb398432018-11-15 11:08:52 +01009405 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009406 return 0;
9407 }
9408
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009409 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +02009410 break;
9411
9412 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009413 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009414 }
9415
9416 appctx->st2 = STAT_ST_FIN;
9417 /* fall through */
9418
9419 default:
9420 appctx->st2 = STAT_ST_FIN;
9421 return 1;
9422 }
9423 return 0;
9424}
9425
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009426/* sets cli.i0 to non-zero if only file lists should be dumped */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009427static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009428{
William Lallemand32af2032016-10-29 18:09:35 +02009429 /* no parameter, shows only file list */
9430 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009431 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009432 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009433 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009434 }
9435
9436 if (args[2][0] == '*') {
9437 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009438 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009439 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009440 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
9441 if (!appctx->ctx.cli.p0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009442 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009443 appctx->ctx.cli.msg = "'show tls-keys' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009444 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009445 return 1;
9446 }
9447 }
William Lallemand32af2032016-10-29 18:09:35 +02009448 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009449 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009450}
9451
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009452static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009453{
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009454 struct tls_keys_ref *ref;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009455 int ret;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009456
William Lallemand32af2032016-10-29 18:09:35 +02009457 /* Expect two parameters: the filename and the new new TLS key in encoding */
9458 if (!*args[3] || !*args[4]) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009459 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009460 appctx->ctx.cli.msg = "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009461 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009462 return 1;
9463 }
9464
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009465 ref = tlskeys_ref_lookup_ref(args[3]);
9466 if (!ref) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009467 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009468 appctx->ctx.cli.msg = "'set ssl tls-key' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009469 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009470 return 1;
9471 }
9472
Willy Tarreau1c913e42018-08-22 05:26:57 +02009473 ret = base64dec(args[4], strlen(args[4]), trash.area, trash.size);
Emeric Brun9e754772019-01-10 17:51:55 +01009474 if (ret < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009475 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009476 appctx->ctx.cli.msg = "'set ssl tls-key' received invalid base64 encoded TLS key.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009477 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009478 return 1;
9479 }
Emeric Brun9e754772019-01-10 17:51:55 +01009480
Willy Tarreau1c913e42018-08-22 05:26:57 +02009481 trash.data = ret;
Emeric Brun9e754772019-01-10 17:51:55 +01009482 if (ssl_sock_update_tlskey_ref(ref, &trash) < 0) {
9483 appctx->ctx.cli.severity = LOG_ERR;
9484 appctx->ctx.cli.msg = "'set ssl tls-key' received a key of wrong size.\n";
9485 appctx->st0 = CLI_ST_PRINT;
9486 return 1;
9487 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009488 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01009489 appctx->ctx.cli.msg = "TLS ticket key updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009490 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009491 return 1;
9492
9493}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009494#endif
William Lallemand32af2032016-10-29 18:09:35 +02009495
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009496static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009497{
9498#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
9499 char *err = NULL;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009500 int i, j, ret;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009501
9502 if (!payload)
9503 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +02009504
9505 /* Expect one parameter: the new response in base64 encoding */
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009506 if (!*payload) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009507 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009508 appctx->ctx.cli.msg = "'set ssl ocsp-response' expects response in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009509 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009510 return 1;
9511 }
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009512
9513 /* remove \r and \n from the payload */
9514 for (i = 0, j = 0; payload[i]; i++) {
9515 if (payload[i] == '\r' || payload[i] == '\n')
9516 continue;
9517 payload[j++] = payload[i];
9518 }
9519 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009520
Willy Tarreau1c913e42018-08-22 05:26:57 +02009521 ret = base64dec(payload, j, trash.area, trash.size);
9522 if (ret < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009523 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009524 appctx->ctx.cli.msg = "'set ssl ocsp-response' received invalid base64 encoded response.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009525 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009526 return 1;
9527 }
9528
Willy Tarreau1c913e42018-08-22 05:26:57 +02009529 trash.data = ret;
William Lallemand32af2032016-10-29 18:09:35 +02009530 if (ssl_sock_update_ocsp_response(&trash, &err)) {
9531 if (err) {
9532 memprintf(&err, "%s.\n", err);
9533 appctx->ctx.cli.err = err;
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009534 appctx->st0 = CLI_ST_PRINT_FREE;
William Lallemand32af2032016-10-29 18:09:35 +02009535 }
Aurélien Nephtali9a4da682018-04-16 19:02:42 +02009536 else {
9537 appctx->ctx.cli.severity = LOG_ERR;
9538 appctx->ctx.cli.msg = "Failed to update OCSP response.\n";
9539 appctx->st0 = CLI_ST_PRINT;
9540 }
William Lallemand32af2032016-10-29 18:09:35 +02009541 return 1;
9542 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009543 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01009544 appctx->ctx.cli.msg = "OCSP Response updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009545 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009546 return 1;
9547#else
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009548 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009549 appctx->ctx.cli.msg = "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009550 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009551 return 1;
9552#endif
9553
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009554}
9555
Willy Tarreau86a394e2019-05-09 14:15:32 +02009556#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009557static inline int sample_conv_var2smp_str(const struct arg *arg, struct sample *smp)
9558{
9559 switch (arg->type) {
9560 case ARGT_STR:
9561 smp->data.type = SMP_T_STR;
9562 smp->data.u.str = arg->data.str;
9563 return 1;
9564 case ARGT_VAR:
9565 if (!vars_get_by_desc(&arg->data.var, smp))
9566 return 0;
9567 if (!sample_casts[smp->data.type][SMP_T_STR])
9568 return 0;
9569 if (!sample_casts[smp->data.type][SMP_T_STR](smp))
9570 return 0;
9571 return 1;
9572 default:
9573 return 0;
9574 }
9575}
9576
9577static int check_aes_gcm(struct arg *args, struct sample_conv *conv,
9578 const char *file, int line, char **err)
9579{
9580 switch(args[0].data.sint) {
9581 case 128:
9582 case 192:
9583 case 256:
9584 break;
9585 default:
9586 memprintf(err, "key size must be 128, 192 or 256 (bits).");
9587 return 0;
9588 }
9589 /* Try to decode a variable. */
9590 vars_check_arg(&args[1], NULL);
9591 vars_check_arg(&args[2], NULL);
9592 vars_check_arg(&args[3], NULL);
9593 return 1;
9594}
9595
9596/* Arguements: AES size in bits, nonce, key, tag. The last three arguments are base64 encoded */
9597static int sample_conv_aes_gcm_dec(const struct arg *arg_p, struct sample *smp, void *private)
9598{
9599 struct sample nonce, key, aead_tag;
9600 struct buffer *smp_trash, *smp_trash_alloc;
9601 EVP_CIPHER_CTX *ctx;
9602 int dec_size, ret;
9603
9604 smp_set_owner(&nonce, smp->px, smp->sess, smp->strm, smp->opt);
9605 if (!sample_conv_var2smp_str(&arg_p[1], &nonce))
9606 return 0;
9607
9608 smp_set_owner(&key, smp->px, smp->sess, smp->strm, smp->opt);
9609 if (!sample_conv_var2smp_str(&arg_p[2], &key))
9610 return 0;
9611
9612 smp_set_owner(&aead_tag, smp->px, smp->sess, smp->strm, smp->opt);
9613 if (!sample_conv_var2smp_str(&arg_p[3], &aead_tag))
9614 return 0;
9615
9616 smp_trash = get_trash_chunk();
9617 smp_trash_alloc = alloc_trash_chunk();
9618 if (!smp_trash_alloc)
9619 return 0;
9620
9621 ctx = EVP_CIPHER_CTX_new();
9622
9623 if (!ctx)
9624 goto err;
9625
9626 dec_size = base64dec(nonce.data.u.str.area, nonce.data.u.str.data, smp_trash->area, smp_trash->size);
9627 if (dec_size < 0)
9628 goto err;
9629 smp_trash->data = dec_size;
9630
9631 /* Set cipher type and mode */
9632 switch(arg_p[0].data.sint) {
9633 case 128:
9634 EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
9635 break;
9636 case 192:
9637 EVP_DecryptInit_ex(ctx, EVP_aes_192_gcm(), NULL, NULL, NULL);
9638 break;
9639 case 256:
9640 EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
9641 break;
9642 }
9643
9644 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, smp_trash->data, NULL);
9645
9646 /* Initialise IV */
9647 if(!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, (unsigned char *) smp_trash->area))
9648 goto err;
9649
9650 dec_size = base64dec(key.data.u.str.area, key.data.u.str.data, smp_trash->area, smp_trash->size);
9651 if (dec_size < 0)
9652 goto err;
9653 smp_trash->data = dec_size;
9654
9655 /* Initialise key */
9656 if (!EVP_DecryptInit_ex(ctx, NULL, NULL, (unsigned char *) smp_trash->area, NULL))
9657 goto err;
9658
9659 if (!EVP_DecryptUpdate(ctx, (unsigned char *) smp_trash->area, (int *) &smp_trash->data,
9660 (unsigned char *) smp->data.u.str.area, (int) smp->data.u.str.data))
9661 goto err;
9662
9663 dec_size = base64dec(aead_tag.data.u.str.area, aead_tag.data.u.str.data, smp_trash_alloc->area, smp_trash_alloc->size);
9664 if (dec_size < 0)
9665 goto err;
9666 smp_trash_alloc->data = dec_size;
9667 dec_size = smp_trash->data;
9668
9669 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, smp_trash_alloc->data, (void *) smp_trash_alloc->area);
9670 ret = EVP_DecryptFinal_ex(ctx, (unsigned char *) smp_trash->area + smp_trash->data, (int *) &smp_trash->data);
9671
9672 if (ret <= 0)
9673 goto err;
9674
9675 smp->data.u.str.data = dec_size + smp_trash->data;
9676 smp->data.u.str.area = smp_trash->area;
9677 smp->data.type = SMP_T_BIN;
9678 smp->flags &= ~SMP_F_CONST;
9679 free_trash_chunk(smp_trash_alloc);
9680 return 1;
9681
9682err:
9683 free_trash_chunk(smp_trash_alloc);
9684 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009685}
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009686# endif
William Lallemand32af2032016-10-29 18:09:35 +02009687
9688/* register cli keywords */
9689static struct cli_kw_list cli_kws = {{ },{
9690#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9691 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +02009692 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009693#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009694 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009695 { { NULL }, NULL, NULL, NULL }
9696}};
9697
Willy Tarreau0108d902018-11-25 19:14:37 +01009698INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);
William Lallemand32af2032016-10-29 18:09:35 +02009699
Willy Tarreau7875d092012-09-10 08:20:03 +02009700/* Note: must not be declared <const> as its list will be overwritten.
9701 * Please take care of keeping this list alphabetically sorted.
9702 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009703static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +02009704 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009705 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009706#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Jérôme Magnine064a802018-12-03 22:21:04 +01009707 { "ssl_bc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009708#endif
Emeric Brun645ae792014-04-30 14:21:06 +02009709 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009710#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
9711 { "ssl_bc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
9712#endif
Emeric Brun74f7ffa2018-02-19 16:14:12 +01009713 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02009714 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +02009715 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009716 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009717#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +02009718 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04009719#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009720#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -04009721 { "ssl_bc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
9722 { "ssl_bc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmere0275472018-04-28 19:15:51 -04009723 { "ssl_bc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
9724#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009725 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9726 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009727 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009728 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009729 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9730 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9731 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9732 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9733 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9734 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9735 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9736 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009737 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009738 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9739 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009740 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009741 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9742 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9743 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9744 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9745 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9746 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9747 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +02009748 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009749 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009750 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009751 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009752 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009753 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009754 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009755 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02009756 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Bernard Spil13c53f82018-02-15 13:34:58 +01009757#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009758 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +02009759#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01009760#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009761 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +02009762#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009763 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009764#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brunb73a9b02014-04-30 18:49:19 +02009765 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009766#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009767 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009768#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009769 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009770#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009771#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -04009772 { "ssl_fc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9773 { "ssl_fc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmere0275472018-04-28 19:15:51 -04009774 { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9775#endif
Patrick Hemmer41966772018-04-28 19:15:48 -04009776#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009777 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009778#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009779 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9780 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9781 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9782 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +02009783 { NULL, NULL, 0, 0, 0 },
9784}};
9785
Willy Tarreau0108d902018-11-25 19:14:37 +01009786INITCALL1(STG_REGISTER, sample_register_fetches, &sample_fetch_keywords);
9787
Willy Tarreau7875d092012-09-10 08:20:03 +02009788/* Note: must not be declared <const> as its list will be overwritten.
9789 * Please take care of keeping this list alphabetically sorted.
9790 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009791static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +01009792 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
9793 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +01009794 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +02009795}};
9796
Willy Tarreau0108d902018-11-25 19:14:37 +01009797INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
9798
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009799/* Note: must not be declared <const> as its list will be overwritten.
9800 * Please take care of keeping this list alphabetically sorted, doing so helps
9801 * all code contributors.
9802 * Optional keywords are also declared with a NULL ->parse() function so that
9803 * the config parser can report an appropriate error when a known keyword was
9804 * not enabled.
9805 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009806static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009807 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009808 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9809 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9810 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009811#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009812 { "ciphersuites", ssl_bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9813#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009814 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01009815 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009816 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009817 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009818 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02009819 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
9820 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009821 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
9822 { NULL, NULL, 0 },
9823};
9824
Willy Tarreau0108d902018-11-25 19:14:37 +01009825/* no initcall for ssl_bind_kws, these ones are parsed in the parser loop */
9826
Willy Tarreau51fb7652012-09-18 18:24:39 +02009827static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009828 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009829 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9830 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9831 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
9832 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
9833 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
9834 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009835#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009836 { "ciphersuites", bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9837#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009838 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
9839 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
9840 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
9841 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
9842 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
9843 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
9844 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
9845 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
9846 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
9847 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009848 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009849 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009850 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009851 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
9852 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
9853 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
9854 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009855 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009856 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
9857 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009858 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
9859 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009860 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
9861 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
9862 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
9863 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
9864 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009865 { NULL, NULL, 0 },
9866}};
Emeric Brun46591952012-05-18 15:47:34 +02009867
Willy Tarreau0108d902018-11-25 19:14:37 +01009868INITCALL1(STG_REGISTER, bind_register_keywords, &bind_kws);
9869
Willy Tarreau92faadf2012-10-10 23:04:25 +02009870/* Note: must not be declared <const> as its list will be overwritten.
9871 * Please take care of keeping this list alphabetically sorted, doing so helps
9872 * all code contributors.
9873 * Optional keywords are also declared with a NULL ->parse() function so that
9874 * the config parser can report an appropriate error when a known keyword was
9875 * not enabled.
9876 */
9877static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +01009878 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Olivier Houchardc7566002018-11-20 23:33:50 +01009879 { "alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009880 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard92150142018-12-21 19:47:01 +01009881 { "check-alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN used for checks */
Olivier Houchard9130a962017-10-17 17:33:43 +02009882 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009883 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
9884 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009885#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009886 { "ciphersuites", srv_parse_ciphersuites, 1, 1 }, /* select the cipher suite */
9887#endif
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009888 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
9889 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
9890 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
9891 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
9892 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
9893 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
9894 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
9895 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
9896 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
9897 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
9898 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
9899 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
9900 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
9901 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
9902 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
9903 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
9904 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
9905 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
Olivier Houchardc7566002018-11-20 23:33:50 +01009906 { "npn", srv_parse_npn, 1, 1 }, /* Set NPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009907 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
9908 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
9909 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
9910 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
9911 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
9912 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
9913 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
9914 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
9915 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
9916 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +02009917 { NULL, NULL, 0, 0 },
9918}};
9919
Willy Tarreau0108d902018-11-25 19:14:37 +01009920INITCALL1(STG_REGISTER, srv_register_keywords, &srv_kws);
9921
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009922static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009923 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
9924 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009925 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009926 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
9927 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +01009928#ifndef OPENSSL_NO_DH
9929 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
9930#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009931 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009932#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009933 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009934#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +01009935 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
9936#ifndef OPENSSL_NO_DH
9937 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
9938#endif
9939 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
9940 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
9941 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
9942 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009943 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +01009944 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
9945 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009946#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009947 { CFG_GLOBAL, "ssl-default-bind-ciphersuites", ssl_parse_global_ciphersuites },
9948 { CFG_GLOBAL, "ssl-default-server-ciphersuites", ssl_parse_global_ciphersuites },
9949#endif
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009950 { 0, NULL, NULL },
9951}};
9952
Willy Tarreau0108d902018-11-25 19:14:37 +01009953INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws);
9954
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009955/* Note: must not be declared <const> as its list will be overwritten */
9956static struct sample_conv_kw_list conv_kws = {ILH, {
Willy Tarreau86a394e2019-05-09 14:15:32 +02009957#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009958 { "aes_gcm_dec", sample_conv_aes_gcm_dec, ARG4(4,SINT,STR,STR,STR), check_aes_gcm, SMP_T_BIN, SMP_T_BIN },
9959#endif
9960 { NULL, NULL, 0, 0, 0 },
9961}};
9962
9963INITCALL1(STG_REGISTER, sample_register_convs, &conv_kws);
9964
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02009965/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +01009966static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +02009967 .snd_buf = ssl_sock_from_buf,
9968 .rcv_buf = ssl_sock_to_buf,
Olivier Houcharddf357842019-03-21 16:30:07 +01009969 .subscribe = ssl_subscribe,
9970 .unsubscribe = ssl_unsubscribe,
Olivier Houchard5149b592019-05-23 17:47:36 +02009971 .remove_xprt = ssl_remove_xprt,
Olivier Houchard2e055482019-05-27 19:50:12 +02009972 .add_xprt = ssl_add_xprt,
Emeric Brun46591952012-05-18 15:47:34 +02009973 .rcv_pipe = NULL,
9974 .snd_pipe = NULL,
9975 .shutr = NULL,
9976 .shutw = ssl_sock_shutw,
9977 .close = ssl_sock_close,
9978 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +01009979 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +01009980 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +01009981 .prepare_srv = ssl_sock_prepare_srv_ctx,
9982 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +01009983 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +01009984 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +02009985};
9986
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009987enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
9988 struct session *sess, struct stream *s, int flags)
9989{
9990 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009991 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009992
9993 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009994 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009995
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009996 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009997 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009998 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009999 s->req.flags |= CF_READ_NULL;
10000 return ACT_RET_YIELD;
10001 }
10002 }
10003 return (ACT_RET_CONT);
10004}
10005
10006static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
10007{
10008 rule->action_ptr = ssl_action_wait_for_hs;
10009
10010 return ACT_RET_PRS_OK;
10011}
10012
10013static struct action_kw_list http_req_actions = {ILH, {
10014 { "wait-for-handshake", ssl_parse_wait_for_hs },
10015 { /* END */ }
10016}};
10017
Willy Tarreau0108d902018-11-25 19:14:37 +010010018INITCALL1(STG_REGISTER, http_req_keywords_register, &http_req_actions);
10019
Willy Tarreau5db847a2019-05-09 14:13:35 +020010020#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010010021
10022static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
10023{
10024 if (ptr) {
10025 chunk_destroy(ptr);
10026 free(ptr);
10027 }
10028}
10029
10030#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +010010031static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
10032{
Willy Tarreaubafbe012017-11-24 17:34:44 +010010033 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +010010034}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010010035
Emeric Brun46591952012-05-18 15:47:34 +020010036__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +020010037static void __ssl_sock_init(void)
10038{
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010039#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +020010040 STACK_OF(SSL_COMP)* cm;
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050010041 int n;
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010042#endif
Emeric Brun46591952012-05-18 15:47:34 +020010043
Willy Tarreauef934602016-12-22 23:12:01 +010010044 if (global_ssl.listen_default_ciphers)
10045 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
10046 if (global_ssl.connect_default_ciphers)
10047 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010048#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020010049 if (global_ssl.listen_default_ciphersuites)
10050 global_ssl.listen_default_ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
10051 if (global_ssl.connect_default_ciphersuites)
10052 global_ssl.connect_default_ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
10053#endif
Willy Tarreau610f04b2014-02-13 11:36:41 +010010054
Willy Tarreau13e14102016-12-22 20:25:26 +010010055 xprt_register(XPRT_SSL, &ssl_sock);
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010056#if HA_OPENSSL_VERSION_NUMBER < 0x10100000L
Emeric Brun46591952012-05-18 15:47:34 +020010057 SSL_library_init();
Rosen Penev68185952018-12-14 08:47:02 -080010058#endif
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010059#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +020010060 cm = SSL_COMP_get_compression_methods();
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050010061 n = sk_SSL_COMP_num(cm);
10062 while (n--) {
10063 (void) sk_SSL_COMP_pop(cm);
10064 }
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010065#endif
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050010066
Willy Tarreau5db847a2019-05-09 14:13:35 +020010067#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Emeric Brun821bb9b2017-06-15 16:37:39 +020010068 ssl_locking_init();
10069#endif
Willy Tarreau5db847a2019-05-09 14:13:35 +020010070#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010010071 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
10072#endif
Thierry FOURNIER28962c92018-06-17 21:37:05 +020010073 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +020010074 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +010010075 ssl_pkey_info_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010076#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000010077 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000010078 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010079#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +010010080#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
10081 hap_register_post_check(tlskeys_finalize_config);
10082#endif
Willy Tarreau80713382018-11-26 10:19:54 +010010083
10084 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
10085 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
10086
10087#ifndef OPENSSL_NO_DH
10088 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
10089 hap_register_post_deinit(ssl_free_dh);
10090#endif
10091#ifndef OPENSSL_NO_ENGINE
10092 hap_register_post_deinit(ssl_free_engines);
10093#endif
10094 /* Load SSL string for the verbose & debug mode. */
10095 ERR_load_SSL_strings();
Olivier Houcharda8955d52019-04-07 22:00:38 +020010096 ha_meth = BIO_meth_new(0x666, "ha methods");
10097 BIO_meth_set_write(ha_meth, ha_ssl_write);
10098 BIO_meth_set_read(ha_meth, ha_ssl_read);
10099 BIO_meth_set_ctrl(ha_meth, ha_ssl_ctrl);
10100 BIO_meth_set_create(ha_meth, ha_ssl_new);
10101 BIO_meth_set_destroy(ha_meth, ha_ssl_free);
10102 BIO_meth_set_puts(ha_meth, ha_ssl_puts);
10103 BIO_meth_set_gets(ha_meth, ha_ssl_gets);
Willy Tarreau80713382018-11-26 10:19:54 +010010104}
Willy Tarreaud92aa5c2015-01-15 21:34:39 +010010105
Willy Tarreau80713382018-11-26 10:19:54 +010010106/* Compute and register the version string */
10107static void ssl_register_build_options()
10108{
10109 char *ptr = NULL;
10110 int i;
10111
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010112 memprintf(&ptr, "Built with OpenSSL version : "
10113#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010010114 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010115#else /* OPENSSL_IS_BORINGSSL */
10116 OPENSSL_VERSION_TEXT
10117 "\nRunning on OpenSSL version : %s%s",
Rosen Penev68185952018-12-14 08:47:02 -080010118 OpenSSL_version(OPENSSL_VERSION),
Willy Tarreau1d158ab2019-05-09 13:41:45 +020010119 ((OPENSSL_VERSION_NUMBER ^ OpenSSL_version_num()) >> 8) ? " (VERSIONS DIFFER!)" : "");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010120#endif
10121 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010122#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010123 "no (library version too old)"
10124#elif defined(OPENSSL_NO_TLSEXT)
10125 "no (disabled via OPENSSL_NO_TLSEXT)"
10126#else
10127 "yes"
10128#endif
10129 "", ptr);
10130
10131 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
10132#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
10133 "yes"
10134#else
10135#ifdef OPENSSL_NO_TLSEXT
10136 "no (because of OPENSSL_NO_TLSEXT)"
10137#else
10138 "no (version might be too old, 0.9.8f min needed)"
10139#endif
10140#endif
10141 "", ptr);
10142
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +020010143 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
10144 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
10145 if (methodVersions[i].option)
10146 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010010147
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010148 hap_register_build_opts(ptr, 1);
Willy Tarreau80713382018-11-26 10:19:54 +010010149}
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010150
Willy Tarreau80713382018-11-26 10:19:54 +010010151INITCALL0(STG_REGISTER, ssl_register_build_options);
Remi Gacogne4f902b82015-05-28 16:23:00 +020010152
Emeric Brun46591952012-05-18 15:47:34 +020010153
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010154#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000010155void ssl_free_engines(void) {
10156 struct ssl_engine_list *wl, *wlb;
10157 /* free up engine list */
10158 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
10159 ENGINE_finish(wl->e);
10160 ENGINE_free(wl->e);
10161 LIST_DEL(&wl->list);
10162 free(wl);
10163 }
10164}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010165#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +020010166
Remi Gacogned3a23c32015-05-28 16:39:47 +020010167#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +000010168void ssl_free_dh(void) {
10169 if (local_dh_1024) {
10170 DH_free(local_dh_1024);
10171 local_dh_1024 = NULL;
10172 }
10173 if (local_dh_2048) {
10174 DH_free(local_dh_2048);
10175 local_dh_2048 = NULL;
10176 }
10177 if (local_dh_4096) {
10178 DH_free(local_dh_4096);
10179 local_dh_4096 = NULL;
10180 }
Remi Gacogne47783ef2015-05-29 15:53:22 +020010181 if (global_dh) {
10182 DH_free(global_dh);
10183 global_dh = NULL;
10184 }
Grant Zhang872f9c22017-01-21 01:10:18 +000010185}
10186#endif
10187
10188__attribute__((destructor))
10189static void __ssl_sock_deinit(void)
10190{
10191#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +020010192 if (ssl_ctx_lru_tree) {
10193 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +010010194 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +020010195 }
Remi Gacogned3a23c32015-05-28 16:39:47 +020010196#endif
10197
Willy Tarreau5db847a2019-05-09 14:13:35 +020010198#if (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020010199 ERR_remove_state(0);
10200 ERR_free_strings();
10201
10202 EVP_cleanup();
Rosen Penev68185952018-12-14 08:47:02 -080010203#endif
Remi Gacogned3a23c32015-05-28 16:39:47 +020010204
Willy Tarreau5db847a2019-05-09 14:13:35 +020010205#if (HA_OPENSSL_VERSION_NUMBER >= 0x00907000L) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020010206 CRYPTO_cleanup_all_ex_data();
10207#endif
Olivier Houcharda8955d52019-04-07 22:00:38 +020010208 BIO_meth_free(ha_meth);
Remi Gacogned3a23c32015-05-28 16:39:47 +020010209}
10210
10211
Emeric Brun46591952012-05-18 15:47:34 +020010212/*
10213 * Local variables:
10214 * c-indent-level: 8
10215 * c-basic-offset: 8
10216 * End:
10217 */