blob: c11acb3b719504fa958a237a06de19adaeb23c19 [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
26#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020027#include <ctype.h>
28#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020029#include <errno.h>
30#include <fcntl.h>
31#include <stdio.h>
32#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020033#include <string.h>
34#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020035
36#include <sys/socket.h>
37#include <sys/stat.h>
38#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020039#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020040#include <netinet/tcp.h>
41
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +020042#include <openssl/crypto.h>
Emeric Brun46591952012-05-18 15:47:34 +020043#include <openssl/ssl.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020044#include <openssl/x509.h>
45#include <openssl/x509v3.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020046#include <openssl/err.h>
Thierry Fournier383085f2013-01-24 14:15:43 +010047#include <openssl/rand.h>
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +020048#include <openssl/hmac.h>
Lukas Tribuse4e30f72014-12-09 16:32:51 +010049#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +020050#include <openssl/ocsp.h>
51#endif
Remi Gacogne4f902b82015-05-28 16:23:00 +020052#ifndef OPENSSL_NO_DH
53#include <openssl/dh.h>
54#endif
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020055#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000056#include <openssl/engine.h>
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020057#endif
Emeric Brun46591952012-05-18 15:47:34 +020058
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +020059#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000060#include <openssl/async.h>
61#endif
62
Christopher Faulet31af49d2015-06-09 17:29:50 +020063#include <import/lru.h>
64#include <import/xxhash.h>
65
Emeric Brun46591952012-05-18 15:47:34 +020066#include <common/buffer.h>
Willy Tarreau843b7cb2018-07-13 10:54:26 +020067#include <common/chunk.h>
Emeric Brun46591952012-05-18 15:47:34 +020068#include <common/compat.h>
69#include <common/config.h>
70#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020071#include <common/errors.h>
Emeric Brun46591952012-05-18 15:47:34 +020072#include <common/standard.h>
73#include <common/ticks.h>
74#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010075#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010076#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020077
Emeric Brunfc0421f2012-09-07 17:30:07 +020078#include <ebsttree.h>
79
William Lallemand32af2032016-10-29 18:09:35 +020080#include <types/applet.h>
81#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020082#include <types/global.h>
83#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +020084#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020085
Willy Tarreau7875d092012-09-10 08:20:03 +020086#include <proto/acl.h>
87#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +020088#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +020089#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +020090#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +020091#include <proto/fd.h>
92#include <proto/freq_ctr.h>
93#include <proto/frontend.h>
Willy Tarreau61c112a2018-10-02 16:43:32 +020094#include <proto/http_rules.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020095#include <proto/listener.h>
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +020096#include <proto/openssl-compat.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010097#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020098#include <proto/proto_tcp.h>
Olivier Houchardccaa7de2017-10-02 11:51:03 +020099#include <proto/proto_http.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +0200100#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +0200101#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +0200102#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +0200103#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +0200104#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +0200105#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +0200106#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +0200107#include <proto/task.h>
108
Willy Tarreau518cedd2014-02-17 15:43:01 +0100109/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200110#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100111#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100112#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200113#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
114
Emeric Brunf282a812012-09-21 15:27:54 +0200115/* bits 0xFFFF0000 are reserved to store verify errors */
116
117/* Verify errors macros */
118#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
119#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
120#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
121
122#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
123#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
124#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200125
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100126/* Supported hash function for TLS tickets */
127#ifdef OPENSSL_NO_SHA256
128#define HASH_FUNCT EVP_sha1
129#else
130#define HASH_FUNCT EVP_sha256
131#endif /* OPENSSL_NO_SHA256 */
132
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200133/* ssl_methods flags for ssl options */
134#define MC_SSL_O_ALL 0x0000
135#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
136#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
137#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
138#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200139#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200140
141/* ssl_methods versions */
142enum {
143 CONF_TLSV_NONE = 0,
144 CONF_TLSV_MIN = 1,
145 CONF_SSLV3 = 1,
146 CONF_TLSV10 = 2,
147 CONF_TLSV11 = 3,
148 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200149 CONF_TLSV13 = 5,
150 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200151};
152
Emeric Brun850efd52014-01-29 12:24:34 +0100153/* server and bind verify method, it uses a global value as default */
154enum {
155 SSL_SOCK_VERIFY_DEFAULT = 0,
156 SSL_SOCK_VERIFY_REQUIRED = 1,
157 SSL_SOCK_VERIFY_OPTIONAL = 2,
158 SSL_SOCK_VERIFY_NONE = 3,
159};
160
William Lallemand3f85c9a2017-10-09 16:30:50 +0200161
Willy Tarreau71b734c2014-01-28 15:19:44 +0100162int sslconns = 0;
163int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100164static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100165int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200166
Willy Tarreauef934602016-12-22 23:12:01 +0100167static struct {
168 char *crt_base; /* base directory path for certificates */
169 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000170 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100171
172 char *listen_default_ciphers;
173 char *connect_default_ciphers;
174 int listen_default_ssloptions;
175 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200176 struct tls_version_filter listen_default_sslmethods;
177 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100178
179 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
180 unsigned int life_time; /* SSL session lifetime in seconds */
181 unsigned int max_record; /* SSL max record size */
182 unsigned int default_dh_param; /* SSL maximum DH parameter size */
183 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100184 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100185} global_ssl = {
186#ifdef LISTEN_DEFAULT_CIPHERS
187 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
188#endif
189#ifdef CONNECT_DEFAULT_CIPHERS
190 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
191#endif
192 .listen_default_ssloptions = BC_SSL_O_NONE,
193 .connect_default_ssloptions = SRV_SSL_O_NONE,
194
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200195 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
196 .listen_default_sslmethods.min = CONF_TLSV_NONE,
197 .listen_default_sslmethods.max = CONF_TLSV_NONE,
198 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
199 .connect_default_sslmethods.min = CONF_TLSV_NONE,
200 .connect_default_sslmethods.max = CONF_TLSV_NONE,
201
Willy Tarreauef934602016-12-22 23:12:01 +0100202#ifdef DEFAULT_SSL_MAX_RECORD
203 .max_record = DEFAULT_SSL_MAX_RECORD,
204#endif
205 .default_dh_param = SSL_DEFAULT_DH_PARAM,
206 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100207 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100208};
209
Emeric Brun821bb9b2017-06-15 16:37:39 +0200210#ifdef USE_THREAD
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100211
Emeric Brun821bb9b2017-06-15 16:37:39 +0200212static HA_RWLOCK_T *ssl_rwlocks;
213
214
215unsigned long ssl_id_function(void)
216{
217 return (unsigned long)tid;
218}
219
220void ssl_locking_function(int mode, int n, const char * file, int line)
221{
222 if (mode & CRYPTO_LOCK) {
223 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100224 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200225 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100226 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200227 }
228 else {
229 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100230 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200231 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100232 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200233 }
234}
235
236static int ssl_locking_init(void)
237{
238 int i;
239
240 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
241 if (!ssl_rwlocks)
242 return -1;
243
244 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100245 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200246
247 CRYPTO_set_id_callback(ssl_id_function);
248 CRYPTO_set_locking_callback(ssl_locking_function);
249
250 return 0;
251}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100252
Emeric Brun821bb9b2017-06-15 16:37:39 +0200253#endif
254
255
256
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100257/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100258struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100259 unsigned long long int xxh64;
260 unsigned char ciphersuite_len;
261 char ciphersuite[0];
262};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100263struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100264static int ssl_capture_ptr_index = -1;
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200265static int ssl_app_data_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100266
Emmanuel Hocdet96b78342017-10-31 15:46:07 +0100267static int ssl_pkey_info_index = -1;
268
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200269#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
270struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
271#endif
272
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200273#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000274static unsigned int openssl_engines_initialized;
275struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
276struct ssl_engine_list {
277 struct list list;
278 ENGINE *e;
279};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200280#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000281
Remi Gacogne8de54152014-07-15 11:36:40 +0200282#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200283static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200284static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200285static DH *local_dh_1024 = NULL;
286static DH *local_dh_2048 = NULL;
287static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100288static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200289#endif /* OPENSSL_NO_DH */
290
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100291#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200292/* X509V3 Extensions that will be added on generated certificates */
293#define X509V3_EXT_SIZE 5
294static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
295 "basicConstraints",
296 "nsComment",
297 "subjectKeyIdentifier",
298 "authorityKeyIdentifier",
299 "keyUsage",
300};
301static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
302 "CA:FALSE",
303 "\"OpenSSL Generated Certificate\"",
304 "hash",
305 "keyid,issuer:always",
306 "nonRepudiation,digitalSignature,keyEncipherment"
307};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200308/* LRU cache to store generated certificate */
309static struct lru64_head *ssl_ctx_lru_tree = NULL;
310static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200311static unsigned int ssl_ctx_serial;
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100312__decl_hathreads(static HA_RWLOCK_T ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200313
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200314#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
315
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100316static struct ssl_bind_kw ssl_bind_kws[];
317
yanbzhube2774d2015-12-10 15:07:30 -0500318#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
319/* The order here matters for picking a default context,
320 * keep the most common keytype at the bottom of the list
321 */
322const char *SSL_SOCK_KEYTYPE_NAMES[] = {
323 "dsa",
324 "ecdsa",
325 "rsa"
326};
327#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100328#else
329#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500330#endif
331
William Lallemandc3cd35f2017-11-28 11:04:43 +0100332static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100333static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
334
335#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
336
337#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
338 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
339
340#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
341 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200342
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100343/*
344 * This function gives the detail of the SSL error. It is used only
345 * if the debug mode and the verbose mode are activated. It dump all
346 * the SSL error until the stack was empty.
347 */
348static forceinline void ssl_sock_dump_errors(struct connection *conn)
349{
350 unsigned long ret;
351
352 if (unlikely(global.mode & MODE_DEBUG)) {
353 while(1) {
354 ret = ERR_get_error();
355 if (ret == 0)
356 return;
357 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200358 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100359 ERR_func_error_string(ret), ERR_reason_error_string(ret));
360 }
361 }
362}
363
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200364#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
yanbzhube2774d2015-12-10 15:07:30 -0500365/*
366 * struct alignment works here such that the key.key is the same as key_data
367 * Do not change the placement of key_data
368 */
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200369struct certificate_ocsp {
370 struct ebmb_node key;
371 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
Willy Tarreau83061a82018-07-13 11:56:34 +0200372 struct buffer response;
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200373 long expire;
374};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200375
yanbzhube2774d2015-12-10 15:07:30 -0500376struct ocsp_cbk_arg {
377 int is_single;
378 int single_kt;
379 union {
380 struct certificate_ocsp *s_ocsp;
381 /*
382 * m_ocsp will have multiple entries dependent on key type
383 * Entry 0 - DSA
384 * Entry 1 - ECDSA
385 * Entry 2 - RSA
386 */
387 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
388 };
389};
390
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200391#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000392static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
393{
394 int err_code = ERR_ABORT;
395 ENGINE *engine;
396 struct ssl_engine_list *el;
397
398 /* grab the structural reference to the engine */
399 engine = ENGINE_by_id(engine_id);
400 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100401 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000402 goto fail_get;
403 }
404
405 if (!ENGINE_init(engine)) {
406 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100407 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000408 goto fail_init;
409 }
410
411 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100412 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000413 goto fail_set_method;
414 }
415
416 el = calloc(1, sizeof(*el));
417 el->e = engine;
418 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100419 nb_engines++;
420 if (global_ssl.async)
421 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000422 return 0;
423
424fail_set_method:
425 /* release the functional reference from ENGINE_init() */
426 ENGINE_finish(engine);
427
428fail_init:
429 /* release the structural reference from ENGINE_by_id() */
430 ENGINE_free(engine);
431
432fail_get:
433 return err_code;
434}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200435#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000436
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +0200437#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200438/*
439 * openssl async fd handler
440 */
441static void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000442{
443 struct connection *conn = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000444
Emeric Brun3854e012017-05-17 20:42:48 +0200445 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000446 * to poll this fd until it is requested
447 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000448 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000449 fd_cant_recv(fd);
450
451 /* crypto engine is available, let's notify the associated
452 * connection that it can pursue its processing.
453 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000454 __conn_sock_want_recv(conn);
455 __conn_sock_want_send(conn);
456 conn_update_sock_polling(conn);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000457}
458
Emeric Brun3854e012017-05-17 20:42:48 +0200459/*
460 * openssl async delayed SSL_free handler
461 */
462static void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000463{
464 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200465 OSSL_ASYNC_FD all_fd[32];
466 size_t num_all_fds = 0;
467 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000468
Emeric Brun3854e012017-05-17 20:42:48 +0200469 /* We suppose that the async job for a same SSL *
470 * are serialized. So if we are awake it is
471 * because the running job has just finished
472 * and we can remove all async fds safely
473 */
474 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
475 if (num_all_fds > 32) {
476 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
477 return;
478 }
479
480 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
481 for (i=0 ; i < num_all_fds ; i++)
482 fd_remove(all_fd[i]);
483
484 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000485 SSL_free(ssl);
486 sslconns--;
Christopher Faulet8d8aa0d2017-05-30 15:36:50 +0200487 HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000488}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000489/*
Emeric Brun3854e012017-05-17 20:42:48 +0200490 * function used to manage a returned SSL_ERROR_WANT_ASYNC
491 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000492 */
Emeric Brun3854e012017-05-17 20:42:48 +0200493static void inline ssl_async_process_fds(struct connection *conn, SSL *ssl)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000494{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100495 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200496 OSSL_ASYNC_FD del_fd[32];
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000497 size_t num_add_fds = 0;
498 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200499 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000500
501 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
502 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200503 if (num_add_fds > 32 || num_del_fds > 32) {
504 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000505 return;
506 }
507
Emeric Brun3854e012017-05-17 20:42:48 +0200508 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000509
Emeric Brun3854e012017-05-17 20:42:48 +0200510 /* We remove unused fds from the fdtab */
511 for (i=0 ; i < num_del_fds ; i++)
512 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000513
Emeric Brun3854e012017-05-17 20:42:48 +0200514 /* We add new fds to the fdtab */
515 for (i=0 ; i < num_add_fds ; i++) {
Willy Tarreaua9786b62018-01-25 07:22:13 +0100516 fd_insert(add_fd[i], conn, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000517 }
518
Emeric Brun3854e012017-05-17 20:42:48 +0200519 num_add_fds = 0;
520 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
521 if (num_add_fds > 32) {
522 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
523 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000524 }
Emeric Brun3854e012017-05-17 20:42:48 +0200525
526 /* We activate the polling for all known async fds */
527 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000528 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200529 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000530 /* To ensure that the fd cache won't be used
531 * We'll prefer to catch a real RD event
532 * because handling an EAGAIN on this fd will
533 * result in a context switch and also
534 * some engines uses a fd in blocking mode.
535 */
536 fd_cant_recv(add_fd[i]);
537 }
Emeric Brun3854e012017-05-17 20:42:48 +0200538
539 /* We must also prevent the conn_handler
540 * to be called until a read event was
541 * polled on an async fd
542 */
543 __conn_sock_stop_both(conn);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000544}
545#endif
546
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200547/*
548 * This function returns the number of seconds elapsed
549 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
550 * date presented un ASN1_GENERALIZEDTIME.
551 *
552 * In parsing error case, it returns -1.
553 */
554static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
555{
556 long epoch;
557 char *p, *end;
558 const unsigned short month_offset[12] = {
559 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
560 };
561 int year, month;
562
563 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
564
565 p = (char *)d->data;
566 end = p + d->length;
567
568 if (end - p < 4) return -1;
569 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
570 p += 4;
571 if (end - p < 2) return -1;
572 month = 10 * (p[0] - '0') + p[1] - '0';
573 if (month < 1 || month > 12) return -1;
574 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
575 We consider leap years and the current month (<marsh or not) */
576 epoch = ( ((year - 1970) * 365)
577 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
578 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
579 + month_offset[month-1]
580 ) * 24 * 60 * 60;
581 p += 2;
582 if (end - p < 2) return -1;
583 /* Add the number of seconds of completed days of current month */
584 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
585 p += 2;
586 if (end - p < 2) return -1;
587 /* Add the completed hours of the current day */
588 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
589 p += 2;
590 if (end - p < 2) return -1;
591 /* Add the completed minutes of the current hour */
592 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
593 p += 2;
594 if (p == end) return -1;
595 /* Test if there is available seconds */
596 if (p[0] < '0' || p[0] > '9')
597 goto nosec;
598 if (end - p < 2) return -1;
599 /* Add the seconds of the current minute */
600 epoch += 10 * (p[0] - '0') + p[1] - '0';
601 p += 2;
602 if (p == end) return -1;
603 /* Ignore seconds float part if present */
604 if (p[0] == '.') {
605 do {
606 if (++p == end) return -1;
607 } while (p[0] >= '0' && p[0] <= '9');
608 }
609
610nosec:
611 if (p[0] == 'Z') {
612 if (end - p != 1) return -1;
613 return epoch;
614 }
615 else if (p[0] == '+') {
616 if (end - p != 5) return -1;
617 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700618 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200619 }
620 else if (p[0] == '-') {
621 if (end - p != 5) return -1;
622 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700623 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200624 }
625
626 return -1;
627}
628
Emeric Brun1d3865b2014-06-20 15:37:32 +0200629static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200630
631/* This function starts to check if the OCSP response (in DER format) contained
632 * in chunk 'ocsp_response' is valid (else exits on error).
633 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
634 * contained in the OCSP Response and exits on error if no match.
635 * If it's a valid OCSP Response:
636 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
637 * pointed by 'ocsp'.
638 * If 'ocsp' is NULL, the function looks up into the OCSP response's
639 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
640 * from the response) and exits on error if not found. Finally, If an OCSP response is
641 * already present in the container, it will be overwritten.
642 *
643 * Note: OCSP response containing more than one OCSP Single response is not
644 * considered valid.
645 *
646 * Returns 0 on success, 1 in error case.
647 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200648static int ssl_sock_load_ocsp_response(struct buffer *ocsp_response,
649 struct certificate_ocsp *ocsp,
650 OCSP_CERTID *cid, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200651{
652 OCSP_RESPONSE *resp;
653 OCSP_BASICRESP *bs = NULL;
654 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200655 OCSP_CERTID *id;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200656 unsigned char *p = (unsigned char *) ocsp_response->area;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200657 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200658 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200659 int reason;
660 int ret = 1;
661
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200662 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p,
663 ocsp_response->data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200664 if (!resp) {
665 memprintf(err, "Unable to parse OCSP response");
666 goto out;
667 }
668
669 rc = OCSP_response_status(resp);
670 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
671 memprintf(err, "OCSP response status not successful");
672 goto out;
673 }
674
675 bs = OCSP_response_get1_basic(resp);
676 if (!bs) {
677 memprintf(err, "Failed to get basic response from OCSP Response");
678 goto out;
679 }
680
681 count_sr = OCSP_resp_count(bs);
682 if (count_sr > 1) {
683 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
684 goto out;
685 }
686
687 sr = OCSP_resp_get0(bs, 0);
688 if (!sr) {
689 memprintf(err, "Failed to get OCSP single response");
690 goto out;
691 }
692
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200693 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
694
Emeric Brun4147b2e2014-06-16 18:36:30 +0200695 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200696 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200697 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200698 goto out;
699 }
700
Emeric Brun13a6b482014-06-20 15:44:34 +0200701 if (!nextupd) {
702 memprintf(err, "OCSP single response: missing nextupdate");
703 goto out;
704 }
705
Emeric Brunc8b27b62014-06-19 14:16:17 +0200706 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200707 if (!rc) {
708 memprintf(err, "OCSP single response: no longer valid.");
709 goto out;
710 }
711
712 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200713 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200714 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
715 goto out;
716 }
717 }
718
719 if (!ocsp) {
720 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
721 unsigned char *p;
722
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200723 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200724 if (!rc) {
725 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
726 goto out;
727 }
728
729 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
730 memprintf(err, "OCSP single response: Certificate ID too long");
731 goto out;
732 }
733
734 p = key;
735 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200736 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200737 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
738 if (!ocsp) {
739 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
740 goto out;
741 }
742 }
743
744 /* According to comments on "chunk_dup", the
745 previous chunk buffer will be freed */
746 if (!chunk_dup(&ocsp->response, ocsp_response)) {
747 memprintf(err, "OCSP response: Memory allocation error");
748 goto out;
749 }
750
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200751 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
752
Emeric Brun4147b2e2014-06-16 18:36:30 +0200753 ret = 0;
754out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +0100755 ERR_clear_error();
756
Emeric Brun4147b2e2014-06-16 18:36:30 +0200757 if (bs)
758 OCSP_BASICRESP_free(bs);
759
760 if (resp)
761 OCSP_RESPONSE_free(resp);
762
763 return ret;
764}
765/*
766 * External function use to update the OCSP response in the OCSP response's
767 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
768 * to update in DER format.
769 *
770 * Returns 0 on success, 1 in error case.
771 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200772int ssl_sock_update_ocsp_response(struct buffer *ocsp_response, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200773{
774 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
775}
776
777/*
778 * This function load the OCSP Resonse in DER format contained in file at
779 * path 'ocsp_path' and call 'ssl_sock_load_ocsp_response'
780 *
781 * Returns 0 on success, 1 in error case.
782 */
783static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
784{
785 int fd = -1;
786 int r = 0;
787 int ret = 1;
788
789 fd = open(ocsp_path, O_RDONLY);
790 if (fd == -1) {
791 memprintf(err, "Error opening OCSP response file");
792 goto end;
793 }
794
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200795 trash.data = 0;
796 while (trash.data < trash.size) {
797 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200798 if (r < 0) {
799 if (errno == EINTR)
800 continue;
801
802 memprintf(err, "Error reading OCSP response from file");
803 goto end;
804 }
805 else if (r == 0) {
806 break;
807 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200808 trash.data += r;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200809 }
810
811 close(fd);
812 fd = -1;
813
814 ret = ssl_sock_load_ocsp_response(&trash, ocsp, cid, err);
815end:
816 if (fd != -1)
817 close(fd);
818
819 return ret;
820}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100821#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +0200822
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100823#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
824static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
825{
Christopher Faulet16f45c82018-02-16 11:23:49 +0100826 struct tls_keys_ref *ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100827 struct tls_sess_key *keys;
828 struct connection *conn;
829 int head;
830 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100831 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100832
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200833 conn = SSL_get_ex_data(s, ssl_app_data_index);
Willy Tarreau07d94e42018-09-20 10:57:52 +0200834 ref = __objt_listener(conn->target)->bind_conf->keys_ref;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100835 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
836
837 keys = ref->tlskeys;
838 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100839
840 if (enc) {
841 memcpy(key_name, keys[head].name, 16);
842
843 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100844 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100845
846 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].aes_key, iv))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100847 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100848
849 HMAC_Init_ex(hctx, keys[head].hmac_key, 16, HASH_FUNCT(), NULL);
Christopher Faulet16f45c82018-02-16 11:23:49 +0100850 ret = 1;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100851 } else {
852 for (i = 0; i < TLS_TICKETS_NO; i++) {
853 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
854 goto found;
855 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100856 ret = 0;
857 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100858
Christopher Faulet16f45c82018-02-16 11:23:49 +0100859 found:
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100860 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].hmac_key, 16, HASH_FUNCT(), NULL);
861 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].aes_key, iv))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100862 goto end;
863
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100864 /* 2 for key renewal, 1 if current key is still valid */
Christopher Faulet16f45c82018-02-16 11:23:49 +0100865 ret = i ? 2 : 1;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100866 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100867 end:
868 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
869 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200870}
871
872struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
873{
874 struct tls_keys_ref *ref;
875
876 list_for_each_entry(ref, &tlskeys_reference, list)
877 if (ref->filename && strcmp(filename, ref->filename) == 0)
878 return ref;
879 return NULL;
880}
881
882struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
883{
884 struct tls_keys_ref *ref;
885
886 list_for_each_entry(ref, &tlskeys_reference, list)
887 if (ref->unique_id == unique_id)
888 return ref;
889 return NULL;
890}
891
Willy Tarreau83061a82018-07-13 11:56:34 +0200892void ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref,
893 struct buffer *tlskey)
Christopher Faulet16f45c82018-02-16 11:23:49 +0100894{
895 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200896 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)),
897 tlskey->area, tlskey->data);
Christopher Faulet16f45c82018-02-16 11:23:49 +0100898 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
899 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
900}
901
Willy Tarreau83061a82018-07-13 11:56:34 +0200902int ssl_sock_update_tlskey(char *filename, struct buffer *tlskey, char **err)
Christopher Faulet16f45c82018-02-16 11:23:49 +0100903{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200904 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
905
906 if(!ref) {
907 memprintf(err, "Unable to locate the referenced filename: %s", filename);
908 return 1;
909 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100910 ssl_sock_update_tlskey_ref(ref, tlskey);
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200911 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100912}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200913
914/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +0100915 * automatic ids. It's called just after the basic checks. It returns
916 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200917 */
Willy Tarreaud1c57502016-12-22 22:46:15 +0100918static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200919{
920 int i = 0;
921 struct tls_keys_ref *ref, *ref2, *ref3;
922 struct list tkr = LIST_HEAD_INIT(tkr);
923
924 list_for_each_entry(ref, &tlskeys_reference, list) {
925 if (ref->unique_id == -1) {
926 /* Look for the first free id. */
927 while (1) {
928 list_for_each_entry(ref2, &tlskeys_reference, list) {
929 if (ref2->unique_id == i) {
930 i++;
931 break;
932 }
933 }
934 if (&ref2->list == &tlskeys_reference)
935 break;
936 }
937
938 /* Uses the unique id and increment it for the next entry. */
939 ref->unique_id = i;
940 i++;
941 }
942 }
943
944 /* This sort the reference list by id. */
945 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
946 LIST_DEL(&ref->list);
947 list_for_each_entry(ref3, &tkr, list) {
948 if (ref->unique_id < ref3->unique_id) {
949 LIST_ADDQ(&ref3->list, &ref->list);
950 break;
951 }
952 }
953 if (&ref3->list == &tkr)
954 LIST_ADDQ(&tkr, &ref->list);
955 }
956
957 /* swap root */
958 LIST_ADD(&tkr, &tlskeys_reference);
959 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +0100960 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200961}
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100962#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
963
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100964#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -0500965int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
966{
967 switch (evp_keytype) {
968 case EVP_PKEY_RSA:
969 return 2;
970 case EVP_PKEY_DSA:
971 return 0;
972 case EVP_PKEY_EC:
973 return 1;
974 }
975
976 return -1;
977}
978
Emeric Brun4147b2e2014-06-16 18:36:30 +0200979/*
980 * Callback used to set OCSP status extension content in server hello.
981 */
982int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
983{
yanbzhube2774d2015-12-10 15:07:30 -0500984 struct certificate_ocsp *ocsp;
985 struct ocsp_cbk_arg *ocsp_arg;
986 char *ssl_buf;
987 EVP_PKEY *ssl_pkey;
988 int key_type;
989 int index;
990
Vincent Bernat3c2f2f22016-04-03 13:48:42 +0200991 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -0500992
993 ssl_pkey = SSL_get_privatekey(ssl);
994 if (!ssl_pkey)
995 return SSL_TLSEXT_ERR_NOACK;
996
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200997 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -0500998
999 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
1000 ocsp = ocsp_arg->s_ocsp;
1001 else {
1002 /* For multiple certs per context, we have to find the correct OCSP response based on
1003 * the certificate type
1004 */
1005 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
1006
1007 if (index < 0)
1008 return SSL_TLSEXT_ERR_NOACK;
1009
1010 ocsp = ocsp_arg->m_ocsp[index];
1011
1012 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001013
1014 if (!ocsp ||
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001015 !ocsp->response.area ||
1016 !ocsp->response.data ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001017 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001018 return SSL_TLSEXT_ERR_NOACK;
1019
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001020 ssl_buf = OPENSSL_malloc(ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001021 if (!ssl_buf)
1022 return SSL_TLSEXT_ERR_NOACK;
1023
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001024 memcpy(ssl_buf, ocsp->response.area, ocsp->response.data);
1025 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001026
1027 return SSL_TLSEXT_ERR_OK;
1028}
1029
1030/*
1031 * This function enables the handling of OCSP status extension on 'ctx' if a
1032 * file name 'cert_path' suffixed using ".ocsp" is present.
1033 * To enable OCSP status extension, the issuer's certificate is mandatory.
1034 * It should be present in the certificate's extra chain builded from file
1035 * 'cert_path'. If not found, the issuer certificate is loaded from a file
1036 * named 'cert_path' suffixed using '.issuer'.
1037 *
1038 * In addition, ".ocsp" file content is loaded as a DER format of an OCSP
1039 * response. If file is empty or content is not a valid OCSP response,
1040 * OCSP status extension is enabled but OCSP response is ignored (a warning
1041 * is displayed).
1042 *
1043 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
1044 * succesfully enabled, or -1 in other error case.
1045 */
1046static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
1047{
1048
1049 BIO *in = NULL;
1050 X509 *x, *xi = NULL, *issuer = NULL;
1051 STACK_OF(X509) *chain = NULL;
1052 OCSP_CERTID *cid = NULL;
1053 SSL *ssl;
1054 char ocsp_path[MAXPATHLEN+1];
1055 int i, ret = -1;
1056 struct stat st;
1057 struct certificate_ocsp *ocsp = NULL, *iocsp;
1058 char *warn = NULL;
1059 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001060 pem_password_cb *passwd_cb;
1061 void *passwd_cb_userdata;
1062 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001063
1064 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1065
1066 if (stat(ocsp_path, &st))
1067 return 1;
1068
1069 ssl = SSL_new(ctx);
1070 if (!ssl)
1071 goto out;
1072
1073 x = SSL_get_certificate(ssl);
1074 if (!x)
1075 goto out;
1076
1077 /* Try to lookup for issuer in certificate extra chain */
1078#ifdef SSL_CTRL_GET_EXTRA_CHAIN_CERTS
1079 SSL_CTX_get_extra_chain_certs(ctx, &chain);
1080#else
1081 chain = ctx->extra_certs;
1082#endif
1083 for (i = 0; i < sk_X509_num(chain); i++) {
1084 issuer = sk_X509_value(chain, i);
1085 if (X509_check_issued(issuer, x) == X509_V_OK)
1086 break;
1087 else
1088 issuer = NULL;
1089 }
1090
1091 /* If not found try to load issuer from a suffixed file */
1092 if (!issuer) {
1093 char issuer_path[MAXPATHLEN+1];
1094
1095 in = BIO_new(BIO_s_file());
1096 if (!in)
1097 goto out;
1098
1099 snprintf(issuer_path, MAXPATHLEN+1, "%s.issuer", cert_path);
1100 if (BIO_read_filename(in, issuer_path) <= 0)
1101 goto out;
1102
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001103 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
1104 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
1105
1106 xi = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001107 if (!xi)
1108 goto out;
1109
1110 if (X509_check_issued(xi, x) != X509_V_OK)
1111 goto out;
1112
1113 issuer = xi;
1114 }
1115
1116 cid = OCSP_cert_to_id(0, x, issuer);
1117 if (!cid)
1118 goto out;
1119
1120 i = i2d_OCSP_CERTID(cid, NULL);
1121 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1122 goto out;
1123
Vincent Bernat02779b62016-04-03 13:48:43 +02001124 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001125 if (!ocsp)
1126 goto out;
1127
1128 p = ocsp->key_data;
1129 i2d_OCSP_CERTID(cid, &p);
1130
1131 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1132 if (iocsp == ocsp)
1133 ocsp = NULL;
1134
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001135#ifndef SSL_CTX_get_tlsext_status_cb
1136# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1137 *cb = (void (*) (void))ctx->tlsext_status_cb;
1138#endif
1139 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1140
1141 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001142 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001143 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001144
1145 cb_arg->is_single = 1;
1146 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001147
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001148 pkey = X509_get_pubkey(x);
1149 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1150 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001151
1152 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1153 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1154 } else {
1155 /*
1156 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1157 * Update that cb_arg with the new cert's staple
1158 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001159 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001160 struct certificate_ocsp *tmp_ocsp;
1161 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001162 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001163 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001164
1165#ifdef SSL_CTX_get_tlsext_status_arg
1166 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1167#else
1168 cb_arg = ctx->tlsext_status_arg;
1169#endif
yanbzhube2774d2015-12-10 15:07:30 -05001170
1171 /*
1172 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1173 * the order of operations below matter, take care when changing it
1174 */
1175 tmp_ocsp = cb_arg->s_ocsp;
1176 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1177 cb_arg->s_ocsp = NULL;
1178 cb_arg->m_ocsp[index] = tmp_ocsp;
1179 cb_arg->is_single = 0;
1180 cb_arg->single_kt = 0;
1181
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001182 pkey = X509_get_pubkey(x);
1183 key_type = EVP_PKEY_base_id(pkey);
1184 EVP_PKEY_free(pkey);
1185
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001186 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001187 if (index >= 0 && !cb_arg->m_ocsp[index])
1188 cb_arg->m_ocsp[index] = iocsp;
1189
1190 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001191
1192 ret = 0;
1193
1194 warn = NULL;
1195 if (ssl_sock_load_ocsp_response_from_file(ocsp_path, iocsp, cid, &warn)) {
1196 memprintf(&warn, "Loading '%s': %s. Content will be ignored", ocsp_path, warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001197 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001198 }
1199
1200out:
1201 if (ssl)
1202 SSL_free(ssl);
1203
1204 if (in)
1205 BIO_free(in);
1206
1207 if (xi)
1208 X509_free(xi);
1209
1210 if (cid)
1211 OCSP_CERTID_free(cid);
1212
1213 if (ocsp)
1214 free(ocsp);
1215
1216 if (warn)
1217 free(warn);
1218
1219
1220 return ret;
1221}
1222
1223#endif
1224
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001225#ifdef OPENSSL_IS_BORINGSSL
1226static int ssl_sock_set_ocsp_response_from_file(SSL_CTX *ctx, const char *cert_path)
1227{
1228 char ocsp_path[MAXPATHLEN+1];
1229 struct stat st;
1230 int fd = -1, r = 0;
1231
1232 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1233 if (stat(ocsp_path, &st))
1234 return 0;
1235
1236 fd = open(ocsp_path, O_RDONLY);
1237 if (fd == -1) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01001238 ha_warning("Error opening OCSP response file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001239 return -1;
1240 }
1241
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001242 trash.data = 0;
1243 while (trash.data < trash.size) {
1244 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001245 if (r < 0) {
1246 if (errno == EINTR)
1247 continue;
Christopher Faulet767a84b2017-11-24 16:50:31 +01001248 ha_warning("Error reading OCSP response from file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001249 close(fd);
1250 return -1;
1251 }
1252 else if (r == 0) {
1253 break;
1254 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001255 trash.data += r;
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001256 }
1257 close(fd);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001258 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *) trash.area,
1259 trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001260}
1261#endif
1262
Daniel Jakots54ffb912015-11-06 20:02:41 +01001263#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001264
1265#define CT_EXTENSION_TYPE 18
1266
1267static int sctl_ex_index = -1;
1268
1269/*
1270 * Try to parse Signed Certificate Timestamp List structure. This function
1271 * makes only basic test if the data seems like SCTL. No signature validation
1272 * is performed.
1273 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001274static int ssl_sock_parse_sctl(struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001275{
1276 int ret = 1;
1277 int len, pos, sct_len;
1278 unsigned char *data;
1279
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001280 if (sctl->data < 2)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001281 goto out;
1282
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001283 data = (unsigned char *) sctl->area;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001284 len = (data[0] << 8) | data[1];
1285
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001286 if (len + 2 != sctl->data)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001287 goto out;
1288
1289 data = data + 2;
1290 pos = 0;
1291 while (pos < len) {
1292 if (len - pos < 2)
1293 goto out;
1294
1295 sct_len = (data[pos] << 8) | data[pos + 1];
1296 if (pos + sct_len + 2 > len)
1297 goto out;
1298
1299 pos += sct_len + 2;
1300 }
1301
1302 ret = 0;
1303
1304out:
1305 return ret;
1306}
1307
Willy Tarreau83061a82018-07-13 11:56:34 +02001308static int ssl_sock_load_sctl_from_file(const char *sctl_path,
1309 struct buffer **sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001310{
1311 int fd = -1;
1312 int r = 0;
1313 int ret = 1;
1314
1315 *sctl = NULL;
1316
1317 fd = open(sctl_path, O_RDONLY);
1318 if (fd == -1)
1319 goto end;
1320
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001321 trash.data = 0;
1322 while (trash.data < trash.size) {
1323 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001324 if (r < 0) {
1325 if (errno == EINTR)
1326 continue;
1327
1328 goto end;
1329 }
1330 else if (r == 0) {
1331 break;
1332 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001333 trash.data += r;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001334 }
1335
1336 ret = ssl_sock_parse_sctl(&trash);
1337 if (ret)
1338 goto end;
1339
Vincent Bernat02779b62016-04-03 13:48:43 +02001340 *sctl = calloc(1, sizeof(**sctl));
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001341 if (!chunk_dup(*sctl, &trash)) {
1342 free(*sctl);
1343 *sctl = NULL;
1344 goto end;
1345 }
1346
1347end:
1348 if (fd != -1)
1349 close(fd);
1350
1351 return ret;
1352}
1353
1354int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1355{
Willy Tarreau83061a82018-07-13 11:56:34 +02001356 struct buffer *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001357
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001358 *out = (unsigned char *) sctl->area;
1359 *outlen = sctl->data;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001360
1361 return 1;
1362}
1363
1364int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1365{
1366 return 1;
1367}
1368
1369static int ssl_sock_load_sctl(SSL_CTX *ctx, const char *cert_path)
1370{
1371 char sctl_path[MAXPATHLEN+1];
1372 int ret = -1;
1373 struct stat st;
Willy Tarreau83061a82018-07-13 11:56:34 +02001374 struct buffer *sctl = NULL;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001375
1376 snprintf(sctl_path, MAXPATHLEN+1, "%s.sctl", cert_path);
1377
1378 if (stat(sctl_path, &st))
1379 return 1;
1380
1381 if (ssl_sock_load_sctl_from_file(sctl_path, &sctl))
1382 goto out;
1383
1384 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL)) {
1385 free(sctl);
1386 goto out;
1387 }
1388
1389 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1390
1391 ret = 0;
1392
1393out:
1394 return ret;
1395}
1396
1397#endif
1398
Emeric Brune1f38db2012-09-03 20:36:47 +02001399void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1400{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001401 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brund8b2bb52014-01-28 15:43:53 +01001402 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001403 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001404
1405 if (where & SSL_CB_HANDSHAKE_START) {
1406 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001407 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001408 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001409 conn->err_code = CO_ER_SSL_RENEG;
1410 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001411 }
Emeric Brund8b2bb52014-01-28 15:43:53 +01001412
1413 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
1414 if (!(conn->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
1415 /* Long certificate chains optimz
1416 If write and read bios are differents, we
1417 consider that the buffering was activated,
1418 so we rise the output buffer size from 4k
1419 to 16k */
1420 write_bio = SSL_get_wbio(ssl);
1421 if (write_bio != SSL_get_rbio(ssl)) {
1422 BIO_set_write_buffer_size(write_bio, 16384);
1423 conn->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
1424 }
1425 }
1426 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001427}
1428
Emeric Brune64aef12012-09-21 13:15:06 +02001429/* Callback is called for each certificate of the chain during a verify
1430 ok is set to 1 if preverify detect no error on current certificate.
1431 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001432int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001433{
1434 SSL *ssl;
1435 struct connection *conn;
Emeric Brun81c00f02012-09-21 14:31:21 +02001436 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001437
1438 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001439 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001440
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001441 conn->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001442
Emeric Brun81c00f02012-09-21 14:31:21 +02001443 if (ok) /* no errors */
1444 return ok;
1445
1446 depth = X509_STORE_CTX_get_error_depth(x_store);
1447 err = X509_STORE_CTX_get_error(x_store);
1448
1449 /* check if CA error needs to be ignored */
1450 if (depth > 0) {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001451 if (!SSL_SOCK_ST_TO_CA_ERROR(conn->xprt_st)) {
1452 conn->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1453 conn->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001454 }
1455
Willy Tarreau07d94e42018-09-20 10:57:52 +02001456 if (__objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001457 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001458 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001459 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001460 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001461
Willy Tarreau20879a02012-12-03 16:32:10 +01001462 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001463 return 0;
1464 }
1465
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001466 if (!SSL_SOCK_ST_TO_CRTERROR(conn->xprt_st))
1467 conn->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001468
Emeric Brun81c00f02012-09-21 14:31:21 +02001469 /* check if certificate error needs to be ignored */
Willy Tarreau07d94e42018-09-20 10:57:52 +02001470 if (__objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001471 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001472 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001473 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001474 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001475
Willy Tarreau20879a02012-12-03 16:32:10 +01001476 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001477 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001478}
1479
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001480static inline
1481void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001482 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001483{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001484 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001485 unsigned char *msg;
1486 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001487 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001488
1489 /* This function is called for "from client" and "to server"
1490 * connections. The combination of write_p == 0 and content_type == 22
1491 * is only avalaible during "from client" connection.
1492 */
1493
1494 /* "write_p" is set to 0 is the bytes are received messages,
1495 * otherwise it is set to 1.
1496 */
1497 if (write_p != 0)
1498 return;
1499
1500 /* content_type contains the type of message received or sent
1501 * according with the SSL/TLS protocol spec. This message is
1502 * encoded with one byte. The value 256 (two bytes) is used
1503 * for designing the SSL/TLS record layer. According with the
1504 * rfc6101, the expected message (other than 256) are:
1505 * - change_cipher_spec(20)
1506 * - alert(21)
1507 * - handshake(22)
1508 * - application_data(23)
1509 * - (255)
1510 * We are interessed by the handshake and specially the client
1511 * hello.
1512 */
1513 if (content_type != 22)
1514 return;
1515
1516 /* The message length is at least 4 bytes, containing the
1517 * message type and the message length.
1518 */
1519 if (len < 4)
1520 return;
1521
1522 /* First byte of the handshake message id the type of
1523 * message. The konwn types are:
1524 * - hello_request(0)
1525 * - client_hello(1)
1526 * - server_hello(2)
1527 * - certificate(11)
1528 * - server_key_exchange (12)
1529 * - certificate_request(13)
1530 * - server_hello_done(14)
1531 * We are interested by the client hello.
1532 */
1533 msg = (unsigned char *)buf;
1534 if (msg[0] != 1)
1535 return;
1536
1537 /* Next three bytes are the length of the message. The total length
1538 * must be this decoded length + 4. If the length given as argument
1539 * is not the same, we abort the protocol dissector.
1540 */
1541 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1542 if (len < rec_len + 4)
1543 return;
1544 msg += 4;
1545 end = msg + rec_len;
1546 if (end < msg)
1547 return;
1548
1549 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1550 * for minor, the random, composed by 4 bytes for the unix time and
1551 * 28 bytes for unix payload, and them 1 byte for the session id. So
1552 * we jump 1 + 1 + 4 + 28 + 1 bytes.
1553 */
1554 msg += 1 + 1 + 4 + 28 + 1;
1555 if (msg > end)
1556 return;
1557
1558 /* Next two bytes are the ciphersuite length. */
1559 if (msg + 2 > end)
1560 return;
1561 rec_len = (msg[0] << 8) + msg[1];
1562 msg += 2;
1563 if (msg + rec_len > end || msg + rec_len < msg)
1564 return;
1565
Willy Tarreaubafbe012017-11-24 17:34:44 +01001566 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001567 if (!capture)
1568 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001569 /* Compute the xxh64 of the ciphersuite. */
1570 capture->xxh64 = XXH64(msg, rec_len, 0);
1571
1572 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001573 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1574 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001575 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001576
1577 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001578}
1579
Emeric Brun29f037d2014-04-25 19:05:36 +02001580/* Callback is called for ssl protocol analyse */
1581void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1582{
Emeric Brun29f037d2014-04-25 19:05:36 +02001583#ifdef TLS1_RT_HEARTBEAT
1584 /* test heartbeat received (write_p is set to 0
1585 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001586 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001587 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreauf51c6982014-04-25 20:02:39 +02001588 const unsigned char *p = buf;
1589 unsigned int payload;
1590
Emeric Brun29f037d2014-04-25 19:05:36 +02001591 conn->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001592
1593 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1594 if (*p != TLS1_HB_REQUEST)
1595 return;
1596
Willy Tarreauaeed6722014-04-25 23:59:58 +02001597 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001598 goto kill_it;
1599
1600 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001601 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001602 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001603 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001604 /* We have a clear heartbleed attack (CVE-2014-0160), the
1605 * advertised payload is larger than the advertised packet
1606 * length, so we have garbage in the buffer between the
1607 * payload and the end of the buffer (p+len). We can't know
1608 * if the SSL stack is patched, and we don't know if we can
1609 * safely wipe out the area between p+3+len and payload.
1610 * So instead, we prevent the response from being sent by
1611 * setting the max_send_fragment to 0 and we report an SSL
1612 * error, which will kill this connection. It will be reported
1613 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001614 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1615 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001616 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001617 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1618 return;
1619 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001620#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001621 if (global_ssl.capture_cipherlist > 0)
1622 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001623}
1624
Bernard Spil13c53f82018-02-15 13:34:58 +01001625#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001626/* This callback is used so that the server advertises the list of
1627 * negociable protocols for NPN.
1628 */
1629static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1630 unsigned int *len, void *arg)
1631{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001632 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001633
1634 *data = (const unsigned char *)conf->npn_str;
1635 *len = conf->npn_len;
1636 return SSL_TLSEXT_ERR_OK;
1637}
1638#endif
1639
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001640#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001641/* This callback is used so that the server advertises the list of
1642 * negociable protocols for ALPN.
1643 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001644static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1645 unsigned char *outlen,
1646 const unsigned char *server,
1647 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001648{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001649 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001650
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001651 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1652 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1653 return SSL_TLSEXT_ERR_NOACK;
1654 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001655 return SSL_TLSEXT_ERR_OK;
1656}
1657#endif
1658
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001659#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001660#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001661
Christopher Faulet30548802015-06-11 13:39:32 +02001662/* Create a X509 certificate with the specified servername and serial. This
1663 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001664static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001665ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001666{
Christopher Faulet7969a332015-10-09 11:15:03 +02001667 X509 *cacert = bind_conf->ca_sign_cert;
1668 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001669 SSL_CTX *ssl_ctx = NULL;
1670 X509 *newcrt = NULL;
1671 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001672 SSL *tmp_ssl = NULL;
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001673 CONF *ctmp = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001674 X509_NAME *name;
1675 const EVP_MD *digest;
1676 X509V3_CTX ctx;
1677 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001678 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001679
Christopher Faulet48a83322017-07-28 16:56:09 +02001680 /* Get the private key of the default certificate and use it */
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001681#if (OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined LIBRESSL_VERSION_NUMBER)
1682 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1683#else
1684 tmp_ssl = SSL_new(bind_conf->default_ctx);
1685 if (tmp_ssl)
1686 pkey = SSL_get_privatekey(tmp_ssl);
1687#endif
1688 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001689 goto mkcert_error;
1690
1691 /* Create the certificate */
1692 if (!(newcrt = X509_new()))
1693 goto mkcert_error;
1694
1695 /* Set version number for the certificate (X509v3) and the serial
1696 * number */
1697 if (X509_set_version(newcrt, 2L) != 1)
1698 goto mkcert_error;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001699 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001700
1701 /* Set duration for the certificate */
1702 if (!X509_gmtime_adj(X509_get_notBefore(newcrt), (long)-60*60*24) ||
1703 !X509_gmtime_adj(X509_get_notAfter(newcrt),(long)60*60*24*365))
1704 goto mkcert_error;
1705
1706 /* set public key in the certificate */
1707 if (X509_set_pubkey(newcrt, pkey) != 1)
1708 goto mkcert_error;
1709
1710 /* Set issuer name from the CA */
1711 if (!(name = X509_get_subject_name(cacert)))
1712 goto mkcert_error;
1713 if (X509_set_issuer_name(newcrt, name) != 1)
1714 goto mkcert_error;
1715
1716 /* Set the subject name using the same, but the CN */
1717 name = X509_NAME_dup(name);
1718 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
1719 (const unsigned char *)servername,
1720 -1, -1, 0) != 1) {
1721 X509_NAME_free(name);
1722 goto mkcert_error;
1723 }
1724 if (X509_set_subject_name(newcrt, name) != 1) {
1725 X509_NAME_free(name);
1726 goto mkcert_error;
1727 }
1728 X509_NAME_free(name);
1729
1730 /* Add x509v3 extensions as specified */
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001731 ctmp = NCONF_new(NULL);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001732 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
1733 for (i = 0; i < X509V3_EXT_SIZE; i++) {
1734 X509_EXTENSION *ext;
1735
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001736 if (!(ext = X509V3_EXT_nconf(ctmp, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001737 goto mkcert_error;
1738 if (!X509_add_ext(newcrt, ext, -1)) {
1739 X509_EXTENSION_free(ext);
1740 goto mkcert_error;
1741 }
1742 X509_EXTENSION_free(ext);
1743 }
1744
1745 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001746
1747 key_type = EVP_PKEY_base_id(capkey);
1748
1749 if (key_type == EVP_PKEY_DSA)
1750 digest = EVP_sha1();
1751 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001752 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001753 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02001754 digest = EVP_sha256();
1755 else {
Emmanuel Hocdet747ca612018-10-01 18:45:19 +02001756#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet7969a332015-10-09 11:15:03 +02001757 int nid;
1758
1759 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
1760 goto mkcert_error;
1761 if (!(digest = EVP_get_digestbynid(nid)))
1762 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02001763#else
1764 goto mkcert_error;
1765#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02001766 }
1767
Christopher Faulet31af49d2015-06-09 17:29:50 +02001768 if (!(X509_sign(newcrt, capkey, digest)))
1769 goto mkcert_error;
1770
1771 /* Create and set the new SSL_CTX */
1772 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
1773 goto mkcert_error;
1774 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1775 goto mkcert_error;
1776 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
1777 goto mkcert_error;
1778 if (!SSL_CTX_check_private_key(ssl_ctx))
1779 goto mkcert_error;
1780
1781 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02001782
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001783#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001784 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001785#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001786#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
1787 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001788 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001789 EC_KEY *ecc;
1790 int nid;
1791
1792 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
1793 goto end;
1794 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
1795 goto end;
1796 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
1797 EC_KEY_free(ecc);
1798 }
1799#endif
1800 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02001801 return ssl_ctx;
1802
1803 mkcert_error:
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001804 if (ctmp) NCONF_free(ctmp);
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001805 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001806 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
1807 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001808 return NULL;
1809}
1810
Christopher Faulet7969a332015-10-09 11:15:03 +02001811SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001812ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02001813{
Willy Tarreau07d94e42018-09-20 10:57:52 +02001814 struct bind_conf *bind_conf = __objt_listener(conn->target)->bind_conf;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001815
1816 return ssl_sock_do_create_cert(servername, bind_conf, conn->xprt_ctx);
Christopher Faulet7969a332015-10-09 11:15:03 +02001817}
1818
Christopher Faulet30548802015-06-11 13:39:32 +02001819/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02001820 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02001821SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02001822ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02001823{
1824 struct lru64 *lru = NULL;
1825
1826 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001827 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001828 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001829 if (lru && lru->domain) {
1830 if (ssl)
1831 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001832 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001833 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001834 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001835 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001836 }
1837 return NULL;
1838}
1839
Emeric Brun821bb9b2017-06-15 16:37:39 +02001840/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
1841 * function is not thread-safe, it should only be used to check if a certificate
1842 * exists in the lru cache (with no warranty it will not be removed by another
1843 * thread). It is kept for backward compatibility. */
1844SSL_CTX *
1845ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
1846{
1847 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
1848}
1849
Christopher Fauletd2cab922015-07-28 16:03:47 +02001850/* Set a certificate int the LRU cache used to store generated
1851 * certificate. Return 0 on success, otherwise -1 */
1852int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001853ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02001854{
1855 struct lru64 *lru = NULL;
1856
1857 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001858 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001859 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001860 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001861 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001862 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001863 }
Christopher Faulet30548802015-06-11 13:39:32 +02001864 if (lru->domain && lru->data)
1865 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02001866 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001867 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001868 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02001869 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02001870 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02001871}
1872
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001873/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02001874unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001875ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02001876{
1877 return XXH32(data, len, ssl_ctx_lru_seed);
1878}
1879
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001880/* Generate a cert and immediately assign it to the SSL session so that the cert's
1881 * refcount is maintained regardless of the cert's presence in the LRU cache.
1882 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001883static int
Christopher Faulet7969a332015-10-09 11:15:03 +02001884ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001885{
1886 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001887 SSL_CTX *ssl_ctx = NULL;
1888 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001889 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001890
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001891 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001892 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001893 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001894 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001895 if (lru && lru->domain)
1896 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02001897 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001898 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001899 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001900 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001901 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001902 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001903 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001904 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001905 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001906 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001907 SSL_set_SSL_CTX(ssl, ssl_ctx);
1908 /* No LRU cache, this CTX will be released as soon as the session dies */
1909 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001910 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001911 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001912 return 0;
1913}
1914static int
1915ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
1916{
1917 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001918 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001919
1920 conn_get_to_addr(conn);
1921 if (conn->flags & CO_FL_ADDR_TO_SET) {
1922 key = ssl_sock_generated_cert_key(&conn->addr.to, get_addr_len(&conn->addr.to));
Emeric Brun821bb9b2017-06-15 16:37:39 +02001923 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001924 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001925 }
1926 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001927}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001928#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02001929
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001930
1931#ifndef SSL_OP_CIPHER_SERVER_PREFERENCE /* needs OpenSSL >= 0.9.7 */
1932#define SSL_OP_CIPHER_SERVER_PREFERENCE 0
1933#endif
1934
1935#ifndef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION /* needs OpenSSL >= 0.9.7 */
1936#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0
1937#define SSL_renegotiate_pending(arg) 0
1938#endif
1939#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 0.9.8 */
1940#define SSL_OP_SINGLE_ECDH_USE 0
1941#endif
1942#ifndef SSL_OP_NO_TICKET /* needs OpenSSL >= 0.9.8 */
1943#define SSL_OP_NO_TICKET 0
1944#endif
1945#ifndef SSL_OP_NO_COMPRESSION /* needs OpenSSL >= 0.9.9 */
1946#define SSL_OP_NO_COMPRESSION 0
1947#endif
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02001948#ifdef OPENSSL_NO_SSL3 /* SSLv3 support removed */
1949#undef SSL_OP_NO_SSLv3
1950#define SSL_OP_NO_SSLv3 0
1951#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001952#ifndef SSL_OP_NO_TLSv1_1 /* needs OpenSSL >= 1.0.1 */
1953#define SSL_OP_NO_TLSv1_1 0
1954#endif
1955#ifndef SSL_OP_NO_TLSv1_2 /* needs OpenSSL >= 1.0.1 */
1956#define SSL_OP_NO_TLSv1_2 0
1957#endif
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02001958#ifndef SSL_OP_NO_TLSv1_3 /* needs OpenSSL >= 1.1.1 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001959#define SSL_OP_NO_TLSv1_3 0
1960#endif
1961#ifndef SSL_OP_SINGLE_DH_USE /* needs OpenSSL >= 0.9.6 */
1962#define SSL_OP_SINGLE_DH_USE 0
1963#endif
1964#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 1.0.0 */
1965#define SSL_OP_SINGLE_ECDH_USE 0
1966#endif
1967#ifndef SSL_MODE_RELEASE_BUFFERS /* needs OpenSSL >= 1.0.0 */
1968#define SSL_MODE_RELEASE_BUFFERS 0
1969#endif
1970#ifndef SSL_MODE_SMALL_BUFFERS /* needs small_records.patch */
1971#define SSL_MODE_SMALL_BUFFERS 0
1972#endif
Lukas Tribus926594f2018-05-18 17:55:57 +02001973#ifndef SSL_OP_PRIORITIZE_CHACHA /* needs OpenSSL >= 1.1.1 */
1974#define SSL_OP_PRIORITIZE_CHACHA 0
1975#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001976
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02001977#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001978typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
1979
1980static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001981{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02001982#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001983 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001984 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
1985#endif
1986}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001987static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
1988 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001989 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
1990}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001991static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001992#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001993 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001994 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
1995#endif
1996}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001997static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001998#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001999 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002000 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
2001#endif
2002}
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002003/* TLSv1.2 is the last supported version in this context. */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002004static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
2005/* Unusable in this context. */
2006static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
2007static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
2008static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
2009static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
2010static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002011#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002012typedef enum { SET_MIN, SET_MAX } set_context_func;
2013
2014static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2015 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002016 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2017}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002018static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2019 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2020 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2021}
2022static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2023 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002024 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2025}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002026static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2027 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2028 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2029}
2030static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2031 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002032 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2033}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002034static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2035 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2036 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2037}
2038static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2039 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002040 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2041}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002042static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2043 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2044 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2045}
2046static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002047#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002048 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002049 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2050#endif
2051}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002052static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2053#if SSL_OP_NO_TLSv1_3
2054 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2055 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002056#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002057}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002058#endif
2059static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2060static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002061
2062static struct {
2063 int option;
2064 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002065 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2066 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002067 const char *name;
2068} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002069 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2070 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2071 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2072 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2073 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2074 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002075};
2076
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002077static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2078{
2079 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2080 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2081 SSL_set_SSL_CTX(ssl, ctx);
2082}
2083
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002084#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002085
2086static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2087{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002088 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002089 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002090
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002091 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2092 return SSL_TLSEXT_ERR_OK;
2093 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002094}
2095
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002096#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002097static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2098{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002099 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002100#else
2101static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2102{
2103#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002104 struct connection *conn;
2105 struct bind_conf *s;
2106 const uint8_t *extension_data;
2107 size_t extension_len;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002108 int has_rsa_sig = 0, has_ecdsa_sig = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002109
2110 char *wildp = NULL;
2111 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002112 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002113 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002114 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002115 int i;
2116
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002117 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002118 s = objt_listener(conn->target)->bind_conf;
2119
Olivier Houchard9679ac92017-10-27 14:58:08 +02002120 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002121 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002122#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002123 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2124 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002125#else
2126 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2127#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002128 /*
2129 * The server_name extension was given too much extensibility when it
2130 * was written, so parsing the normal case is a bit complex.
2131 */
2132 size_t len;
2133 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002134 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002135 /* Extract the length of the supplied list of names. */
2136 len = (*extension_data++) << 8;
2137 len |= *extension_data++;
2138 if (len + 2 != extension_len)
2139 goto abort;
2140 /*
2141 * The list in practice only has a single element, so we only consider
2142 * the first one.
2143 */
2144 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2145 goto abort;
2146 extension_len = len - 1;
2147 /* Now we can finally pull out the byte array with the actual hostname. */
2148 if (extension_len <= 2)
2149 goto abort;
2150 len = (*extension_data++) << 8;
2151 len |= *extension_data++;
2152 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2153 || memchr(extension_data, 0, len) != NULL)
2154 goto abort;
2155 servername = extension_data;
2156 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002157 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002158#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2159 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002160 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002161 }
2162#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002163 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002164 if (!s->strict_sni) {
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002165 ssl_sock_switchctx_set(ssl, s->default_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002166 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002167 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002168 goto abort;
2169 }
2170
2171 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002172#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002173 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002174#else
2175 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2176#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002177 uint8_t sign;
2178 size_t len;
2179 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002180 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002181 len = (*extension_data++) << 8;
2182 len |= *extension_data++;
2183 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002184 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002185 if (len % 2 != 0)
2186 goto abort;
2187 for (; len > 0; len -= 2) {
2188 extension_data++; /* hash */
2189 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002190 switch (sign) {
2191 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002192 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002193 break;
2194 case TLSEXT_signature_ecdsa:
2195 has_ecdsa_sig = 1;
2196 break;
2197 default:
2198 continue;
2199 }
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002200 if (has_ecdsa_sig && has_rsa_sig)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002201 break;
2202 }
2203 } else {
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002204 /* without TLSEXT_TYPE_signature_algorithms extension (< TLSv1.2) */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002205 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002206 }
2207 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002208 const SSL_CIPHER *cipher;
2209 size_t len;
2210 const uint8_t *cipher_suites;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002211 has_ecdsa_sig = 0;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002212#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002213 len = ctx->cipher_suites_len;
2214 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002215#else
2216 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2217#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002218 if (len % 2 != 0)
2219 goto abort;
2220 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002221#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002222 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002223 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002224#else
2225 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2226#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002227 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002228 has_ecdsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002229 break;
2230 }
2231 }
2232 }
2233
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002234 for (i = 0; i < trash.size && i < servername_len; i++) {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002235 trash.area[i] = tolower(servername[i]);
2236 if (!wildp && (trash.area[i] == '.'))
2237 wildp = &trash.area[i];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002238 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002239 trash.area[i] = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002240
2241 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002242 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002243
2244 /* lookup a not neg filter */
2245 for (n = node; n; n = ebmb_next_dup(n)) {
2246 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002247 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002248 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002249 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002250 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002251 break;
2252 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002253 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002254 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002255 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002256 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002257 if (!node_anonymous)
2258 node_anonymous = n;
2259 break;
2260 }
2261 }
2262 }
2263 if (wildp) {
2264 /* lookup in wildcards names */
2265 node = ebst_lookup(&s->sni_w_ctx, wildp);
2266 for (n = node; n; n = ebmb_next_dup(n)) {
2267 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002268 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002269 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002270 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002271 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002272 break;
2273 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002274 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002275 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002276 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002277 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002278 if (!node_anonymous)
2279 node_anonymous = n;
2280 break;
2281 }
2282 }
2283 }
2284 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002285 /* select by key_signature priority order */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002286 node = (has_ecdsa_sig && node_ecdsa) ? node_ecdsa
2287 : ((has_rsa_sig && node_rsa) ? node_rsa
2288 : (node_anonymous ? node_anonymous
2289 : (node_ecdsa ? node_ecdsa /* no ecdsa signature case (< TLSv1.2) */
2290 : node_rsa /* no rsa signature case (far far away) */
2291 )));
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002292 if (node) {
2293 /* switch ctx */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02002294 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002295 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002296 if (conf) {
2297 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2298 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2299 if (conf->early_data)
2300 allow_early = 1;
2301 }
2302 goto allow_early;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002303 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002304#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002305 if (s->generate_certs && ssl_sock_generate_certificate(trash.area, s, ssl)) {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002306 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002307 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002308 }
2309#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002310 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002311 /* no certificate match, is the default_ctx */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002312 ssl_sock_switchctx_set(ssl, s->default_ctx);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002313 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002314allow_early:
2315#ifdef OPENSSL_IS_BORINGSSL
2316 if (allow_early)
2317 SSL_set_early_data_enabled(ssl, 1);
2318#else
2319 if (!allow_early)
2320 SSL_set_max_early_data(ssl, 0);
2321#endif
2322 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002323 abort:
2324 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2325 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002326#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002327 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002328#else
2329 *al = SSL_AD_UNRECOGNIZED_NAME;
2330 return 0;
2331#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002332}
2333
2334#else /* OPENSSL_IS_BORINGSSL */
2335
Emeric Brunfc0421f2012-09-07 17:30:07 +02002336/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2337 * warning when no match is found, which implies the default (first) cert
2338 * will keep being used.
2339 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002340static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002341{
2342 const char *servername;
2343 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002344 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002345 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002346 int i;
2347 (void)al; /* shut gcc stupid warning */
2348
2349 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002350 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002351#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002352 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2353 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002354#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002355 if (s->strict_sni)
2356 return SSL_TLSEXT_ERR_ALERT_FATAL;
2357 ssl_sock_switchctx_set(ssl, s->default_ctx);
2358 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002359 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002360
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002361 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002362 if (!servername[i])
2363 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002364 trash.area[i] = tolower(servername[i]);
2365 if (!wildp && (trash.area[i] == '.'))
2366 wildp = &trash.area[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002367 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002368 trash.area[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002369
2370 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002371 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002372
2373 /* lookup a not neg filter */
2374 for (n = node; n; n = ebmb_next_dup(n)) {
2375 if (!container_of(n, struct sni_ctx, name)->neg) {
2376 node = n;
2377 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002378 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002379 }
2380 if (!node && wildp) {
2381 /* lookup in wildcards names */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002382 node = ebst_lookup(&s->sni_w_ctx, wildp);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002383 }
2384 if (!node || container_of(node, struct sni_ctx, name)->neg) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002385#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002386 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2387 /* switch ctx done in ssl_sock_generate_certificate */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002388 return SSL_TLSEXT_ERR_OK;
2389 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002390#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002391 if (s->strict_sni)
2392 return SSL_TLSEXT_ERR_ALERT_FATAL;
2393 ssl_sock_switchctx_set(ssl, s->default_ctx);
2394 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002395 }
2396
2397 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002398 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002399 return SSL_TLSEXT_ERR_OK;
2400}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002401#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002402#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2403
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002404#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002405
2406static DH * ssl_get_dh_1024(void)
2407{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002408 static unsigned char dh1024_p[]={
2409 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2410 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2411 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2412 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2413 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2414 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2415 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2416 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2417 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2418 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2419 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2420 };
2421 static unsigned char dh1024_g[]={
2422 0x02,
2423 };
2424
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002425 BIGNUM *p;
2426 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002427 DH *dh = DH_new();
2428 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002429 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2430 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002431
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002432 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002433 DH_free(dh);
2434 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002435 } else {
2436 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002437 }
2438 }
2439 return dh;
2440}
2441
2442static DH *ssl_get_dh_2048(void)
2443{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002444 static unsigned char dh2048_p[]={
2445 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2446 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2447 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2448 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2449 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2450 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2451 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2452 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2453 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2454 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2455 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2456 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2457 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2458 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2459 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2460 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2461 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2462 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2463 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2464 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2465 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2466 0xB7,0x1F,0x77,0xF3,
2467 };
2468 static unsigned char dh2048_g[]={
2469 0x02,
2470 };
2471
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002472 BIGNUM *p;
2473 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002474 DH *dh = DH_new();
2475 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002476 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2477 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002478
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002479 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002480 DH_free(dh);
2481 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002482 } else {
2483 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002484 }
2485 }
2486 return dh;
2487}
2488
2489static DH *ssl_get_dh_4096(void)
2490{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002491 static unsigned char dh4096_p[]={
2492 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2493 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2494 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2495 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2496 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2497 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2498 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2499 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2500 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2501 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2502 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2503 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2504 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2505 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2506 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2507 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2508 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2509 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2510 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2511 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2512 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2513 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2514 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2515 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2516 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2517 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2518 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2519 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2520 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2521 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2522 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2523 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2524 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2525 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2526 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2527 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2528 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2529 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2530 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2531 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2532 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2533 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2534 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002535 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002536 static unsigned char dh4096_g[]={
2537 0x02,
2538 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002539
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002540 BIGNUM *p;
2541 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002542 DH *dh = DH_new();
2543 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002544 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2545 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002546
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002547 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002548 DH_free(dh);
2549 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002550 } else {
2551 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002552 }
2553 }
2554 return dh;
2555}
2556
2557/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002558 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002559static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2560{
2561 DH *dh = NULL;
2562 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002563 int type;
2564
2565 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002566
2567 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2568 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2569 */
2570 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2571 keylen = EVP_PKEY_bits(pkey);
2572 }
2573
Willy Tarreauef934602016-12-22 23:12:01 +01002574 if (keylen > global_ssl.default_dh_param) {
2575 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002576 }
2577
Remi Gacogned3a341a2015-05-29 16:26:17 +02002578 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002579 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002580 }
2581 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002582 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002583 }
2584 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002585 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002586 }
2587
2588 return dh;
2589}
2590
Remi Gacogne47783ef2015-05-29 15:53:22 +02002591static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002592{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002593 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002594 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002595
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002596 if (in == NULL)
2597 goto end;
2598
Remi Gacogne47783ef2015-05-29 15:53:22 +02002599 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002600 goto end;
2601
Remi Gacogne47783ef2015-05-29 15:53:22 +02002602 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2603
2604end:
2605 if (in)
2606 BIO_free(in);
2607
Emeric Brune1b4ed42018-08-16 15:14:12 +02002608 ERR_clear_error();
2609
Remi Gacogne47783ef2015-05-29 15:53:22 +02002610 return dh;
2611}
2612
2613int ssl_sock_load_global_dh_param_from_file(const char *filename)
2614{
2615 global_dh = ssl_sock_get_dh_from_file(filename);
2616
2617 if (global_dh) {
2618 return 0;
2619 }
2620
2621 return -1;
2622}
2623
2624/* Loads Diffie-Hellman parameter from a file. Returns 1 if loaded, else -1
2625 if an error occured, and 0 if parameter not found. */
2626int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file)
2627{
2628 int ret = -1;
2629 DH *dh = ssl_sock_get_dh_from_file(file);
2630
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002631 if (dh) {
2632 ret = 1;
2633 SSL_CTX_set_tmp_dh(ctx, dh);
Remi Gacogne4f902b82015-05-28 16:23:00 +02002634
2635 if (ssl_dh_ptr_index >= 0) {
2636 /* store a pointer to the DH params to avoid complaining about
2637 ssl-default-dh-param not being set for this SSL_CTX */
2638 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
2639 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002640 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02002641 else if (global_dh) {
2642 SSL_CTX_set_tmp_dh(ctx, global_dh);
2643 ret = 0; /* DH params not found */
2644 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002645 else {
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002646 /* Clear openssl global errors stack */
2647 ERR_clear_error();
2648
Willy Tarreauef934602016-12-22 23:12:01 +01002649 if (global_ssl.default_dh_param <= 1024) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002650 /* we are limited to DH parameter of 1024 bits anyway */
Remi Gacognec7e12632016-07-02 16:26:10 +02002651 if (local_dh_1024 == NULL)
2652 local_dh_1024 = ssl_get_dh_1024();
2653
Remi Gacogne8de54152014-07-15 11:36:40 +02002654 if (local_dh_1024 == NULL)
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002655 goto end;
Willy Tarreau6e774b42014-04-25 21:35:23 +02002656
Remi Gacogne8de54152014-07-15 11:36:40 +02002657 SSL_CTX_set_tmp_dh(ctx, local_dh_1024);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002658 }
2659 else {
2660 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
2661 }
Willy Tarreau6e774b42014-04-25 21:35:23 +02002662
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002663 ret = 0; /* DH params not found */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002664 }
Emeric Brun644cde02012-12-14 11:21:13 +01002665
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002666end:
2667 if (dh)
2668 DH_free(dh);
2669
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002670 return ret;
2671}
2672#endif
2673
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002674static int ssl_sock_add_cert_sni(SSL_CTX *ctx, struct bind_conf *s, struct ssl_bind_conf *conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002675 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002676{
2677 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002678 int wild = 0, neg = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002679 struct ebmb_node *node;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002680
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002681 if (*name == '!') {
2682 neg = 1;
2683 name++;
2684 }
2685 if (*name == '*') {
2686 wild = 1;
2687 name++;
2688 }
2689 /* !* filter is a nop */
2690 if (neg && wild)
2691 return order;
2692 if (*name) {
2693 int j, len;
2694 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002695 for (j = 0; j < len && j < trash.size; j++)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002696 trash.area[j] = tolower(name[j]);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002697 if (j >= trash.size)
2698 return order;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002699 trash.area[j] = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002700
2701 /* Check for duplicates. */
2702 if (wild)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002703 node = ebst_lookup(&s->sni_w_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002704 else
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002705 node = ebst_lookup(&s->sni_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002706 for (; node; node = ebmb_next_dup(node)) {
2707 sc = ebmb_entry(node, struct sni_ctx, name);
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002708 if (sc->ctx == ctx && sc->conf == conf && sc->neg == neg)
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002709 return order;
2710 }
2711
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002712 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002713 if (!sc)
2714 return order;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002715 memcpy(sc->name.key, trash.area, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002716 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002717 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002718 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002719 sc->order = order++;
2720 sc->neg = neg;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01002721 if (kinfo.sig != TLSEXT_signature_anonymous)
2722 SSL_CTX_set_ex_data(ctx, ssl_pkey_info_index, &sc->kinfo);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002723 if (wild)
2724 ebst_insert(&s->sni_w_ctx, &sc->name);
2725 else
2726 ebst_insert(&s->sni_ctx, &sc->name);
2727 }
2728 return order;
2729}
2730
yanbzhu488a4d22015-12-01 15:16:07 -05002731
2732/* The following code is used for loading multiple crt files into
2733 * SSL_CTX's based on CN/SAN
2734 */
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01002735#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)
yanbzhu488a4d22015-12-01 15:16:07 -05002736/* This is used to preload the certifcate, private key
2737 * and Cert Chain of a file passed in via the crt
2738 * argument
2739 *
2740 * This way, we do not have to read the file multiple times
2741 */
2742struct cert_key_and_chain {
2743 X509 *cert;
2744 EVP_PKEY *key;
2745 unsigned int num_chain_certs;
2746 /* This is an array of X509 pointers */
2747 X509 **chain_certs;
2748};
2749
yanbzhu08ce6ab2015-12-02 13:01:29 -05002750#define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
2751
2752struct key_combo_ctx {
2753 SSL_CTX *ctx;
2754 int order;
2755};
2756
2757/* Map used for processing multiple keypairs for a single purpose
2758 *
2759 * This maps CN/SNI name to certificate type
2760 */
2761struct sni_keytype {
2762 int keytypes; /* BITMASK for keytypes */
2763 struct ebmb_node name; /* node holding the servername value */
2764};
2765
2766
yanbzhu488a4d22015-12-01 15:16:07 -05002767/* Frees the contents of a cert_key_and_chain
2768 */
2769static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
2770{
2771 int i;
2772
2773 if (!ckch)
2774 return;
2775
2776 /* Free the certificate and set pointer to NULL */
2777 if (ckch->cert)
2778 X509_free(ckch->cert);
2779 ckch->cert = NULL;
2780
2781 /* Free the key and set pointer to NULL */
2782 if (ckch->key)
2783 EVP_PKEY_free(ckch->key);
2784 ckch->key = NULL;
2785
2786 /* Free each certificate in the chain */
2787 for (i = 0; i < ckch->num_chain_certs; i++) {
2788 if (ckch->chain_certs[i])
2789 X509_free(ckch->chain_certs[i]);
2790 }
2791
2792 /* Free the chain obj itself and set to NULL */
2793 if (ckch->num_chain_certs > 0) {
2794 free(ckch->chain_certs);
2795 ckch->num_chain_certs = 0;
2796 ckch->chain_certs = NULL;
2797 }
2798
2799}
2800
2801/* checks if a key and cert exists in the ckch
2802 */
2803static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
2804{
2805 return (ckch->cert != NULL && ckch->key != NULL);
2806}
2807
2808
2809/* Loads the contents of a crt file (path) into a cert_key_and_chain
2810 * This allows us to carry the contents of the file without having to
2811 * read the file multiple times.
2812 *
2813 * returns:
2814 * 0 on Success
2815 * 1 on SSL Failure
2816 * 2 on file not found
2817 */
2818static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
2819{
2820
2821 BIO *in;
2822 X509 *ca = NULL;
2823 int ret = 1;
2824
2825 ssl_sock_free_cert_key_and_chain_contents(ckch);
2826
2827 in = BIO_new(BIO_s_file());
2828 if (in == NULL)
2829 goto end;
2830
2831 if (BIO_read_filename(in, path) <= 0)
2832 goto end;
2833
yanbzhu488a4d22015-12-01 15:16:07 -05002834 /* Read Private Key */
2835 ckch->key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
2836 if (ckch->key == NULL) {
2837 memprintf(err, "%sunable to load private key from file '%s'.\n",
2838 err && *err ? *err : "", path);
2839 goto end;
2840 }
2841
Willy Tarreaubb137a82016-04-06 19:02:38 +02002842 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02002843 if (BIO_reset(in) == -1) {
2844 memprintf(err, "%san error occurred while reading the file '%s'.\n",
2845 err && *err ? *err : "", path);
2846 goto end;
2847 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02002848
2849 /* Read Certificate */
2850 ckch->cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
2851 if (ckch->cert == NULL) {
2852 memprintf(err, "%sunable to load certificate from file '%s'.\n",
2853 err && *err ? *err : "", path);
2854 goto end;
2855 }
2856
yanbzhu488a4d22015-12-01 15:16:07 -05002857 /* Read Certificate Chain */
2858 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
2859 /* Grow the chain certs */
2860 ckch->num_chain_certs++;
2861 ckch->chain_certs = realloc(ckch->chain_certs, (ckch->num_chain_certs * sizeof(X509 *)));
2862
2863 /* use - 1 here since we just incremented it above */
2864 ckch->chain_certs[ckch->num_chain_certs - 1] = ca;
2865 }
2866 ret = ERR_get_error();
2867 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
2868 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
2869 err && *err ? *err : "", path);
2870 ret = 1;
2871 goto end;
2872 }
2873
2874 ret = 0;
2875
2876end:
2877
2878 ERR_clear_error();
2879 if (in)
2880 BIO_free(in);
2881
2882 /* Something went wrong in one of the reads */
2883 if (ret != 0)
2884 ssl_sock_free_cert_key_and_chain_contents(ckch);
2885
2886 return ret;
2887}
2888
2889/* Loads the info in ckch into ctx
2890 * Currently, this does not process any information about ocsp, dhparams or
2891 * sctl
2892 * Returns
2893 * 0 on success
2894 * 1 on failure
2895 */
2896static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
2897{
2898 int i = 0;
2899
2900 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
2901 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
2902 err && *err ? *err : "", path);
2903 return 1;
2904 }
2905
2906 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
2907 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
2908 err && *err ? *err : "", path);
2909 return 1;
2910 }
2911
yanbzhu488a4d22015-12-01 15:16:07 -05002912 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
2913 for (i = 0; i < ckch->num_chain_certs; i++) {
2914 if (!SSL_CTX_add1_chain_cert(ctx, ckch->chain_certs[i])) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05002915 memprintf(err, "%sunable to load chain certificate #%d into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
2916 err && *err ? *err : "", (i+1), path);
yanbzhu488a4d22015-12-01 15:16:07 -05002917 return 1;
2918 }
2919 }
2920
2921 if (SSL_CTX_check_private_key(ctx) <= 0) {
2922 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
2923 err && *err ? *err : "", path);
2924 return 1;
2925 }
2926
2927 return 0;
2928}
2929
yanbzhu08ce6ab2015-12-02 13:01:29 -05002930
2931static void ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
2932{
2933 struct sni_keytype *s_kt = NULL;
2934 struct ebmb_node *node;
2935 int i;
2936
2937 for (i = 0; i < trash.size; i++) {
2938 if (!str[i])
2939 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002940 trash.area[i] = tolower(str[i]);
yanbzhu08ce6ab2015-12-02 13:01:29 -05002941 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002942 trash.area[i] = 0;
2943 node = ebst_lookup(sni_keytypes, trash.area);
yanbzhu08ce6ab2015-12-02 13:01:29 -05002944 if (!node) {
2945 /* CN not found in tree */
2946 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
2947 /* Using memcpy here instead of strncpy.
2948 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
2949 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
2950 */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002951 memcpy(s_kt->name.key, trash.area, i+1);
yanbzhu08ce6ab2015-12-02 13:01:29 -05002952 s_kt->keytypes = 0;
2953 ebst_insert(sni_keytypes, &s_kt->name);
2954 } else {
2955 /* CN found in tree */
2956 s_kt = container_of(node, struct sni_keytype, name);
2957 }
2958
2959 /* Mark that this CN has the keytype of key_index via keytypes mask */
2960 s_kt->keytypes |= 1<<key_index;
2961
2962}
2963
2964
2965/* Given a path that does not exist, try to check for path.rsa, path.dsa and path.ecdsa files.
2966 * If any are found, group these files into a set of SSL_CTX*
2967 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
2968 *
2969 * This will allow the user to explictly group multiple cert/keys for a single purpose
2970 *
2971 * Returns
2972 * 0 on success
2973 * 1 on failure
2974 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002975static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
2976 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05002977{
2978 char fp[MAXPATHLEN+1] = {0};
2979 int n = 0;
2980 int i = 0;
2981 struct cert_key_and_chain certs_and_keys[SSL_SOCK_NUM_KEYTYPES] = { {0} };
2982 struct eb_root sni_keytypes_map = { {0} };
2983 struct ebmb_node *node;
2984 struct ebmb_node *next;
2985 /* Array of SSL_CTX pointers corresponding to each possible combo
2986 * of keytypes
2987 */
2988 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
2989 int rv = 0;
2990 X509_NAME *xname = NULL;
2991 char *str = NULL;
2992#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
2993 STACK_OF(GENERAL_NAME) *names = NULL;
2994#endif
2995
2996 /* Load all possible certs and keys */
2997 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
2998 struct stat buf;
2999
3000 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3001 if (stat(fp, &buf) == 0) {
3002 if (ssl_sock_load_crt_file_into_ckch(fp, &certs_and_keys[n], err) == 1) {
3003 rv = 1;
3004 goto end;
3005 }
3006 }
3007 }
3008
3009 /* Process each ckch and update keytypes for each CN/SAN
3010 * for example, if CN/SAN www.a.com is associated with
3011 * certs with keytype 0 and 2, then at the end of the loop,
3012 * www.a.com will have:
3013 * keyindex = 0 | 1 | 4 = 5
3014 */
3015 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3016
3017 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3018 continue;
3019
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003020 if (fcount) {
Willy Tarreau24b892f2016-06-20 23:01:57 +02003021 for (i = 0; i < fcount; i++)
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003022 ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3023 } else {
3024 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3025 * so the line that contains logic is marked via comments
3026 */
3027 xname = X509_get_subject_name(certs_and_keys[n].cert);
3028 i = -1;
3029 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3030 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003031 ASN1_STRING *value;
3032 value = X509_NAME_ENTRY_get_data(entry);
3033 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003034 /* Important line is here */
3035 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003036
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003037 OPENSSL_free(str);
3038 str = NULL;
3039 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003040 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003041
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003042 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003043#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003044 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3045 if (names) {
3046 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3047 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003048
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003049 if (name->type == GEN_DNS) {
3050 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3051 /* Important line is here */
3052 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003053
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003054 OPENSSL_free(str);
3055 str = NULL;
3056 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003057 }
3058 }
3059 }
3060 }
3061#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3062 }
3063
3064 /* If no files found, return error */
3065 if (eb_is_empty(&sni_keytypes_map)) {
3066 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3067 err && *err ? *err : "", path);
3068 rv = 1;
3069 goto end;
3070 }
3071
3072 /* We now have a map of CN/SAN to keytypes that are loaded in
3073 * Iterate through the map to create the SSL_CTX's (if needed)
3074 * and add each CTX to the SNI tree
3075 *
3076 * Some math here:
3077 * There are 2^n - 1 possibile combinations, each unique
3078 * combination is denoted by the key in the map. Each key
3079 * has a value between 1 and 2^n - 1. Conveniently, the array
3080 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3081 * entry in the array to correspond to the unique combo (key)
3082 * associated with i. This unique key combo (i) will be associated
3083 * with combos[i-1]
3084 */
3085
3086 node = ebmb_first(&sni_keytypes_map);
3087 while (node) {
3088 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003089 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003090 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003091
3092 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3093 i = container_of(node, struct sni_keytype, name)->keytypes;
3094 cur_ctx = key_combos[i-1].ctx;
3095
3096 if (cur_ctx == NULL) {
3097 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003098 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003099 if (cur_ctx == NULL) {
3100 memprintf(err, "%sunable to allocate SSL context.\n",
3101 err && *err ? *err : "");
3102 rv = 1;
3103 goto end;
3104 }
3105
yanbzhube2774d2015-12-10 15:07:30 -05003106 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003107 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3108 if (i & (1<<n)) {
3109 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003110 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3111 if (ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err) != 0) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003112 SSL_CTX_free(cur_ctx);
3113 rv = 1;
3114 goto end;
3115 }
yanbzhube2774d2015-12-10 15:07:30 -05003116
3117#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
3118 /* Load OCSP Info into context */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003119 if (ssl_sock_load_ocsp(cur_ctx, cur_file) < 0) {
yanbzhube2774d2015-12-10 15:07:30 -05003120 if (err)
3121 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
Bertrand Jacquin5424ee02016-11-13 16:37:14 +00003122 *err ? *err : "", cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003123 SSL_CTX_free(cur_ctx);
3124 rv = 1;
3125 goto end;
3126 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003127#elif (defined OPENSSL_IS_BORINGSSL)
3128 ssl_sock_set_ocsp_response_from_file(cur_ctx, cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003129#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05003130 }
3131 }
3132
3133 /* Load DH params into the ctx to support DHE keys */
3134#ifndef OPENSSL_NO_DH
3135 if (ssl_dh_ptr_index >= 0)
3136 SSL_CTX_set_ex_data(cur_ctx, ssl_dh_ptr_index, NULL);
3137
3138 rv = ssl_sock_load_dh_params(cur_ctx, NULL);
3139 if (rv < 0) {
3140 if (err)
3141 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3142 *err ? *err : "", path);
3143 rv = 1;
3144 goto end;
3145 }
3146#endif
3147
3148 /* Update key_combos */
3149 key_combos[i-1].ctx = cur_ctx;
3150 }
3151
3152 /* Update SNI Tree */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003153 key_combos[i-1].order = ssl_sock_add_cert_sni(cur_ctx, bind_conf, ssl_conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003154 kinfo, str, key_combos[i-1].order);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003155 node = ebmb_next(node);
3156 }
3157
3158
3159 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3160 if (!bind_conf->default_ctx) {
3161 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3162 if (key_combos[i].ctx) {
3163 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003164 bind_conf->default_ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003165 break;
3166 }
3167 }
3168 }
3169
3170end:
3171
3172 if (names)
3173 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
3174
3175 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
3176 ssl_sock_free_cert_key_and_chain_contents(&certs_and_keys[n]);
3177
3178 node = ebmb_first(&sni_keytypes_map);
3179 while (node) {
3180 next = ebmb_next(node);
3181 ebmb_delete(node);
3182 node = next;
3183 }
3184
3185 return rv;
3186}
3187#else
3188/* This is a dummy, that just logs an error and returns error */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003189static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3190 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003191{
3192 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3193 err && *err ? *err : "", path, strerror(errno));
3194 return 1;
3195}
3196
yanbzhu488a4d22015-12-01 15:16:07 -05003197#endif /* #if OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
3198
Emeric Brunfc0421f2012-09-07 17:30:07 +02003199/* Loads a certificate key and CA chain from a file. Returns 0 on error, -1 if
3200 * an early error happens and the caller must call SSL_CTX_free() by itelf.
3201 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003202static int ssl_sock_load_cert_chain_file(SSL_CTX *ctx, const char *file, struct bind_conf *s,
3203 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003204{
3205 BIO *in;
3206 X509 *x = NULL, *ca;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003207 int i, err;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003208 int ret = -1;
3209 int order = 0;
3210 X509_NAME *xname;
3211 char *str;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003212 pem_password_cb *passwd_cb;
3213 void *passwd_cb_userdata;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003214 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003215 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003216
Emeric Brunfc0421f2012-09-07 17:30:07 +02003217#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3218 STACK_OF(GENERAL_NAME) *names;
3219#endif
3220
3221 in = BIO_new(BIO_s_file());
3222 if (in == NULL)
3223 goto end;
3224
3225 if (BIO_read_filename(in, file) <= 0)
3226 goto end;
3227
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003228
3229 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
3230 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
3231
3232 x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003233 if (x == NULL)
3234 goto end;
3235
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003236 pkey = X509_get_pubkey(x);
3237 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003238 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003239 switch(EVP_PKEY_base_id(pkey)) {
3240 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003241 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003242 break;
3243 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003244 kinfo.sig = TLSEXT_signature_ecdsa;
3245 break;
3246 case EVP_PKEY_DSA:
3247 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003248 break;
3249 }
3250 EVP_PKEY_free(pkey);
3251 }
3252
Emeric Brun50bcecc2013-04-22 13:05:23 +02003253 if (fcount) {
3254 while (fcount--)
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003255 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, sni_filter[fcount], order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003256 }
3257 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003258#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003259 names = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
3260 if (names) {
3261 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3262 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
3263 if (name->type == GEN_DNS) {
3264 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003265 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003266 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003267 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003268 }
3269 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003270 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003271 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003272#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003273 xname = X509_get_subject_name(x);
3274 i = -1;
3275 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3276 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003277 ASN1_STRING *value;
3278
3279 value = X509_NAME_ENTRY_get_data(entry);
3280 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003281 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003282 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003283 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003284 }
3285 }
3286
3287 ret = 0; /* the caller must not free the SSL_CTX argument anymore */
3288 if (!SSL_CTX_use_certificate(ctx, x))
3289 goto end;
3290
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003291#ifdef SSL_CTX_clear_extra_chain_certs
3292 SSL_CTX_clear_extra_chain_certs(ctx);
3293#else
Emeric Brunfc0421f2012-09-07 17:30:07 +02003294 if (ctx->extra_certs != NULL) {
3295 sk_X509_pop_free(ctx->extra_certs, X509_free);
3296 ctx->extra_certs = NULL;
3297 }
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003298#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003299
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003300 while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_cb_userdata))) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003301 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3302 X509_free(ca);
3303 goto end;
3304 }
3305 }
3306
3307 err = ERR_get_error();
3308 if (!err || (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
3309 /* we successfully reached the last cert in the file */
3310 ret = 1;
3311 }
3312 ERR_clear_error();
3313
3314end:
3315 if (x)
3316 X509_free(x);
3317
3318 if (in)
3319 BIO_free(in);
3320
3321 return ret;
3322}
3323
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003324static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3325 char **sni_filter, int fcount, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003326{
3327 int ret;
3328 SSL_CTX *ctx;
3329
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003330 ctx = SSL_CTX_new(SSLv23_server_method());
Emeric Brunfc0421f2012-09-07 17:30:07 +02003331 if (!ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003332 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3333 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003334 return 1;
3335 }
3336
3337 if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003338 memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n",
3339 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003340 SSL_CTX_free(ctx);
3341 return 1;
3342 }
3343
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003344 ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, ssl_conf, sni_filter, fcount);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003345 if (ret <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003346 memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n",
3347 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003348 if (ret < 0) /* serious error, must do that ourselves */
3349 SSL_CTX_free(ctx);
3350 return 1;
3351 }
Emeric Brun61694ab2012-10-26 13:35:33 +02003352
3353 if (SSL_CTX_check_private_key(ctx) <= 0) {
3354 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3355 err && *err ? *err : "", path);
3356 return 1;
3357 }
3358
Emeric Brunfc0421f2012-09-07 17:30:07 +02003359 /* we must not free the SSL_CTX anymore below, since it's already in
3360 * the tree, so it will be discovered and cleaned in time.
3361 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003362#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +02003363 /* store a NULL pointer to indicate we have not yet loaded
3364 a custom DH param file */
3365 if (ssl_dh_ptr_index >= 0) {
3366 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3367 }
3368
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003369 ret = ssl_sock_load_dh_params(ctx, path);
3370 if (ret < 0) {
3371 if (err)
3372 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3373 *err ? *err : "", path);
3374 return 1;
3375 }
3376#endif
3377
Lukas Tribuse4e30f72014-12-09 16:32:51 +01003378#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +02003379 ret = ssl_sock_load_ocsp(ctx, path);
3380 if (ret < 0) {
3381 if (err)
3382 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3383 *err ? *err : "", path);
3384 return 1;
3385 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003386#elif (defined OPENSSL_IS_BORINGSSL)
3387 ssl_sock_set_ocsp_response_from_file(ctx, path);
Emeric Brun4147b2e2014-06-16 18:36:30 +02003388#endif
3389
Daniel Jakots54ffb912015-11-06 20:02:41 +01003390#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01003391 if (sctl_ex_index >= 0) {
3392 ret = ssl_sock_load_sctl(ctx, path);
3393 if (ret < 0) {
3394 if (err)
3395 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3396 *err ? *err : "", path);
3397 return 1;
3398 }
3399 }
3400#endif
3401
Emeric Brunfc0421f2012-09-07 17:30:07 +02003402#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003403 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003404 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
3405 err && *err ? *err : "");
Emeric Brunfc0421f2012-09-07 17:30:07 +02003406 return 1;
3407 }
3408#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003409 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003410 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003411 bind_conf->default_ssl_conf = ssl_conf;
3412 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003413
3414 return 0;
3415}
3416
Willy Tarreau03209342016-12-22 17:08:28 +01003417int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003418{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003419 struct dirent **de_list;
3420 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003421 DIR *dir;
3422 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01003423 char *end;
3424 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02003425 int cfgerr = 0;
yanbzhu63ea8462015-12-09 13:35:14 -05003426#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
3427 int is_bundle;
3428 int j;
3429#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003430
yanbzhu08ce6ab2015-12-02 13:01:29 -05003431 if (stat(path, &buf) == 0) {
3432 dir = opendir(path);
3433 if (!dir)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003434 return ssl_sock_load_cert_file(path, bind_conf, NULL, NULL, 0, err);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003435
yanbzhu08ce6ab2015-12-02 13:01:29 -05003436 /* strip trailing slashes, including first one */
3437 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
3438 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003439
yanbzhu08ce6ab2015-12-02 13:01:29 -05003440 n = scandir(path, &de_list, 0, alphasort);
3441 if (n < 0) {
3442 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
3443 err && *err ? *err : "", path, strerror(errno));
3444 cfgerr++;
3445 }
3446 else {
3447 for (i = 0; i < n; i++) {
3448 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02003449
yanbzhu08ce6ab2015-12-02 13:01:29 -05003450 end = strrchr(de->d_name, '.');
3451 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
3452 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003453
yanbzhu08ce6ab2015-12-02 13:01:29 -05003454 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
3455 if (stat(fp, &buf) != 0) {
3456 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3457 err && *err ? *err : "", fp, strerror(errno));
3458 cfgerr++;
3459 goto ignore_entry;
3460 }
3461 if (!S_ISREG(buf.st_mode))
3462 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05003463
3464#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
3465 is_bundle = 0;
3466 /* Check if current entry in directory is part of a multi-cert bundle */
3467
3468 if (end) {
3469 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
3470 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
3471 is_bundle = 1;
3472 break;
3473 }
3474 }
3475
3476 if (is_bundle) {
3477 char dp[MAXPATHLEN+1] = {0}; /* this will be the filename w/o the keytype */
3478 int dp_len;
3479
3480 dp_len = end - de->d_name;
3481 snprintf(dp, dp_len + 1, "%s", de->d_name);
3482
3483 /* increment i and free de until we get to a non-bundle cert
3484 * Note here that we look at de_list[i + 1] before freeing de
3485 * this is important since ignore_entry will free de
3486 */
3487 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, dp, dp_len)) {
3488 free(de);
3489 i++;
3490 de = de_list[i];
3491 }
3492
3493 snprintf(fp, sizeof(fp), "%s/%s", path, dp);
Emeric Bruneb155b62018-08-16 15:11:12 +02003494 cfgerr += ssl_sock_load_multi_cert(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05003495
3496 /* Successfully processed the bundle */
3497 goto ignore_entry;
3498 }
3499 }
3500
3501#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003502 cfgerr += ssl_sock_load_cert_file(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003503ignore_entry:
3504 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003505 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003506 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003507 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003508 closedir(dir);
3509 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003510 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003511
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003512 cfgerr = ssl_sock_load_multi_cert(path, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003513
Emeric Brunfc0421f2012-09-07 17:30:07 +02003514 return cfgerr;
3515}
3516
Thierry Fournier383085f2013-01-24 14:15:43 +01003517/* Make sure openssl opens /dev/urandom before the chroot. The work is only
3518 * done once. Zero is returned if the operation fails. No error is returned
3519 * if the random is said as not implemented, because we expect that openssl
3520 * will use another method once needed.
3521 */
3522static int ssl_initialize_random()
3523{
3524 unsigned char random;
3525 static int random_initialized = 0;
3526
3527 if (!random_initialized && RAND_bytes(&random, 1) != 0)
3528 random_initialized = 1;
3529
3530 return random_initialized;
3531}
3532
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003533/* release ssl bind conf */
3534void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003535{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003536 if (conf) {
Bernard Spil13c53f82018-02-15 13:34:58 +01003537#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003538 free(conf->npn_str);
3539 conf->npn_str = NULL;
3540#endif
3541#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
3542 free(conf->alpn_str);
3543 conf->alpn_str = NULL;
3544#endif
3545 free(conf->ca_file);
3546 conf->ca_file = NULL;
3547 free(conf->crl_file);
3548 conf->crl_file = NULL;
3549 free(conf->ciphers);
3550 conf->ciphers = NULL;
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01003551 free(conf->curves);
3552 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003553 free(conf->ecdhe);
3554 conf->ecdhe = NULL;
3555 }
3556}
3557
3558int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
3559{
3560 char thisline[CRT_LINESIZE];
3561 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003562 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05003563 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003564 int linenum = 0;
3565 int cfgerr = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003566
Willy Tarreauad1731d2013-04-02 17:35:58 +02003567 if ((f = fopen(file, "r")) == NULL) {
3568 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003569 return 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003570 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003571
3572 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003573 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003574 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003575 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003576 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003577 char *crt_path;
3578 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003579
3580 linenum++;
3581 end = line + strlen(line);
3582 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
3583 /* Check if we reached the limit and the last char is not \n.
3584 * Watch out for the last line without the terminating '\n'!
3585 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02003586 memprintf(err, "line %d too long in file '%s', limit is %d characters",
3587 linenum, file, (int)sizeof(thisline)-1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003588 cfgerr = 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003589 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003590 }
3591
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003592 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02003593 newarg = 1;
3594 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003595 if (*line == '#' || *line == '\n' || *line == '\r') {
3596 /* end of string, end of loop */
3597 *line = 0;
3598 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003599 } else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02003600 newarg = 1;
3601 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003602 } else if (*line == '[') {
3603 if (ssl_b) {
3604 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
3605 cfgerr = 1;
3606 break;
3607 }
3608 if (!arg) {
3609 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
3610 cfgerr = 1;
3611 break;
3612 }
3613 ssl_b = arg;
3614 newarg = 1;
3615 *line = 0;
3616 } else if (*line == ']') {
3617 if (ssl_e) {
3618 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Emeric Brun50bcecc2013-04-22 13:05:23 +02003619 cfgerr = 1;
3620 break;
3621 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003622 if (!ssl_b) {
3623 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
3624 cfgerr = 1;
3625 break;
3626 }
3627 ssl_e = arg;
3628 newarg = 1;
3629 *line = 0;
3630 } else if (newarg) {
3631 if (arg == MAX_CRT_ARGS) {
3632 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
3633 cfgerr = 1;
3634 break;
3635 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003636 newarg = 0;
3637 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003638 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003639 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003640 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003641 if (cfgerr)
3642 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003643 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003644
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003645 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003646 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003647 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003648
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003649 crt_path = args[0];
3650 if (*crt_path != '/' && global_ssl.crt_base) {
3651 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
3652 memprintf(err, "'%s' : path too long on line %d in file '%s'",
3653 crt_path, linenum, file);
3654 cfgerr = 1;
3655 break;
3656 }
3657 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
3658 crt_path = path;
3659 }
3660
3661 ssl_conf = calloc(1, sizeof *ssl_conf);
3662 cur_arg = ssl_b ? ssl_b : 1;
3663 while (cur_arg < ssl_e) {
3664 newarg = 0;
3665 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
3666 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
3667 newarg = 1;
3668 cfgerr = ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
3669 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
3670 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
3671 args[cur_arg], linenum, file);
3672 cfgerr = 1;
3673 }
3674 cur_arg += 1 + ssl_bind_kws[i].skip;
3675 break;
3676 }
3677 }
3678 if (!cfgerr && !newarg) {
3679 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
3680 args[cur_arg], linenum, file);
3681 cfgerr = 1;
3682 break;
3683 }
3684 }
3685 if (cfgerr) {
3686 ssl_sock_free_ssl_conf(ssl_conf);
3687 free(ssl_conf);
3688 ssl_conf = NULL;
3689 break;
3690 }
3691
3692 if (stat(crt_path, &buf) == 0) {
3693 cfgerr = ssl_sock_load_cert_file(crt_path, bind_conf, ssl_conf,
3694 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003695 } else {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003696 cfgerr = ssl_sock_load_multi_cert(crt_path, bind_conf, ssl_conf,
3697 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003698 }
3699
Willy Tarreauad1731d2013-04-02 17:35:58 +02003700 if (cfgerr) {
3701 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003702 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003703 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003704 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003705 fclose(f);
3706 return cfgerr;
3707}
3708
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003709/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003710static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003711ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003712{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003713 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003714 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003715 SSL_OP_ALL | /* all known workarounds for bugs */
3716 SSL_OP_NO_SSLv2 |
3717 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003718 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02003719 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003720 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02003721 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003722 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003723 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003724 SSL_MODE_ENABLE_PARTIAL_WRITE |
3725 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01003726 SSL_MODE_RELEASE_BUFFERS |
3727 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02003728 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003729 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003730 int flags = MC_SSL_O_ALL;
3731 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003732
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003733 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003734 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003735
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003736 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01003737 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
3738 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3739 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003740 else
3741 flags = conf_ssl_methods->flags;
3742
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003743 min = conf_ssl_methods->min;
3744 max = conf_ssl_methods->max;
3745 /* start with TLSv10 to remove SSLv3 per default */
3746 if (!min && (!max || max >= CONF_TLSV10))
3747 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003748 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003749 if (min)
3750 flags |= (methodVersions[min].flag - 1);
3751 if (max)
3752 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003753 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003754 min = max = CONF_TLSV_NONE;
3755 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003756 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003757 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003758 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003759 if (min) {
3760 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003761 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
3762 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3763 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
3764 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003765 hole = 0;
3766 }
3767 max = i;
3768 }
3769 else {
3770 min = max = i;
3771 }
3772 }
3773 else {
3774 if (min)
3775 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003776 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003777 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003778 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
3779 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003780 cfgerr += 1;
3781 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02003782 /* save real min/max in bind_conf */
3783 conf_ssl_methods->min = min;
3784 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003785
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02003786#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003787 /* Keep force-xxx implementation as it is in older haproxy. It's a
3788 precautionary measure to avoid any suprise with older openssl version. */
3789 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003790 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003791 else
3792 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
3793 if (flags & methodVersions[i].flag)
3794 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003795#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003796 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003797 methodVersions[min].ctx_set_version(ctx, SET_MIN);
3798 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02003799#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003800
3801 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
3802 options |= SSL_OP_NO_TICKET;
3803 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
3804 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
3805 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003806
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02003807#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003808 if (global_ssl.async)
3809 mode |= SSL_MODE_ASYNC;
3810#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003811 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003812 if (global_ssl.life_time)
3813 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003814
3815#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3816#ifdef OPENSSL_IS_BORINGSSL
3817 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
3818 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02003819#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L)
3820 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
3821 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003822#else
3823 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003824#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02003825 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003826#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003827 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003828}
3829
William Lallemand4f45bb92017-10-30 20:08:51 +01003830
3831static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
3832{
3833 if (first == block) {
3834 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
3835 if (first->len > 0)
3836 sh_ssl_sess_tree_delete(sh_ssl_sess);
3837 }
3838}
3839
3840/* return first block from sh_ssl_sess */
3841static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
3842{
3843 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
3844
3845}
3846
3847/* store a session into the cache
3848 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
3849 * data: asn1 encoded session
3850 * data_len: asn1 encoded session length
3851 * Returns 1 id session was stored (else 0)
3852 */
3853static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
3854{
3855 struct shared_block *first;
3856 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
3857
3858 first = shctx_row_reserve_hot(ssl_shctx, data_len + sizeof(struct sh_ssl_sess_hdr));
3859 if (!first) {
3860 /* Could not retrieve enough free blocks to store that session */
3861 return 0;
3862 }
3863
3864 /* STORE the key in the first elem */
3865 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
3866 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
3867 first->len = sizeof(struct sh_ssl_sess_hdr);
3868
3869 /* it returns the already existing node
3870 or current node if none, never returns null */
3871 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
3872 if (oldsh_ssl_sess != sh_ssl_sess) {
3873 /* NOTE: Row couldn't be in use because we lock read & write function */
3874 /* release the reserved row */
3875 shctx_row_dec_hot(ssl_shctx, first);
3876 /* replace the previous session already in the tree */
3877 sh_ssl_sess = oldsh_ssl_sess;
3878 /* ignore the previous session data, only use the header */
3879 first = sh_ssl_sess_first_block(sh_ssl_sess);
3880 shctx_row_inc_hot(ssl_shctx, first);
3881 first->len = sizeof(struct sh_ssl_sess_hdr);
3882 }
3883
William Lallemand99b90af2018-01-03 19:15:51 +01003884 if (shctx_row_data_append(ssl_shctx, first, data, data_len) < 0) {
3885 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01003886 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01003887 }
3888
3889 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01003890
3891 return 1;
3892}
William Lallemanded0b5ad2017-10-30 19:36:36 +01003893
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003894/* SSL callback used when a new session is created while connecting to a server */
3895static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
3896{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02003897 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01003898 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003899
Willy Tarreau07d94e42018-09-20 10:57:52 +02003900 s = __objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003901
Olivier Houcharde6060c52017-11-16 17:42:52 +01003902 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
3903 int len;
3904 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003905
Olivier Houcharde6060c52017-11-16 17:42:52 +01003906 len = i2d_SSL_SESSION(sess, NULL);
3907 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
3908 ptr = s->ssl_ctx.reused_sess[tid].ptr;
3909 } else {
3910 free(s->ssl_ctx.reused_sess[tid].ptr);
3911 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
3912 s->ssl_ctx.reused_sess[tid].allocated_size = len;
3913 }
3914 if (s->ssl_ctx.reused_sess[tid].ptr) {
3915 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
3916 &ptr);
3917 }
3918 } else {
3919 free(s->ssl_ctx.reused_sess[tid].ptr);
3920 s->ssl_ctx.reused_sess[tid].ptr = NULL;
3921 }
3922
3923 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003924}
3925
Olivier Houcharde6060c52017-11-16 17:42:52 +01003926
William Lallemanded0b5ad2017-10-30 19:36:36 +01003927/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01003928int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01003929{
3930 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
3931 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
3932 unsigned char *p;
3933 int data_len;
3934 unsigned int sid_length, sid_ctx_length;
3935 const unsigned char *sid_data;
3936 const unsigned char *sid_ctx_data;
3937
3938 /* Session id is already stored in to key and session id is known
3939 * so we dont store it to keep size.
3940 */
3941
3942 sid_data = SSL_SESSION_get_id(sess, &sid_length);
3943 sid_ctx_data = SSL_SESSION_get0_id_context(sess, &sid_ctx_length);
3944 SSL_SESSION_set1_id(sess, sid_data, 0);
3945 SSL_SESSION_set1_id_context(sess, sid_ctx_data, 0);
3946
3947 /* check if buffer is large enough for the ASN1 encoded session */
3948 data_len = i2d_SSL_SESSION(sess, NULL);
3949 if (data_len > SHSESS_MAX_DATA_LEN)
3950 goto err;
3951
3952 p = encsess;
3953
3954 /* process ASN1 session encoding before the lock */
3955 i2d_SSL_SESSION(sess, &p);
3956
3957 memcpy(encid, sid_data, sid_length);
3958 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
3959 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
3960
William Lallemanda3c77cf2017-10-30 23:44:40 +01003961 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003962 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01003963 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01003964 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003965err:
3966 /* reset original length values */
3967 SSL_SESSION_set1_id(sess, sid_data, sid_length);
3968 SSL_SESSION_set1_id_context(sess, sid_ctx_data, sid_ctx_length);
3969
3970 return 0; /* do not increment session reference count */
3971}
3972
3973/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01003974SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01003975{
William Lallemand4f45bb92017-10-30 20:08:51 +01003976 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01003977 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
3978 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01003979 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01003980 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01003981
3982 global.shctx_lookups++;
3983
3984 /* allow the session to be freed automatically by openssl */
3985 *do_copy = 0;
3986
3987 /* tree key is zeros padded sessionid */
3988 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
3989 memcpy(tmpkey, key, key_len);
3990 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
3991 key = tmpkey;
3992 }
3993
3994 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01003995 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003996
3997 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01003998 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
3999 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004000 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004001 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004002 global.shctx_misses++;
4003 return NULL;
4004 }
4005
William Lallemand4f45bb92017-10-30 20:08:51 +01004006 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
4007 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004008
William Lallemand4f45bb92017-10-30 20:08:51 +01004009 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004010
William Lallemanda3c77cf2017-10-30 23:44:40 +01004011 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004012
4013 /* decode ASN1 session */
4014 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004015 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004016 /* Reset session id and session id contenxt */
4017 if (sess) {
4018 SSL_SESSION_set1_id(sess, key, key_len);
4019 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4020 }
4021
4022 return sess;
4023}
4024
William Lallemand4f45bb92017-10-30 20:08:51 +01004025
William Lallemanded0b5ad2017-10-30 19:36:36 +01004026/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004027void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004028{
William Lallemand4f45bb92017-10-30 20:08:51 +01004029 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004030 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4031 unsigned int sid_length;
4032 const unsigned char *sid_data;
4033 (void)ctx;
4034
4035 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4036 /* tree key is zeros padded sessionid */
4037 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4038 memcpy(tmpkey, sid_data, sid_length);
4039 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4040 sid_data = tmpkey;
4041 }
4042
William Lallemanda3c77cf2017-10-30 23:44:40 +01004043 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004044
4045 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004046 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4047 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004048 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004049 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004050 }
4051
4052 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004053 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004054}
4055
4056/* Set session cache mode to server and disable openssl internal cache.
4057 * Set shared cache callbacks on an ssl context.
4058 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004059void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004060{
4061 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4062
4063 if (!ssl_shctx) {
4064 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4065 return;
4066 }
4067
4068 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4069 SSL_SESS_CACHE_NO_INTERNAL |
4070 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4071
4072 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004073 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4074 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4075 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004076}
4077
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004078int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx)
4079{
4080 struct proxy *curproxy = bind_conf->frontend;
4081 int cfgerr = 0;
4082 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004083 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004084 const char *conf_ciphers;
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004085 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004086
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004087 if (ssl_conf) {
4088 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4089 int i, min, max;
4090 int flags = MC_SSL_O_ALL;
4091
4092 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004093 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4094 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004095 if (min)
4096 flags |= (methodVersions[min].flag - 1);
4097 if (max)
4098 flags |= ~((methodVersions[max].flag << 1) - 1);
4099 min = max = CONF_TLSV_NONE;
4100 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4101 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4102 if (min)
4103 max = i;
4104 else
4105 min = max = i;
4106 }
4107 /* save real min/max */
4108 conf_ssl_methods->min = min;
4109 conf_ssl_methods->max = max;
4110 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004111 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4112 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004113 cfgerr += 1;
4114 }
4115 }
4116
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004117 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01004118 case SSL_SOCK_VERIFY_NONE:
4119 verify = SSL_VERIFY_NONE;
4120 break;
4121 case SSL_SOCK_VERIFY_OPTIONAL:
4122 verify = SSL_VERIFY_PEER;
4123 break;
4124 case SSL_SOCK_VERIFY_REQUIRED:
4125 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
4126 break;
4127 }
4128 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
4129 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004130 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
4131 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
4132 if (ca_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004133 /* load CAfile to verify */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004134 if (!SSL_CTX_load_verify_locations(ctx, ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004135 ha_alert("Proxy '%s': unable to load CA file '%s' for bind '%s' at [%s:%d].\n",
4136 curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004137 cfgerr++;
4138 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02004139 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
4140 /* set CA names for client cert request, function returns void */
4141 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(ca_file));
4142 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004143 }
Emeric Brun850efd52014-01-29 12:24:34 +01004144 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004145 ha_alert("Proxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
4146 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun850efd52014-01-29 12:24:34 +01004147 cfgerr++;
4148 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004149#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004150 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004151 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
4152
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004153 if (!store || !X509_STORE_load_locations(store, crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004154 ha_alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
4155 curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004156 cfgerr++;
4157 }
Emeric Brun561e5742012-10-02 15:20:55 +02004158 else {
4159 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4160 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004161 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004162#endif
Emeric Brun644cde02012-12-14 11:21:13 +01004163 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02004164 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004165#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02004166 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004167 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004168 ha_alert("Proxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
4169 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004170 cfgerr++;
4171 }
4172 }
4173#endif
4174
William Lallemand4f45bb92017-10-30 20:08:51 +01004175 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004176 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
4177 if (conf_ciphers &&
4178 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004179 ha_alert("Proxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
4180 curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004181 cfgerr++;
4182 }
4183
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004184#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02004185 /* If tune.ssl.default-dh-param has not been set,
4186 neither has ssl-default-dh-file and no static DH
4187 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01004188 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02004189 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02004190 (ssl_dh_ptr_index == -1 ||
4191 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004192 STACK_OF(SSL_CIPHER) * ciphers = NULL;
4193 const SSL_CIPHER * cipher = NULL;
4194 char cipher_description[128];
4195 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
4196 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
4197 which is not ephemeral DH. */
4198 const char dhe_description[] = " Kx=DH ";
4199 const char dhe_export_description[] = " Kx=DH(";
4200 int idx = 0;
4201 int dhe_found = 0;
4202 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004203
Remi Gacogne23d5d372014-10-10 17:04:26 +02004204 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004205
Remi Gacogne23d5d372014-10-10 17:04:26 +02004206 if (ssl) {
4207 ciphers = SSL_get_ciphers(ssl);
4208
4209 if (ciphers) {
4210 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
4211 cipher = sk_SSL_CIPHER_value(ciphers, idx);
4212 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
4213 if (strstr(cipher_description, dhe_description) != NULL ||
4214 strstr(cipher_description, dhe_export_description) != NULL) {
4215 dhe_found = 1;
4216 break;
4217 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02004218 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004219 }
4220 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02004221 SSL_free(ssl);
4222 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004223 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004224
Lukas Tribus90132722014-08-18 00:56:33 +02004225 if (dhe_found) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004226 ha_warning("Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n");
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004227 }
4228
Willy Tarreauef934602016-12-22 23:12:01 +01004229 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004230 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004231
Willy Tarreauef934602016-12-22 23:12:01 +01004232 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004233 if (local_dh_1024 == NULL) {
4234 local_dh_1024 = ssl_get_dh_1024();
4235 }
Willy Tarreauef934602016-12-22 23:12:01 +01004236 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004237 if (local_dh_2048 == NULL) {
4238 local_dh_2048 = ssl_get_dh_2048();
4239 }
Willy Tarreauef934602016-12-22 23:12:01 +01004240 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004241 if (local_dh_4096 == NULL) {
4242 local_dh_4096 = ssl_get_dh_4096();
4243 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004244 }
4245 }
4246 }
4247#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004248
Emeric Brunfc0421f2012-09-07 17:30:07 +02004249 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004250#if OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02004251 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004252#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02004253
Bernard Spil13c53f82018-02-15 13:34:58 +01004254#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004255 ssl_conf_cur = NULL;
4256 if (ssl_conf && ssl_conf->npn_str)
4257 ssl_conf_cur = ssl_conf;
4258 else if (bind_conf->ssl_conf.npn_str)
4259 ssl_conf_cur = &bind_conf->ssl_conf;
4260 if (ssl_conf_cur)
4261 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004262#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004263#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004264 ssl_conf_cur = NULL;
4265 if (ssl_conf && ssl_conf->alpn_str)
4266 ssl_conf_cur = ssl_conf;
4267 else if (bind_conf->ssl_conf.alpn_str)
4268 ssl_conf_cur = &bind_conf->ssl_conf;
4269 if (ssl_conf_cur)
4270 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02004271#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004272#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
4273 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
4274 if (conf_curves) {
4275 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004276 ha_alert("Proxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
4277 curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004278 cfgerr++;
4279 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01004280#if defined(SSL_CTX_set_ecdh_auto)
4281 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
4282#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004283 }
4284#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004285#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004286 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02004287 int i;
4288 EC_KEY *ecdh;
Olivier Houchardc2aae742017-09-22 18:26:28 +02004289#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004290 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02004291 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4292 NULL);
4293
4294 if (ecdhe == NULL) {
4295 SSL_CTX_set_dh_auto(ctx, 1);
4296 return cfgerr;
4297 }
4298#else
4299 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
4300 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4301 ECDHE_DEFAULT_CURVE);
4302#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004303
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004304 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02004305 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004306 ha_alert("Proxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
4307 curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun2b58d042012-09-20 17:10:03 +02004308 cfgerr++;
4309 }
4310 else {
4311 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
4312 EC_KEY_free(ecdh);
4313 }
4314 }
4315#endif
4316
Emeric Brunfc0421f2012-09-07 17:30:07 +02004317 return cfgerr;
4318}
4319
Evan Broderbe554312013-06-27 00:05:25 -07004320static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
4321{
4322 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
4323 size_t prefixlen, suffixlen;
4324
4325 /* Trivial case */
4326 if (strcmp(pattern, hostname) == 0)
4327 return 1;
4328
Evan Broderbe554312013-06-27 00:05:25 -07004329 /* The rest of this logic is based on RFC 6125, section 6.4.3
4330 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
4331
Emeric Bruna848dae2013-10-08 11:27:28 +02004332 pattern_wildcard = NULL;
4333 pattern_left_label_end = pattern;
4334 while (*pattern_left_label_end != '.') {
4335 switch (*pattern_left_label_end) {
4336 case 0:
4337 /* End of label not found */
4338 return 0;
4339 case '*':
4340 /* If there is more than one wildcards */
4341 if (pattern_wildcard)
4342 return 0;
4343 pattern_wildcard = pattern_left_label_end;
4344 break;
4345 }
4346 pattern_left_label_end++;
4347 }
4348
4349 /* If it's not trivial and there is no wildcard, it can't
4350 * match */
4351 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07004352 return 0;
4353
4354 /* Make sure all labels match except the leftmost */
4355 hostname_left_label_end = strchr(hostname, '.');
4356 if (!hostname_left_label_end
4357 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
4358 return 0;
4359
4360 /* Make sure the leftmost label of the hostname is long enough
4361 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02004362 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07004363 return 0;
4364
4365 /* Finally compare the string on either side of the
4366 * wildcard */
4367 prefixlen = pattern_wildcard - pattern;
4368 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02004369 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
4370 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07004371 return 0;
4372
4373 return 1;
4374}
4375
4376static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
4377{
4378 SSL *ssl;
4379 struct connection *conn;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004380 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02004381 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07004382
4383 int depth;
4384 X509 *cert;
4385 STACK_OF(GENERAL_NAME) *alt_names;
4386 int i;
4387 X509_NAME *cert_subject;
4388 char *str;
4389
4390 if (ok == 0)
4391 return ok;
4392
4393 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004394 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Evan Broderbe554312013-06-27 00:05:25 -07004395
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004396 /* We're checking if the provided hostnames match the desired one. The
4397 * desired hostname comes from the SNI we presented if any, or if not
4398 * provided then it may have been explicitly stated using a "verifyhost"
4399 * directive. If neither is set, we don't care about the name so the
4400 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02004401 */
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004402 servername = SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02004403 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004404 if (!servername) {
Willy Tarreau07d94e42018-09-20 10:57:52 +02004405 servername = __objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004406 if (!servername)
4407 return ok;
4408 }
Evan Broderbe554312013-06-27 00:05:25 -07004409
4410 /* We only need to verify the CN on the actual server cert,
4411 * not the indirect CAs */
4412 depth = X509_STORE_CTX_get_error_depth(ctx);
4413 if (depth != 0)
4414 return ok;
4415
4416 /* At this point, the cert is *not* OK unless we can find a
4417 * hostname match */
4418 ok = 0;
4419
4420 cert = X509_STORE_CTX_get_current_cert(ctx);
4421 /* It seems like this might happen if verify peer isn't set */
4422 if (!cert)
4423 return ok;
4424
4425 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
4426 if (alt_names) {
4427 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
4428 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
4429 if (name->type == GEN_DNS) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004430#if OPENSSL_VERSION_NUMBER < 0x00907000L
4431 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
4432#else
Evan Broderbe554312013-06-27 00:05:25 -07004433 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004434#endif
Evan Broderbe554312013-06-27 00:05:25 -07004435 ok = ssl_sock_srv_hostcheck(str, servername);
4436 OPENSSL_free(str);
4437 }
4438 }
4439 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02004440 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07004441 }
4442
4443 cert_subject = X509_get_subject_name(cert);
4444 i = -1;
4445 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
4446 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02004447 ASN1_STRING *value;
4448 value = X509_NAME_ENTRY_get_data(entry);
4449 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07004450 ok = ssl_sock_srv_hostcheck(str, servername);
4451 OPENSSL_free(str);
4452 }
4453 }
4454
Willy Tarreau71d058c2017-07-26 20:09:56 +02004455 /* report the mismatch and indicate if SNI was used or not */
4456 if (!ok && !conn->err_code)
4457 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07004458 return ok;
4459}
4460
Emeric Brun94324a42012-10-11 14:00:19 +02004461/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01004462int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02004463{
Willy Tarreau03209342016-12-22 17:08:28 +01004464 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02004465 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004466 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02004467 SSL_OP_ALL | /* all known workarounds for bugs */
4468 SSL_OP_NO_SSLv2 |
4469 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004470 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02004471 SSL_MODE_ENABLE_PARTIAL_WRITE |
4472 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004473 SSL_MODE_RELEASE_BUFFERS |
4474 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01004475 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004476 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004477 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004478 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004479 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02004480
Thierry Fournier383085f2013-01-24 14:15:43 +01004481 /* Make sure openssl opens /dev/urandom before the chroot */
4482 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004483 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01004484 cfgerr++;
4485 }
4486
Willy Tarreaufce03112015-01-15 21:32:40 +01004487 /* Automatic memory computations need to know we use SSL there */
4488 global.ssl_used_backend = 1;
4489
4490 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02004491 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01004492 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004493 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
4494 curproxy->id, srv->id,
4495 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004496 cfgerr++;
4497 return cfgerr;
4498 }
4499 }
Emeric Brun94324a42012-10-11 14:00:19 +02004500 if (srv->use_ssl)
4501 srv->xprt = &ssl_sock;
4502 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01004503 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02004504
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004505 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004506 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004507 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
4508 proxy_type_str(curproxy), curproxy->id,
4509 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02004510 cfgerr++;
4511 return cfgerr;
4512 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004513
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004514 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004515 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
4516 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4517 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004518 else
4519 flags = conf_ssl_methods->flags;
4520
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004521 /* Real min and max should be determinate with configuration and openssl's capabilities */
4522 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004523 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004524 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004525 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004526
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004527 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004528 min = max = CONF_TLSV_NONE;
4529 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004530 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004531 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004532 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004533 if (min) {
4534 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004535 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
4536 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4537 proxy_type_str(curproxy), curproxy->id, srv->id,
4538 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004539 hole = 0;
4540 }
4541 max = i;
4542 }
4543 else {
4544 min = max = i;
4545 }
4546 }
4547 else {
4548 if (min)
4549 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004550 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004551 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004552 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
4553 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004554 cfgerr += 1;
4555 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004556
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02004557#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004558 /* Keep force-xxx implementation as it is in older haproxy. It's a
4559 precautionary measure to avoid any suprise with older openssl version. */
4560 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004561 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004562 else
4563 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4564 if (flags & methodVersions[i].flag)
4565 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004566#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004567 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004568 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4569 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004570#endif
4571
4572 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
4573 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004574 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004575
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02004576#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004577 if (global_ssl.async)
4578 mode |= SSL_MODE_ASYNC;
4579#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004580 SSL_CTX_set_mode(ctx, mode);
4581 srv->ssl_ctx.ctx = ctx;
4582
Emeric Bruna7aa3092012-10-26 12:58:00 +02004583 if (srv->ssl_ctx.client_crt) {
4584 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004585 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
4586 proxy_type_str(curproxy), curproxy->id,
4587 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004588 cfgerr++;
4589 }
4590 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004591 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
4592 proxy_type_str(curproxy), curproxy->id,
4593 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004594 cfgerr++;
4595 }
4596 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004597 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
4598 proxy_type_str(curproxy), curproxy->id,
4599 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004600 cfgerr++;
4601 }
4602 }
Emeric Brun94324a42012-10-11 14:00:19 +02004603
Emeric Brun850efd52014-01-29 12:24:34 +01004604 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
4605 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01004606 switch (srv->ssl_ctx.verify) {
4607 case SSL_SOCK_VERIFY_NONE:
4608 verify = SSL_VERIFY_NONE;
4609 break;
4610 case SSL_SOCK_VERIFY_REQUIRED:
4611 verify = SSL_VERIFY_PEER;
4612 break;
4613 }
Evan Broderbe554312013-06-27 00:05:25 -07004614 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01004615 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02004616 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01004617 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02004618 if (srv->ssl_ctx.ca_file) {
4619 /* load CAfile to verify */
4620 if (!SSL_CTX_load_verify_locations(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004621 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to load CA file '%s'.\n",
4622 curproxy->id, srv->id,
4623 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004624 cfgerr++;
4625 }
4626 }
Emeric Brun850efd52014-01-29 12:24:34 +01004627 else {
4628 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01004629 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
4630 curproxy->id, srv->id,
4631 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004632 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01004633 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
4634 curproxy->id, srv->id,
4635 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004636 cfgerr++;
4637 }
Emeric Brunef42d922012-10-11 16:11:36 +02004638#ifdef X509_V_FLAG_CRL_CHECK
4639 if (srv->ssl_ctx.crl_file) {
4640 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
4641
4642 if (!store || !X509_STORE_load_locations(store, srv->ssl_ctx.crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004643 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
4644 curproxy->id, srv->id,
4645 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004646 cfgerr++;
4647 }
4648 else {
4649 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4650 }
4651 }
4652#endif
4653 }
4654
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004655 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
4656 SSL_SESS_CACHE_NO_INTERNAL_STORE);
4657 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02004658 if (srv->ssl_ctx.ciphers &&
4659 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004660 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
4661 curproxy->id, srv->id,
4662 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02004663 cfgerr++;
4664 }
4665
4666 return cfgerr;
4667}
4668
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004669/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004670 * be NULL, in which case nothing is done. Returns the number of errors
4671 * encountered.
4672 */
Willy Tarreau03209342016-12-22 17:08:28 +01004673int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004674{
4675 struct ebmb_node *node;
4676 struct sni_ctx *sni;
4677 int err = 0;
4678
Willy Tarreaufce03112015-01-15 21:32:40 +01004679 /* Automatic memory computations need to know we use SSL there */
4680 global.ssl_used_frontend = 1;
4681
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004682 /* Make sure openssl opens /dev/urandom before the chroot */
4683 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004684 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004685 err++;
4686 }
4687 /* Create initial_ctx used to start the ssl connection before do switchctx */
4688 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004689 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004690 /* It should not be necessary to call this function, but it's
4691 necessary first to check and move all initialisation related
4692 to initial_ctx in ssl_sock_initial_ctx. */
4693 err += ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx);
4694 }
Emeric Brun0bed9942014-10-30 19:25:24 +01004695 if (bind_conf->default_ctx)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004696 err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx);
Emeric Brun0bed9942014-10-30 19:25:24 +01004697
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004698 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004699 while (node) {
4700 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004701 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4702 /* only initialize the CTX on its first occurrence and
4703 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004704 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004705 node = ebmb_next(node);
4706 }
4707
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004708 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004709 while (node) {
4710 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004711 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4712 /* only initialize the CTX on its first occurrence and
4713 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004714 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004715 node = ebmb_next(node);
4716 }
4717 return err;
4718}
4719
Willy Tarreau55d37912016-12-21 23:38:39 +01004720/* Prepares all the contexts for a bind_conf and allocates the shared SSL
4721 * context if needed. Returns < 0 on error, 0 on success. The warnings and
4722 * alerts are directly emitted since the rest of the stack does it below.
4723 */
4724int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
4725{
4726 struct proxy *px = bind_conf->frontend;
4727 int alloc_ctx;
4728 int err;
4729
4730 if (!bind_conf->is_ssl) {
4731 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004732 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
4733 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01004734 }
4735 return 0;
4736 }
4737 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004738 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004739 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
4740 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004741 }
4742 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004743 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
4744 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004745 return -1;
4746 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004747 }
William Lallemandc61c0b32017-12-04 18:46:39 +01004748 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01004749 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
4750 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE,
4751 sizeof(*sh_ssl_sess_tree),
4752 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
4753 if (alloc_ctx < 0) {
4754 if (alloc_ctx == SHCTX_E_INIT_LOCK)
4755 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
4756 else
4757 ha_alert("Unable to allocate SSL session cache.\n");
4758 return -1;
4759 }
4760 /* free block callback */
4761 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
4762 /* init the root tree within the extra space */
4763 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
4764 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01004765 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004766 err = 0;
4767 /* initialize all certificate contexts */
4768 err += ssl_sock_prepare_all_ctx(bind_conf);
4769
4770 /* initialize CA variables if the certificates generation is enabled */
4771 err += ssl_sock_load_ca(bind_conf);
4772
4773 return -err;
4774}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02004775
4776/* release ssl context allocated for servers. */
4777void ssl_sock_free_srv_ctx(struct server *srv)
4778{
4779 if (srv->ssl_ctx.ctx)
4780 SSL_CTX_free(srv->ssl_ctx.ctx);
4781}
4782
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004783/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004784 * be NULL, in which case nothing is done. The default_ctx is nullified too.
4785 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004786void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004787{
4788 struct ebmb_node *node, *back;
4789 struct sni_ctx *sni;
4790
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004791 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004792 while (node) {
4793 sni = ebmb_entry(node, struct sni_ctx, name);
4794 back = ebmb_next(node);
4795 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004796 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02004797 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004798 ssl_sock_free_ssl_conf(sni->conf);
4799 free(sni->conf);
4800 sni->conf = NULL;
4801 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004802 free(sni);
4803 node = back;
4804 }
4805
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004806 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004807 while (node) {
4808 sni = ebmb_entry(node, struct sni_ctx, name);
4809 back = ebmb_next(node);
4810 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004811 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02004812 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004813 ssl_sock_free_ssl_conf(sni->conf);
4814 free(sni->conf);
4815 sni->conf = NULL;
4816 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004817 free(sni);
4818 node = back;
4819 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004820 SSL_CTX_free(bind_conf->initial_ctx);
4821 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004822 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004823 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02004824}
4825
Willy Tarreau795cdab2016-12-22 17:30:54 +01004826/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
4827void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
4828{
4829 ssl_sock_free_ca(bind_conf);
4830 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004831 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01004832 free(bind_conf->ca_sign_file);
4833 free(bind_conf->ca_sign_pass);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02004834 if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) {
Willy Tarreau795cdab2016-12-22 17:30:54 +01004835 free(bind_conf->keys_ref->filename);
4836 free(bind_conf->keys_ref->tlskeys);
4837 LIST_DEL(&bind_conf->keys_ref->list);
4838 free(bind_conf->keys_ref);
4839 }
4840 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01004841 bind_conf->ca_sign_pass = NULL;
4842 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01004843}
4844
Christopher Faulet31af49d2015-06-09 17:29:50 +02004845/* Load CA cert file and private key used to generate certificates */
4846int
Willy Tarreau03209342016-12-22 17:08:28 +01004847ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02004848{
Willy Tarreau03209342016-12-22 17:08:28 +01004849 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004850 FILE *fp;
4851 X509 *cacert = NULL;
4852 EVP_PKEY *capkey = NULL;
4853 int err = 0;
4854
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02004855 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02004856 return err;
4857
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01004858#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02004859 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01004860 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01004861 HA_RWLOCK_INIT(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004862 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02004863 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004864 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02004865#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02004866
Christopher Faulet31af49d2015-06-09 17:29:50 +02004867 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004868 ha_alert("Proxy '%s': cannot enable certificate generation, "
4869 "no CA certificate File configured at [%s:%d].\n",
4870 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004871 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004872 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02004873
4874 /* read in the CA certificate */
4875 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004876 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
4877 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004878 goto load_error;
4879 }
4880 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004881 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
4882 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004883 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004884 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004885 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004886 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004887 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
4888 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004889 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004890 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02004891
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004892 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004893 bind_conf->ca_sign_cert = cacert;
4894 bind_conf->ca_sign_pkey = capkey;
4895 return err;
4896
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004897 read_error:
4898 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004899 if (capkey) EVP_PKEY_free(capkey);
4900 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004901 load_error:
4902 bind_conf->generate_certs = 0;
4903 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004904 return err;
4905}
4906
4907/* Release CA cert and private key used to generate certificated */
4908void
4909ssl_sock_free_ca(struct bind_conf *bind_conf)
4910{
Christopher Faulet31af49d2015-06-09 17:29:50 +02004911 if (bind_conf->ca_sign_pkey)
4912 EVP_PKEY_free(bind_conf->ca_sign_pkey);
4913 if (bind_conf->ca_sign_cert)
4914 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01004915 bind_conf->ca_sign_pkey = NULL;
4916 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004917}
4918
Emeric Brun46591952012-05-18 15:47:34 +02004919/*
4920 * This function is called if SSL * context is not yet allocated. The function
4921 * is designed to be called before any other data-layer operation and sets the
4922 * handshake flag on the connection. It is safe to call it multiple times.
4923 * It returns 0 on success and -1 in error case.
4924 */
4925static int ssl_sock_init(struct connection *conn)
4926{
4927 /* already initialized */
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02004928 if (conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02004929 return 0;
4930
Willy Tarreau3c728722014-01-23 13:50:42 +01004931 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02004932 return 0;
4933
Willy Tarreau20879a02012-12-03 16:32:10 +01004934 if (global.maxsslconn && sslconns >= global.maxsslconn) {
4935 conn->err_code = CO_ER_SSL_TOO_MANY;
Willy Tarreau403edff2012-09-06 11:58:37 +02004936 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01004937 }
Willy Tarreau403edff2012-09-06 11:58:37 +02004938
Emeric Brun46591952012-05-18 15:47:34 +02004939 /* If it is in client mode initiate SSL session
4940 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004941 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004942 int may_retry = 1;
4943
4944 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02004945 /* Alloc a new SSL session ctx */
Willy Tarreau07d94e42018-09-20 10:57:52 +02004946 conn->xprt_ctx = SSL_new(__objt_server(conn->target)->ssl_ctx.ctx);
Willy Tarreau20879a02012-12-03 16:32:10 +01004947 if (!conn->xprt_ctx) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004948 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01004949 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004950 goto retry_connect;
4951 }
Willy Tarreau20879a02012-12-03 16:32:10 +01004952 conn->err_code = CO_ER_SSL_NO_MEM;
Emeric Brun46591952012-05-18 15:47:34 +02004953 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01004954 }
Emeric Brun46591952012-05-18 15:47:34 +02004955
Emeric Brun46591952012-05-18 15:47:34 +02004956 /* set fd on SSL session context */
Willy Tarreau585744b2017-08-24 14:31:19 +02004957 if (!SSL_set_fd(conn->xprt_ctx, conn->handle.fd)) {
Emeric Brun55476152014-11-12 17:35:37 +01004958 SSL_free(conn->xprt_ctx);
4959 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004960 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01004961 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004962 goto retry_connect;
4963 }
Emeric Brun55476152014-11-12 17:35:37 +01004964 conn->err_code = CO_ER_SSL_NO_MEM;
4965 return -1;
4966 }
Emeric Brun46591952012-05-18 15:47:34 +02004967
Evan Broderbe554312013-06-27 00:05:25 -07004968 /* set connection pointer */
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004969 if (!SSL_set_ex_data(conn->xprt_ctx, ssl_app_data_index, conn)) {
Emeric Brun55476152014-11-12 17:35:37 +01004970 SSL_free(conn->xprt_ctx);
4971 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004972 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01004973 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004974 goto retry_connect;
4975 }
Emeric Brun55476152014-11-12 17:35:37 +01004976 conn->err_code = CO_ER_SSL_NO_MEM;
4977 return -1;
4978 }
4979
4980 SSL_set_connect_state(conn->xprt_ctx);
Willy Tarreau07d94e42018-09-20 10:57:52 +02004981 if (__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
4982 const unsigned char *ptr = __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
4983 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, __objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
4984 if (sess && !SSL_set_session(conn->xprt_ctx, sess)) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01004985 SSL_SESSION_free(sess);
Willy Tarreau07d94e42018-09-20 10:57:52 +02004986 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
4987 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Olivier Houcharde6060c52017-11-16 17:42:52 +01004988 } else if (sess) {
4989 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01004990 }
4991 }
Evan Broderbe554312013-06-27 00:05:25 -07004992
Emeric Brun46591952012-05-18 15:47:34 +02004993 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02004994 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02004995
4996 sslconns++;
Willy Tarreau71b734c2014-01-28 15:19:44 +01004997 totalsslconns++;
Emeric Brun46591952012-05-18 15:47:34 +02004998 return 0;
4999 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005000 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005001 int may_retry = 1;
5002
5003 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02005004 /* Alloc a new SSL session ctx */
Willy Tarreau07d94e42018-09-20 10:57:52 +02005005 conn->xprt_ctx = SSL_new(__objt_listener(conn->target)->bind_conf->initial_ctx);
Willy Tarreau20879a02012-12-03 16:32:10 +01005006 if (!conn->xprt_ctx) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005007 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005008 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005009 goto retry_accept;
5010 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005011 conn->err_code = CO_ER_SSL_NO_MEM;
Emeric Brun46591952012-05-18 15:47:34 +02005012 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01005013 }
Emeric Brun46591952012-05-18 15:47:34 +02005014
Emeric Brun46591952012-05-18 15:47:34 +02005015 /* set fd on SSL session context */
Willy Tarreau585744b2017-08-24 14:31:19 +02005016 if (!SSL_set_fd(conn->xprt_ctx, conn->handle.fd)) {
Emeric Brun55476152014-11-12 17:35:37 +01005017 SSL_free(conn->xprt_ctx);
5018 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005019 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005020 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005021 goto retry_accept;
5022 }
Emeric Brun55476152014-11-12 17:35:37 +01005023 conn->err_code = CO_ER_SSL_NO_MEM;
5024 return -1;
5025 }
Emeric Brun46591952012-05-18 15:47:34 +02005026
Emeric Brune1f38db2012-09-03 20:36:47 +02005027 /* set connection pointer */
Thierry FOURNIER28962c92018-06-17 21:37:05 +02005028 if (!SSL_set_ex_data(conn->xprt_ctx, ssl_app_data_index, conn)) {
Emeric Brun55476152014-11-12 17:35:37 +01005029 SSL_free(conn->xprt_ctx);
5030 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005031 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005032 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005033 goto retry_accept;
5034 }
Emeric Brun55476152014-11-12 17:35:37 +01005035 conn->err_code = CO_ER_SSL_NO_MEM;
5036 return -1;
5037 }
5038
5039 SSL_set_accept_state(conn->xprt_ctx);
Emeric Brune1f38db2012-09-03 20:36:47 +02005040
Emeric Brun46591952012-05-18 15:47:34 +02005041 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005042 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005043#if OPENSSL_VERSION_NUMBER >= 0x10101000L || defined(OPENSSL_IS_BORINGSSL)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005044 conn->flags |= CO_FL_EARLY_SSL_HS;
5045#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02005046
5047 sslconns++;
Willy Tarreau71b734c2014-01-28 15:19:44 +01005048 totalsslconns++;
Emeric Brun46591952012-05-18 15:47:34 +02005049 return 0;
5050 }
5051 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01005052 conn->err_code = CO_ER_SSL_NO_TARGET;
Emeric Brun46591952012-05-18 15:47:34 +02005053 return -1;
5054}
5055
5056
5057/* This is the callback which is used when an SSL handshake is pending. It
5058 * updates the FD status if it wants some polling before being called again.
5059 * It returns 0 if it fails in a fatal way or needs to poll to go further,
5060 * otherwise it returns non-zero and removes itself from the connection's
5061 * flags (the bit is provided in <flag> by the caller).
5062 */
5063int ssl_sock_handshake(struct connection *conn, unsigned int flag)
5064{
5065 int ret;
5066
Willy Tarreau3c728722014-01-23 13:50:42 +01005067 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005068 return 0;
5069
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005070 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005071 goto out_error;
5072
Olivier Houchardc2aae742017-09-22 18:26:28 +02005073#if OPENSSL_VERSION_NUMBER >= 0x10101000L
5074 /*
5075 * Check if we have early data. If we do, we have to read them
5076 * before SSL_do_handshake() is called, And there's no way to
5077 * detect early data, except to try to read them
5078 */
5079 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5080 size_t read_data;
5081
5082 ret = SSL_read_early_data(conn->xprt_ctx, &conn->tmp_early_data,
5083 1, &read_data);
5084 if (ret == SSL_READ_EARLY_DATA_ERROR)
5085 goto check_error;
5086 if (ret == SSL_READ_EARLY_DATA_SUCCESS) {
5087 conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
5088 return 1;
5089 } else
5090 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5091 }
5092#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005093 /* If we use SSL_do_handshake to process a reneg initiated by
5094 * the remote peer, it sometimes returns SSL_ERROR_SSL.
5095 * Usually SSL_write and SSL_read are used and process implicitly
5096 * the reneg handshake.
5097 * Here we use SSL_peek as a workaround for reneg.
5098 */
5099 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(conn->xprt_ctx)) {
5100 char c;
5101
5102 ret = SSL_peek(conn->xprt_ctx, &c, 1);
5103 if (ret <= 0) {
5104 /* handshake may have not been completed, let's find why */
5105 ret = SSL_get_error(conn->xprt_ctx, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005106
Emeric Brun674b7432012-11-08 19:21:55 +01005107 if (ret == SSL_ERROR_WANT_WRITE) {
5108 /* SSL handshake needs to write, L4 connection may not be ready */
5109 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005110 __conn_sock_want_send(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005111 fd_cant_send(conn->handle.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01005112 return 0;
5113 }
5114 else if (ret == SSL_ERROR_WANT_READ) {
5115 /* handshake may have been completed but we have
5116 * no more data to read.
5117 */
5118 if (!SSL_renegotiate_pending(conn->xprt_ctx)) {
5119 ret = 1;
5120 goto reneg_ok;
5121 }
5122 /* SSL handshake needs to read, L4 connection is ready */
5123 if (conn->flags & CO_FL_WAIT_L4_CONN)
5124 conn->flags &= ~CO_FL_WAIT_L4_CONN;
5125 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005126 __conn_sock_want_recv(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005127 fd_cant_recv(conn->handle.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01005128 return 0;
5129 }
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005130#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005131 else if (ret == SSL_ERROR_WANT_ASYNC) {
Emeric Brun3854e012017-05-17 20:42:48 +02005132 ssl_async_process_fds(conn, conn->xprt_ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005133 return 0;
5134 }
5135#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005136 else if (ret == SSL_ERROR_SYSCALL) {
5137 /* if errno is null, then connection was successfully established */
5138 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5139 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01005140 if (!conn->err_code) {
Emeric Brun77e89192018-08-16 11:36:40 +02005141#ifdef OPENSSL_IS_BORINGSSL /* BoringSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005142 conn->err_code = CO_ER_SSL_HANDSHAKE;
5143#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005144 int empty_handshake;
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01005145#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005146 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
5147 empty_handshake = state == TLS_ST_BEFORE;
5148#else
5149 empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
5150#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005151 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02005152 if (!errno) {
5153 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5154 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5155 else
5156 conn->err_code = CO_ER_SSL_EMPTY;
5157 }
5158 else {
5159 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5160 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5161 else
5162 conn->err_code = CO_ER_SSL_ABORT;
5163 }
5164 }
5165 else {
5166 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5167 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01005168 else
Emeric Brun29f037d2014-04-25 19:05:36 +02005169 conn->err_code = CO_ER_SSL_HANDSHAKE;
5170 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005171#endif
Willy Tarreau20879a02012-12-03 16:32:10 +01005172 }
Emeric Brun674b7432012-11-08 19:21:55 +01005173 goto out_error;
5174 }
5175 else {
5176 /* Fail on all other handshake errors */
5177 /* Note: OpenSSL may leave unread bytes in the socket's
5178 * buffer, causing an RST to be emitted upon close() on
5179 * TCP sockets. We first try to drain possibly pending
5180 * data to avoid this as much as possible.
5181 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005182 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005183 if (!conn->err_code)
Willy Tarreauf51c6982014-04-25 20:02:39 +02005184 conn->err_code = (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
5185 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01005186 goto out_error;
5187 }
5188 }
5189 /* read some data: consider handshake completed */
5190 goto reneg_ok;
5191 }
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005192 ret = SSL_do_handshake(conn->xprt_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005193check_error:
Emeric Brun46591952012-05-18 15:47:34 +02005194 if (ret != 1) {
5195 /* handshake did not complete, let's find why */
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005196 ret = SSL_get_error(conn->xprt_ctx, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005197
5198 if (ret == SSL_ERROR_WANT_WRITE) {
5199 /* SSL handshake needs to write, L4 connection may not be ready */
5200 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005201 __conn_sock_want_send(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005202 fd_cant_send(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005203 return 0;
5204 }
5205 else if (ret == SSL_ERROR_WANT_READ) {
5206 /* SSL handshake needs to read, L4 connection is ready */
5207 if (conn->flags & CO_FL_WAIT_L4_CONN)
5208 conn->flags &= ~CO_FL_WAIT_L4_CONN;
5209 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005210 __conn_sock_want_recv(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005211 fd_cant_recv(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005212 return 0;
5213 }
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005214#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005215 else if (ret == SSL_ERROR_WANT_ASYNC) {
Emeric Brun3854e012017-05-17 20:42:48 +02005216 ssl_async_process_fds(conn, conn->xprt_ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005217 return 0;
5218 }
5219#endif
Willy Tarreau89230192012-09-28 20:22:13 +02005220 else if (ret == SSL_ERROR_SYSCALL) {
5221 /* if errno is null, then connection was successfully established */
5222 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5223 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005224 if (!conn->err_code) {
Emeric Brun77e89192018-08-16 11:36:40 +02005225#ifdef OPENSSL_IS_BORINGSSL /* BoringSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005226 conn->err_code = CO_ER_SSL_HANDSHAKE;
5227#else
5228 int empty_handshake;
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01005229#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005230 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
5231 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005232#else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005233 empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005234#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005235 if (empty_handshake) {
5236 if (!errno) {
5237 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5238 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5239 else
5240 conn->err_code = CO_ER_SSL_EMPTY;
5241 }
5242 else {
5243 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5244 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5245 else
5246 conn->err_code = CO_ER_SSL_ABORT;
5247 }
Emeric Brun29f037d2014-04-25 19:05:36 +02005248 }
5249 else {
5250 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5251 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5252 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005253 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02005254 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005255#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02005256 }
Willy Tarreau89230192012-09-28 20:22:13 +02005257 goto out_error;
5258 }
Emeric Brun46591952012-05-18 15:47:34 +02005259 else {
5260 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02005261 /* Note: OpenSSL may leave unread bytes in the socket's
5262 * buffer, causing an RST to be emitted upon close() on
5263 * TCP sockets. We first try to drain possibly pending
5264 * data to avoid this as much as possible.
5265 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005266 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005267 if (!conn->err_code)
Willy Tarreauf51c6982014-04-25 20:02:39 +02005268 conn->err_code = (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
5269 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005270 goto out_error;
5271 }
5272 }
Olivier Houchard522eea72017-11-03 16:27:47 +01005273#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5274 else {
5275 /*
5276 * If the server refused the early data, we have to send a
5277 * 425 to the client, as we no longer have the data to sent
5278 * them again.
5279 */
5280 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
5281 if (SSL_get_early_data_status(conn->xprt_ctx) == SSL_EARLY_DATA_REJECTED) {
5282 conn->err_code = CO_ER_SSL_EARLY_FAILED;
5283 goto out_error;
5284 }
5285 }
5286 }
5287#endif
5288
Emeric Brun46591952012-05-18 15:47:34 +02005289
Emeric Brun674b7432012-11-08 19:21:55 +01005290reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00005291
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005292#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005293 /* ASYNC engine API doesn't support moving read/write
5294 * buffers. So we disable ASYNC mode right after
5295 * the handshake to avoid buffer oveflows.
5296 */
5297 if (global_ssl.async)
5298 SSL_clear_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5299#endif
Emeric Brun46591952012-05-18 15:47:34 +02005300 /* Handshake succeeded */
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005301 if (!SSL_session_reused(conn->xprt_ctx)) {
5302 if (objt_server(conn->target)) {
5303 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
5304 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
5305 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02005306 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005307 else {
5308 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
5309 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
5310 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
5311 }
Emeric Brun46591952012-05-18 15:47:34 +02005312 }
5313
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005314#ifdef OPENSSL_IS_BORINGSSL
5315 if ((conn->flags & CO_FL_EARLY_SSL_HS) && !SSL_in_early_data(conn->xprt_ctx))
5316 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5317#endif
Emeric Brun46591952012-05-18 15:47:34 +02005318 /* The connection is now established at both layers, it's time to leave */
5319 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
5320 return 1;
5321
5322 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005323 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005324 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005325 ERR_clear_error();
5326
Emeric Brun9fa89732012-10-04 17:09:56 +02005327 /* free resumed session if exists */
Willy Tarreau07d94e42018-09-20 10:57:52 +02005328 if (objt_server(conn->target) && __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5329 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5330 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02005331 }
5332
Emeric Brun46591952012-05-18 15:47:34 +02005333 /* Fail on all other handshake errors */
5334 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01005335 if (!conn->err_code)
5336 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005337 return 0;
5338}
5339
5340/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01005341 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02005342 * buffer wraps, in which case a second call may be performed. The connection's
5343 * flags are updated with whatever special event is detected (error, read0,
5344 * empty). The caller is responsible for taking care of those events and
5345 * avoiding the call if inappropriate. The function does not call the
5346 * connection's polling update function, so the caller is responsible for this.
5347 */
Willy Tarreau7f3225f2018-06-19 06:15:17 +02005348static size_t ssl_sock_to_buf(struct connection *conn, struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005349{
Willy Tarreaubfc4d772018-07-18 11:22:03 +02005350 ssize_t ret;
5351 size_t try, done = 0;
Emeric Brun46591952012-05-18 15:47:34 +02005352
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005353 conn_refresh_polling_flags(conn);
5354
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005355 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005356 goto out_error;
5357
5358 if (conn->flags & CO_FL_HANDSHAKE)
5359 /* a handshake was requested */
5360 return 0;
5361
Willy Tarreau0c7ed5d2018-07-10 09:53:31 +02005362 b_realign_if_empty(buf);
Emeric Brun46591952012-05-18 15:47:34 +02005363
5364 /* read the largest possible block. For this, we perform only one call
5365 * to recv() unless the buffer wraps and we exactly fill the first hunk,
5366 * in which case we accept to do it once again. A new attempt is made on
5367 * EINTR too.
5368 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01005369 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005370 int need_out = 0;
5371
Willy Tarreau591d4452018-06-15 17:21:00 +02005372 try = b_contig_space(buf);
5373 if (!try)
5374 break;
5375
Willy Tarreauabf08d92014-01-14 11:31:27 +01005376 if (try > count)
5377 try = count;
Willy Tarreau591d4452018-06-15 17:21:00 +02005378
Olivier Houchardc2aae742017-09-22 18:26:28 +02005379 if (((conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_EARLY_SSL_HS) &&
5380 conn->tmp_early_data != -1) {
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005381 *b_tail(buf) = conn->tmp_early_data;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005382 done++;
5383 try--;
5384 count--;
Olivier Houchardacd14032018-06-28 18:17:23 +02005385 b_add(buf, 1);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005386 conn->tmp_early_data = -1;
5387 continue;
5388 }
Willy Tarreauabf08d92014-01-14 11:31:27 +01005389
Olivier Houchardc2aae742017-09-22 18:26:28 +02005390#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5391 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5392 size_t read_length;
5393
5394 ret = SSL_read_early_data(conn->xprt_ctx,
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005395 b_tail(buf), try, &read_length);
Olivier Houchard522eea72017-11-03 16:27:47 +01005396 if (ret == SSL_READ_EARLY_DATA_SUCCESS &&
5397 read_length > 0)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005398 conn->flags |= CO_FL_EARLY_DATA;
5399 if (ret == SSL_READ_EARLY_DATA_SUCCESS ||
5400 ret == SSL_READ_EARLY_DATA_FINISH) {
5401 if (ret == SSL_READ_EARLY_DATA_FINISH) {
5402 /*
5403 * We're done reading the early data,
5404 * let's make the handshake
5405 */
5406 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5407 conn->flags |= CO_FL_SSL_WAIT_HS;
5408 need_out = 1;
5409 if (read_length == 0)
5410 break;
5411 }
5412 ret = read_length;
5413 }
5414 } else
5415#endif
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005416 ret = SSL_read(conn->xprt_ctx, b_tail(buf), try);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005417#ifdef OPENSSL_IS_BORINGSSL
5418 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5419 if (SSL_in_early_data(conn->xprt_ctx)) {
5420 if (ret > 0)
5421 conn->flags |= CO_FL_EARLY_DATA;
5422 } else {
Emmanuel Hocdetcebd7962017-11-27 16:14:40 +01005423 conn->flags &= ~(CO_FL_EARLY_SSL_HS);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005424 }
5425 }
5426#endif
Emeric Brune1f38db2012-09-03 20:36:47 +02005427 if (conn->flags & CO_FL_ERROR) {
5428 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005429 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005430 }
Emeric Brun46591952012-05-18 15:47:34 +02005431 if (ret > 0) {
Olivier Houchardacd14032018-06-28 18:17:23 +02005432 b_add(buf, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005433 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005434 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005435 }
Emeric Brun46591952012-05-18 15:47:34 +02005436 else {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005437 ret = SSL_get_error(conn->xprt_ctx, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005438 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005439 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02005440 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01005441 __conn_sock_want_send(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005442#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005443 /* Async mode can be re-enabled, because we're leaving data state.*/
5444 if (global_ssl.async)
5445 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5446#endif
Emeric Brun46591952012-05-18 15:47:34 +02005447 break;
5448 }
5449 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005450 if (SSL_renegotiate_pending(conn->xprt_ctx)) {
5451 /* handshake is running, and it may need to re-enable read */
5452 conn->flags |= CO_FL_SSL_WAIT_HS;
5453 __conn_sock_want_recv(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005454#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005455 /* Async mode can be re-enabled, because we're leaving data state.*/
5456 if (global_ssl.async)
5457 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5458#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005459 break;
5460 }
Emeric Brun46591952012-05-18 15:47:34 +02005461 /* we need to poll for retry a read later */
Willy Tarreau585744b2017-08-24 14:31:19 +02005462 fd_cant_recv(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005463 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005464 } else if (ret == SSL_ERROR_ZERO_RETURN)
5465 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005466 /* For SSL_ERROR_SYSCALL, make sure to clear the error
5467 * stack before shutting down the connection for
5468 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005469 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
5470 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02005471 /* otherwise it's a real error */
5472 goto out_error;
5473 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005474 if (need_out)
5475 break;
Emeric Brun46591952012-05-18 15:47:34 +02005476 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005477 leave:
5478 conn_cond_update_sock_polling(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005479 return done;
5480
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005481 clear_ssl_error:
5482 /* Clear openssl global errors stack */
5483 ssl_sock_dump_errors(conn);
5484 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02005485 read0:
5486 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005487 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005488
Emeric Brun46591952012-05-18 15:47:34 +02005489 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005490 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01005491 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005492 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005493 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005494 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005495}
5496
5497
Willy Tarreau787db9a2018-06-14 18:31:46 +02005498/* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s
5499 * socket. <flags> may contain some CO_SFL_* flags to hint the system about
5500 * other pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02005501 * Only one call to send() is performed, unless the buffer wraps, in which case
5502 * a second call may be performed. The connection's flags are updated with
5503 * whatever special event is detected (error, empty). The caller is responsible
5504 * for taking care of those events and avoiding the call if inappropriate. The
5505 * function does not call the connection's polling update function, so the caller
Willy Tarreau787db9a2018-06-14 18:31:46 +02005506 * is responsible for this. The buffer's output is not adjusted, it's up to the
5507 * caller to take care of this. It's up to the caller to update the buffer's
5508 * contents based on the return value.
Emeric Brun46591952012-05-18 15:47:34 +02005509 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02005510static size_t ssl_sock_from_buf(struct connection *conn, const struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005511{
Willy Tarreau787db9a2018-06-14 18:31:46 +02005512 ssize_t ret;
5513 size_t try, done;
Emeric Brun46591952012-05-18 15:47:34 +02005514
5515 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005516 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005517
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005518 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005519 goto out_error;
5520
5521 if (conn->flags & CO_FL_HANDSHAKE)
5522 /* a handshake was requested */
5523 return 0;
5524
5525 /* send the largest possible block. For this we perform only one call
5526 * to send() unless the buffer wraps and we exactly fill the first hunk,
5527 * in which case we accept to do it once again.
5528 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02005529 while (count) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005530#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5531 size_t written_data;
5532#endif
5533
Willy Tarreau787db9a2018-06-14 18:31:46 +02005534 try = b_contig_data(buf, done);
5535 if (try > count)
5536 try = count;
Willy Tarreaubfd59462013-02-21 07:46:09 +01005537
Willy Tarreau7bed9452014-02-02 02:00:24 +01005538 if (!(flags & CO_SFL_STREAMER) &&
Willy Tarreau518cedd2014-02-17 15:43:01 +01005539 !(conn->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01005540 global_ssl.max_record && try > global_ssl.max_record) {
5541 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005542 }
5543 else {
5544 /* we need to keep the information about the fact that
5545 * we're not limiting the upcoming send(), because if it
5546 * fails, we'll have to retry with at least as many data.
5547 */
5548 conn->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
5549 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01005550
Olivier Houchardc2aae742017-09-22 18:26:28 +02005551#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5552 if (!SSL_is_init_finished(conn->xprt_ctx)) {
5553 unsigned int max_early;
5554
Olivier Houchard522eea72017-11-03 16:27:47 +01005555 if (objt_listener(conn->target))
5556 max_early = SSL_get_max_early_data(conn->xprt_ctx);
5557 else {
5558 if (SSL_get0_session(conn->xprt_ctx))
5559 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(conn->xprt_ctx));
5560 else
5561 max_early = 0;
5562 }
5563
Olivier Houchard90084a12017-11-23 18:21:29 +01005564 if (try + conn->sent_early_data > max_early) {
5565 try -= (try + conn->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01005566 if (try <= 0) {
Olivier Houchard90084a12017-11-23 18:21:29 +01005567 if (!(conn->flags & CO_FL_EARLY_SSL_HS))
5568 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005569 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01005570 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005571 }
Willy Tarreau787db9a2018-06-14 18:31:46 +02005572 ret = SSL_write_early_data(conn->xprt_ctx, b_peek(buf, done), try, &written_data);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005573 if (ret == 1) {
5574 ret = written_data;
Olivier Houchard90084a12017-11-23 18:21:29 +01005575 conn->sent_early_data += ret;
Olivier Houchard522eea72017-11-03 16:27:47 +01005576 if (objt_server(conn->target)) {
5577 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5578 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
5579 }
5580
Olivier Houchardc2aae742017-09-22 18:26:28 +02005581 }
5582
5583 } else
5584#endif
Willy Tarreau787db9a2018-06-14 18:31:46 +02005585 ret = SSL_write(conn->xprt_ctx, b_peek(buf, done), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01005586
Emeric Brune1f38db2012-09-03 20:36:47 +02005587 if (conn->flags & CO_FL_ERROR) {
5588 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005589 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005590 }
Emeric Brun46591952012-05-18 15:47:34 +02005591 if (ret > 0) {
Willy Tarreau518cedd2014-02-17 15:43:01 +01005592 conn->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau787db9a2018-06-14 18:31:46 +02005593 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005594 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005595 }
5596 else {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005597 ret = SSL_get_error(conn->xprt_ctx, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005598
Emeric Brun46591952012-05-18 15:47:34 +02005599 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005600 if (SSL_renegotiate_pending(conn->xprt_ctx)) {
5601 /* handshake is running, and it may need to re-enable write */
5602 conn->flags |= CO_FL_SSL_WAIT_HS;
5603 __conn_sock_want_send(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005604#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005605 /* Async mode can be re-enabled, because we're leaving data state.*/
5606 if (global_ssl.async)
5607 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5608#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005609 break;
5610 }
Emeric Brun46591952012-05-18 15:47:34 +02005611 /* we need to poll to retry a write later */
Willy Tarreau585744b2017-08-24 14:31:19 +02005612 fd_cant_send(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005613 break;
5614 }
5615 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005616 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02005617 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01005618 __conn_sock_want_recv(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005619#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005620 /* Async mode can be re-enabled, because we're leaving data state.*/
5621 if (global_ssl.async)
5622 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5623#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005624 break;
5625 }
Emeric Brun46591952012-05-18 15:47:34 +02005626 goto out_error;
5627 }
5628 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005629 leave:
5630 conn_cond_update_sock_polling(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005631 return done;
5632
5633 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005634 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005635 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005636 ERR_clear_error();
5637
Emeric Brun46591952012-05-18 15:47:34 +02005638 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005639 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005640}
5641
Emeric Brun46591952012-05-18 15:47:34 +02005642static void ssl_sock_close(struct connection *conn) {
5643
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005644 if (conn->xprt_ctx) {
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005645#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02005646 if (global_ssl.async) {
5647 OSSL_ASYNC_FD all_fd[32], afd;
5648 size_t num_all_fds = 0;
5649 int i;
5650
5651 SSL_get_all_async_fds(conn->xprt_ctx, NULL, &num_all_fds);
5652 if (num_all_fds > 32) {
5653 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
5654 return;
5655 }
5656
5657 SSL_get_all_async_fds(conn->xprt_ctx, all_fd, &num_all_fds);
5658
5659 /* If an async job is pending, we must try to
5660 to catch the end using polling before calling
5661 SSL_free */
5662 if (num_all_fds && SSL_waiting_for_async(conn->xprt_ctx)) {
5663 for (i=0 ; i < num_all_fds ; i++) {
5664 /* switch on an handler designed to
5665 * handle the SSL_free
5666 */
5667 afd = all_fd[i];
5668 fdtab[afd].iocb = ssl_async_fd_free;
5669 fdtab[afd].owner = conn->xprt_ctx;
5670 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00005671 /* To ensure that the fd cache won't be used
5672 * and we'll catch a real RD event.
5673 */
5674 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02005675 }
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005676 conn->xprt_ctx = NULL;
Christopher Faulet8d8aa0d2017-05-30 15:36:50 +02005677 HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005678 return;
5679 }
Emeric Brun3854e012017-05-17 20:42:48 +02005680 /* Else we can remove the fds from the fdtab
5681 * and call SSL_free.
5682 * note: we do a fd_remove and not a delete
5683 * because the fd is owned by the engine.
5684 * the engine is responsible to close
5685 */
5686 for (i=0 ; i < num_all_fds ; i++)
5687 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005688 }
5689#endif
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005690 SSL_free(conn->xprt_ctx);
5691 conn->xprt_ctx = NULL;
Willy Tarreau403edff2012-09-06 11:58:37 +02005692 sslconns--;
Emeric Brun46591952012-05-18 15:47:34 +02005693 }
Emeric Brun46591952012-05-18 15:47:34 +02005694}
5695
5696/* This function tries to perform a clean shutdown on an SSL connection, and in
5697 * any case, flags the connection as reusable if no handshake was in progress.
5698 */
5699static void ssl_sock_shutw(struct connection *conn, int clean)
5700{
5701 if (conn->flags & CO_FL_HANDSHAKE)
5702 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01005703 if (!clean)
5704 /* don't sent notify on SSL_shutdown */
Willy Tarreaue3cc3a32017-02-13 11:12:29 +01005705 SSL_set_quiet_shutdown(conn->xprt_ctx, 1);
Emeric Brun46591952012-05-18 15:47:34 +02005706 /* no handshake was in progress, try a clean ssl shutdown */
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01005707 if (SSL_shutdown(conn->xprt_ctx) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01005708 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005709 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005710 ERR_clear_error();
5711 }
Emeric Brun46591952012-05-18 15:47:34 +02005712}
5713
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01005714/* used for ppv2 pkey alog (can be used for logging) */
Willy Tarreau83061a82018-07-13 11:56:34 +02005715int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01005716{
5717 struct pkey_info *pkinfo;
5718 int bits = 0;
5719 int sig = TLSEXT_signature_anonymous;
5720 int len = -1;
5721
5722 if (!ssl_sock_is_ssl(conn))
5723 return 0;
5724
Emmanuel Hocdet3448c492018-06-18 12:44:19 +02005725 pkinfo = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(conn->xprt_ctx), ssl_pkey_info_index);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01005726 if (pkinfo) {
5727 sig = pkinfo->sig;
5728 bits = pkinfo->bits;
5729 } else {
5730 /* multicert and generated cert have no pkey info */
5731 X509 *crt;
5732 EVP_PKEY *pkey;
5733 crt = SSL_get_certificate(conn->xprt_ctx);
5734 if (!crt)
5735 return 0;
5736 pkey = X509_get_pubkey(crt);
5737 if (pkey) {
5738 bits = EVP_PKEY_bits(pkey);
5739 switch(EVP_PKEY_base_id(pkey)) {
5740 case EVP_PKEY_RSA:
5741 sig = TLSEXT_signature_rsa;
5742 break;
5743 case EVP_PKEY_EC:
5744 sig = TLSEXT_signature_ecdsa;
5745 break;
5746 case EVP_PKEY_DSA:
5747 sig = TLSEXT_signature_dsa;
5748 break;
5749 }
5750 EVP_PKEY_free(pkey);
5751 }
5752 }
5753
5754 switch(sig) {
5755 case TLSEXT_signature_rsa:
5756 len = chunk_printf(out, "RSA%d", bits);
5757 break;
5758 case TLSEXT_signature_ecdsa:
5759 len = chunk_printf(out, "EC%d", bits);
5760 break;
5761 case TLSEXT_signature_dsa:
5762 len = chunk_printf(out, "DSA%d", bits);
5763 break;
5764 default:
5765 return 0;
5766 }
5767 if (len < 0)
5768 return 0;
5769 return 1;
5770}
5771
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01005772/* used for ppv2 cert signature (can be used for logging) */
5773const char *ssl_sock_get_cert_sig(struct connection *conn)
5774{
5775 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
5776 X509 *crt;
5777
5778 if (!ssl_sock_is_ssl(conn))
5779 return NULL;
5780 crt = SSL_get_certificate(conn->xprt_ctx);
5781 if (!crt)
5782 return NULL;
5783 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
5784 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
5785}
5786
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01005787/* used for ppv2 authority */
5788const char *ssl_sock_get_sni(struct connection *conn)
5789{
5790#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
5791 if (!ssl_sock_is_ssl(conn))
5792 return NULL;
5793 return SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
5794#else
5795 return 0;
5796#endif
5797}
5798
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005799/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005800const char *ssl_sock_get_cipher_name(struct connection *conn)
5801{
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005802 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005803 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005804
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005805 return SSL_get_cipher_name(conn->xprt_ctx);
5806}
5807
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005808/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005809const char *ssl_sock_get_proto_version(struct connection *conn)
5810{
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005811 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005812 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005813
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005814 return SSL_get_version(conn->xprt_ctx);
5815}
5816
Willy Tarreau8d598402012-10-22 17:58:39 +02005817/* Extract a serial from a cert, and copy it to a chunk.
5818 * Returns 1 if serial is found and copied, 0 if no serial found and
5819 * -1 if output is not large enough.
5820 */
5821static int
Willy Tarreau83061a82018-07-13 11:56:34 +02005822ssl_sock_get_serial(X509 *crt, struct buffer *out)
Willy Tarreau8d598402012-10-22 17:58:39 +02005823{
5824 ASN1_INTEGER *serial;
5825
5826 serial = X509_get_serialNumber(crt);
5827 if (!serial)
5828 return 0;
5829
5830 if (out->size < serial->length)
5831 return -1;
5832
Willy Tarreau843b7cb2018-07-13 10:54:26 +02005833 memcpy(out->area, serial->data, serial->length);
5834 out->data = serial->length;
Willy Tarreau8d598402012-10-22 17:58:39 +02005835 return 1;
5836}
5837
Emeric Brun43e79582014-10-29 19:03:26 +01005838/* Extract a cert to der, and copy it to a chunk.
5839 * Returns 1 if cert is found and copied, 0 on der convertion failure and
5840 * -1 if output is not large enough.
5841 */
5842static int
Willy Tarreau83061a82018-07-13 11:56:34 +02005843ssl_sock_crt2der(X509 *crt, struct buffer *out)
Emeric Brun43e79582014-10-29 19:03:26 +01005844{
5845 int len;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02005846 unsigned char *p = (unsigned char *) out->area;;
Emeric Brun43e79582014-10-29 19:03:26 +01005847
5848 len =i2d_X509(crt, NULL);
5849 if (len <= 0)
5850 return 1;
5851
5852 if (out->size < len)
5853 return -1;
5854
5855 i2d_X509(crt,&p);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02005856 out->data = len;
Emeric Brun43e79582014-10-29 19:03:26 +01005857 return 1;
5858}
5859
Emeric Brunce5ad802012-10-22 14:11:22 +02005860
Willy Tarreau83061a82018-07-13 11:56:34 +02005861/* Copy Date in ASN1_UTCTIME format in struct buffer out.
Emeric Brunce5ad802012-10-22 14:11:22 +02005862 * Returns 1 if serial is found and copied, 0 if no valid time found
5863 * and -1 if output is not large enough.
5864 */
5865static int
Willy Tarreau83061a82018-07-13 11:56:34 +02005866ssl_sock_get_time(ASN1_TIME *tm, struct buffer *out)
Emeric Brunce5ad802012-10-22 14:11:22 +02005867{
5868 if (tm->type == V_ASN1_GENERALIZEDTIME) {
5869 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
5870
5871 if (gentm->length < 12)
5872 return 0;
5873 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
5874 return 0;
5875 if (out->size < gentm->length-2)
5876 return -1;
5877
Willy Tarreau843b7cb2018-07-13 10:54:26 +02005878 memcpy(out->area, gentm->data+2, gentm->length-2);
5879 out->data = gentm->length-2;
Emeric Brunce5ad802012-10-22 14:11:22 +02005880 return 1;
5881 }
5882 else if (tm->type == V_ASN1_UTCTIME) {
5883 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
5884
5885 if (utctm->length < 10)
5886 return 0;
5887 if (utctm->data[0] >= 0x35)
5888 return 0;
5889 if (out->size < utctm->length)
5890 return -1;
5891
Willy Tarreau843b7cb2018-07-13 10:54:26 +02005892 memcpy(out->area, utctm->data, utctm->length);
5893 out->data = utctm->length;
Emeric Brunce5ad802012-10-22 14:11:22 +02005894 return 1;
5895 }
5896
5897 return 0;
5898}
5899
Emeric Brun87855892012-10-17 17:39:35 +02005900/* Extract an entry from a X509_NAME and copy its value to an output chunk.
5901 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
5902 */
5903static int
Willy Tarreau83061a82018-07-13 11:56:34 +02005904ssl_sock_get_dn_entry(X509_NAME *a, const struct buffer *entry, int pos,
5905 struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02005906{
5907 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005908 ASN1_OBJECT *obj;
5909 ASN1_STRING *data;
5910 const unsigned char *data_ptr;
5911 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005912 int i, j, n;
5913 int cur = 0;
5914 const char *s;
5915 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005916 int name_count;
5917
5918 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02005919
Willy Tarreau843b7cb2018-07-13 10:54:26 +02005920 out->data = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005921 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02005922 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005923 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02005924 else
5925 j = i;
5926
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005927 ne = X509_NAME_get_entry(a, j);
5928 obj = X509_NAME_ENTRY_get_object(ne);
5929 data = X509_NAME_ENTRY_get_data(ne);
5930 data_ptr = ASN1_STRING_get0_data(data);
5931 data_len = ASN1_STRING_length(data);
5932 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02005933 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005934 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02005935 s = tmp;
5936 }
5937
5938 if (chunk_strcasecmp(entry, s) != 0)
5939 continue;
5940
5941 if (pos < 0)
5942 cur--;
5943 else
5944 cur++;
5945
5946 if (cur != pos)
5947 continue;
5948
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005949 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02005950 return -1;
5951
Willy Tarreau843b7cb2018-07-13 10:54:26 +02005952 memcpy(out->area, data_ptr, data_len);
5953 out->data = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005954 return 1;
5955 }
5956
5957 return 0;
5958
5959}
5960
5961/* Extract and format full DN from a X509_NAME and copy result into a chunk
5962 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
5963 */
5964static int
Willy Tarreau83061a82018-07-13 11:56:34 +02005965ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02005966{
5967 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005968 ASN1_OBJECT *obj;
5969 ASN1_STRING *data;
5970 const unsigned char *data_ptr;
5971 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005972 int i, n, ln;
5973 int l = 0;
5974 const char *s;
5975 char *p;
5976 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005977 int name_count;
5978
5979
5980 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02005981
Willy Tarreau843b7cb2018-07-13 10:54:26 +02005982 out->data = 0;
5983 p = out->area;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005984 for (i = 0; i < name_count; i++) {
5985 ne = X509_NAME_get_entry(a, i);
5986 obj = X509_NAME_ENTRY_get_object(ne);
5987 data = X509_NAME_ENTRY_get_data(ne);
5988 data_ptr = ASN1_STRING_get0_data(data);
5989 data_len = ASN1_STRING_length(data);
5990 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02005991 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005992 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02005993 s = tmp;
5994 }
5995 ln = strlen(s);
5996
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005997 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005998 if (l > out->size)
5999 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006000 out->data = l;
Emeric Brun87855892012-10-17 17:39:35 +02006001
6002 *(p++)='/';
6003 memcpy(p, s, ln);
6004 p += ln;
6005 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006006 memcpy(p, data_ptr, data_len);
6007 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006008 }
6009
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006010 if (!out->data)
Emeric Brun87855892012-10-17 17:39:35 +02006011 return 0;
6012
6013 return 1;
6014}
6015
Willy Tarreau119a4082016-12-22 21:58:38 +01006016/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
6017 * to disable SNI.
6018 */
Willy Tarreau63076412015-07-10 11:33:32 +02006019void ssl_sock_set_servername(struct connection *conn, const char *hostname)
6020{
6021#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau119a4082016-12-22 21:58:38 +01006022 char *prev_name;
6023
Willy Tarreau63076412015-07-10 11:33:32 +02006024 if (!ssl_sock_is_ssl(conn))
6025 return;
6026
Willy Tarreau119a4082016-12-22 21:58:38 +01006027 /* if the SNI changes, we must destroy the reusable context so that a
6028 * new connection will present a new SNI. As an optimization we could
6029 * later imagine having a small cache of ssl_ctx to hold a few SNI per
6030 * server.
6031 */
6032 prev_name = (char *)SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
6033 if ((!prev_name && hostname) ||
6034 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
6035 SSL_set_session(conn->xprt_ctx, NULL);
6036
Willy Tarreau63076412015-07-10 11:33:32 +02006037 SSL_set_tlsext_host_name(conn->xprt_ctx, hostname);
6038#endif
6039}
6040
Emeric Brun0abf8362014-06-24 18:26:41 +02006041/* Extract peer certificate's common name into the chunk dest
6042 * Returns
6043 * the len of the extracted common name
6044 * or 0 if no CN found in DN
6045 * or -1 on error case (i.e. no peer certificate)
6046 */
Willy Tarreau83061a82018-07-13 11:56:34 +02006047int ssl_sock_get_remote_common_name(struct connection *conn,
6048 struct buffer *dest)
David Safb76832014-05-08 23:42:08 -04006049{
6050 X509 *crt = NULL;
6051 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04006052 const char find_cn[] = "CN";
Willy Tarreau83061a82018-07-13 11:56:34 +02006053 const struct buffer find_cn_chunk = {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006054 .area = (char *)&find_cn,
6055 .data = sizeof(find_cn)-1
David Safb76832014-05-08 23:42:08 -04006056 };
Emeric Brun0abf8362014-06-24 18:26:41 +02006057 int result = -1;
David Safb76832014-05-08 23:42:08 -04006058
6059 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02006060 goto out;
David Safb76832014-05-08 23:42:08 -04006061
6062 /* SSL_get_peer_certificate, it increase X509 * ref count */
6063 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6064 if (!crt)
6065 goto out;
6066
6067 name = X509_get_subject_name(crt);
6068 if (!name)
6069 goto out;
David Safb76832014-05-08 23:42:08 -04006070
Emeric Brun0abf8362014-06-24 18:26:41 +02006071 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
6072out:
David Safb76832014-05-08 23:42:08 -04006073 if (crt)
6074 X509_free(crt);
6075
6076 return result;
6077}
6078
Dave McCowan328fb582014-07-30 10:39:13 -04006079/* returns 1 if client passed a certificate for this session, 0 if not */
6080int ssl_sock_get_cert_used_sess(struct connection *conn)
6081{
6082 X509 *crt = NULL;
6083
6084 if (!ssl_sock_is_ssl(conn))
6085 return 0;
6086
6087 /* SSL_get_peer_certificate, it increase X509 * ref count */
6088 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6089 if (!crt)
6090 return 0;
6091
6092 X509_free(crt);
6093 return 1;
6094}
6095
6096/* returns 1 if client passed a certificate for this connection, 0 if not */
6097int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04006098{
6099 if (!ssl_sock_is_ssl(conn))
6100 return 0;
6101
6102 return SSL_SOCK_ST_FL_VERIFY_DONE & conn->xprt_st ? 1 : 0;
6103}
6104
6105/* returns result from SSL verify */
6106unsigned int ssl_sock_get_verify_result(struct connection *conn)
6107{
6108 if (!ssl_sock_is_ssl(conn))
6109 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
6110
6111 return (unsigned int)SSL_get_verify_result(conn->xprt_ctx);
6112}
6113
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006114/* Returns the application layer protocol name in <str> and <len> when known.
6115 * Zero is returned if the protocol name was not found, otherwise non-zero is
6116 * returned. The string is allocated in the SSL context and doesn't have to be
6117 * freed by the caller. NPN is also checked if available since older versions
6118 * of openssl (1.0.1) which are more common in field only support this one.
6119 */
6120static int ssl_sock_get_alpn(const struct connection *conn, const char **str, int *len)
6121{
6122 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6123 return 0;
6124
6125 *str = NULL;
6126
6127#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
6128 SSL_get0_alpn_selected(conn->xprt_ctx, (const unsigned char **)str, (unsigned *)len);
6129 if (*str)
6130 return 1;
6131#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01006132#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006133 SSL_get0_next_proto_negotiated(conn->xprt_ctx, (const unsigned char **)str, (unsigned *)len);
6134 if (*str)
6135 return 1;
6136#endif
6137 return 0;
6138}
6139
Willy Tarreau7875d092012-09-10 08:20:03 +02006140/***** Below are some sample fetching functions for ACL/patterns *****/
6141
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006142static int
6143smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
6144{
6145 struct connection *conn;
6146
6147 conn = objt_conn(smp->sess->origin);
6148 if (!conn || conn->xprt != &ssl_sock)
6149 return 0;
6150
6151 smp->flags = 0;
6152 smp->data.type = SMP_T_BOOL;
Olivier Houchard25ae45a2017-11-29 19:51:19 +01006153 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
6154 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_HANDSHAKE))) ? 1 : 0;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006155
6156 return 1;
6157}
6158
Emeric Brune64aef12012-09-21 13:15:06 +02006159/* boolean, returns true if client cert was present */
6160static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006161smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02006162{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006163 struct connection *conn;
6164
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006165 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006166 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02006167 return 0;
6168
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006169 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02006170 smp->flags |= SMP_F_MAY_CHANGE;
6171 return 0;
6172 }
6173
6174 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006175 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006176 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & conn->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02006177
6178 return 1;
6179}
6180
Emeric Brun43e79582014-10-29 19:03:26 +01006181/* binary, returns a certificate in a binary chunk (der/raw).
6182 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6183 * should be use.
6184 */
6185static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006186smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01006187{
6188 int cert_peer = (kw[4] == 'c') ? 1 : 0;
6189 X509 *crt = NULL;
6190 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006191 struct buffer *smp_trash;
Emeric Brun43e79582014-10-29 19:03:26 +01006192 struct connection *conn;
6193
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006194 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01006195 if (!conn || conn->xprt != &ssl_sock)
6196 return 0;
6197
6198 if (!(conn->flags & CO_FL_CONNECTED)) {
6199 smp->flags |= SMP_F_MAY_CHANGE;
6200 return 0;
6201 }
6202
6203 if (cert_peer)
6204 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6205 else
6206 crt = SSL_get_certificate(conn->xprt_ctx);
6207
6208 if (!crt)
6209 goto out;
6210
6211 smp_trash = get_trash_chunk();
6212 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
6213 goto out;
6214
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006215 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006216 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01006217 ret = 1;
6218out:
6219 /* SSL_get_peer_certificate, it increase X509 * ref count */
6220 if (cert_peer && crt)
6221 X509_free(crt);
6222 return ret;
6223}
6224
Emeric Brunba841a12014-04-30 17:05:08 +02006225/* binary, returns serial of certificate in a binary chunk.
6226 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6227 * should be use.
6228 */
Willy Tarreau8d598402012-10-22 17:58:39 +02006229static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006230smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02006231{
Emeric Brunba841a12014-04-30 17:05:08 +02006232 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02006233 X509 *crt = NULL;
6234 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006235 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006236 struct connection *conn;
6237
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006238 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006239 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02006240 return 0;
6241
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006242 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02006243 smp->flags |= SMP_F_MAY_CHANGE;
6244 return 0;
6245 }
6246
Emeric Brunba841a12014-04-30 17:05:08 +02006247 if (cert_peer)
6248 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6249 else
6250 crt = SSL_get_certificate(conn->xprt_ctx);
6251
Willy Tarreau8d598402012-10-22 17:58:39 +02006252 if (!crt)
6253 goto out;
6254
Willy Tarreau47ca5452012-12-23 20:22:19 +01006255 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02006256 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
6257 goto out;
6258
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006259 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006260 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02006261 ret = 1;
6262out:
Emeric Brunba841a12014-04-30 17:05:08 +02006263 /* SSL_get_peer_certificate, it increase X509 * ref count */
6264 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02006265 X509_free(crt);
6266 return ret;
6267}
Emeric Brune64aef12012-09-21 13:15:06 +02006268
Emeric Brunba841a12014-04-30 17:05:08 +02006269/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
6270 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6271 * should be use.
6272 */
James Votha051b4a2013-05-14 20:37:59 +02006273static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006274smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02006275{
Emeric Brunba841a12014-04-30 17:05:08 +02006276 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02006277 X509 *crt = NULL;
6278 const EVP_MD *digest;
6279 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006280 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006281 struct connection *conn;
James Votha051b4a2013-05-14 20:37:59 +02006282
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006283 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006284 if (!conn || conn->xprt != &ssl_sock)
6285 return 0;
6286
6287 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02006288 smp->flags |= SMP_F_MAY_CHANGE;
6289 return 0;
6290 }
6291
Emeric Brunba841a12014-04-30 17:05:08 +02006292 if (cert_peer)
6293 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6294 else
6295 crt = SSL_get_certificate(conn->xprt_ctx);
James Votha051b4a2013-05-14 20:37:59 +02006296 if (!crt)
6297 goto out;
6298
6299 smp_trash = get_trash_chunk();
6300 digest = EVP_sha1();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006301 X509_digest(crt, digest, (unsigned char *) smp_trash->area,
6302 (unsigned int *)&smp_trash->data);
James Votha051b4a2013-05-14 20:37:59 +02006303
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006304 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006305 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02006306 ret = 1;
6307out:
Emeric Brunba841a12014-04-30 17:05:08 +02006308 /* SSL_get_peer_certificate, it increase X509 * ref count */
6309 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02006310 X509_free(crt);
6311 return ret;
6312}
6313
Emeric Brunba841a12014-04-30 17:05:08 +02006314/* string, returns certificate's notafter date in ASN1_UTCTIME format.
6315 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6316 * should be use.
6317 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006318static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006319smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006320{
Emeric Brunba841a12014-04-30 17:05:08 +02006321 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006322 X509 *crt = NULL;
6323 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006324 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006325 struct connection *conn;
Emeric Brunce5ad802012-10-22 14:11:22 +02006326
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006327 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006328 if (!conn || conn->xprt != &ssl_sock)
6329 return 0;
6330
6331 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006332 smp->flags |= SMP_F_MAY_CHANGE;
6333 return 0;
6334 }
6335
Emeric Brunba841a12014-04-30 17:05:08 +02006336 if (cert_peer)
6337 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6338 else
6339 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brunce5ad802012-10-22 14:11:22 +02006340 if (!crt)
6341 goto out;
6342
Willy Tarreau47ca5452012-12-23 20:22:19 +01006343 smp_trash = get_trash_chunk();
Emeric Brunce5ad802012-10-22 14:11:22 +02006344 if (ssl_sock_get_time(X509_get_notAfter(crt), smp_trash) <= 0)
6345 goto out;
6346
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006347 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006348 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006349 ret = 1;
6350out:
Emeric Brunba841a12014-04-30 17:05:08 +02006351 /* SSL_get_peer_certificate, it increase X509 * ref count */
6352 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006353 X509_free(crt);
6354 return ret;
6355}
6356
Emeric Brunba841a12014-04-30 17:05:08 +02006357/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
6358 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6359 * should be use.
6360 */
Emeric Brun87855892012-10-17 17:39:35 +02006361static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006362smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006363{
Emeric Brunba841a12014-04-30 17:05:08 +02006364 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006365 X509 *crt = NULL;
6366 X509_NAME *name;
6367 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006368 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006369 struct connection *conn;
Emeric Brun87855892012-10-17 17:39:35 +02006370
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006371 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006372 if (!conn || conn->xprt != &ssl_sock)
6373 return 0;
6374
6375 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006376 smp->flags |= SMP_F_MAY_CHANGE;
6377 return 0;
6378 }
6379
Emeric Brunba841a12014-04-30 17:05:08 +02006380 if (cert_peer)
6381 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6382 else
6383 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun87855892012-10-17 17:39:35 +02006384 if (!crt)
6385 goto out;
6386
6387 name = X509_get_issuer_name(crt);
6388 if (!name)
6389 goto out;
6390
Willy Tarreau47ca5452012-12-23 20:22:19 +01006391 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006392 if (args && args[0].type == ARGT_STR) {
6393 int pos = 1;
6394
6395 if (args[1].type == ARGT_SINT)
6396 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006397
6398 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6399 goto out;
6400 }
6401 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6402 goto out;
6403
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006404 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006405 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006406 ret = 1;
6407out:
Emeric Brunba841a12014-04-30 17:05:08 +02006408 /* SSL_get_peer_certificate, it increase X509 * ref count */
6409 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006410 X509_free(crt);
6411 return ret;
6412}
6413
Emeric Brunba841a12014-04-30 17:05:08 +02006414/* string, returns notbefore date in ASN1_UTCTIME format.
6415 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6416 * should be use.
6417 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006418static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006419smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006420{
Emeric Brunba841a12014-04-30 17:05:08 +02006421 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006422 X509 *crt = NULL;
6423 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006424 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006425 struct connection *conn;
6426
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006427 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006428 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02006429 return 0;
6430
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006431 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006432 smp->flags |= SMP_F_MAY_CHANGE;
6433 return 0;
6434 }
6435
Emeric Brunba841a12014-04-30 17:05:08 +02006436 if (cert_peer)
6437 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6438 else
6439 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brunce5ad802012-10-22 14:11:22 +02006440 if (!crt)
6441 goto out;
6442
Willy Tarreau47ca5452012-12-23 20:22:19 +01006443 smp_trash = get_trash_chunk();
Emeric Brunce5ad802012-10-22 14:11:22 +02006444 if (ssl_sock_get_time(X509_get_notBefore(crt), smp_trash) <= 0)
6445 goto out;
6446
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006447 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006448 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006449 ret = 1;
6450out:
Emeric Brunba841a12014-04-30 17:05:08 +02006451 /* SSL_get_peer_certificate, it increase X509 * ref count */
6452 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006453 X509_free(crt);
6454 return ret;
6455}
6456
Emeric Brunba841a12014-04-30 17:05:08 +02006457/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
6458 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6459 * should be use.
6460 */
Emeric Brun87855892012-10-17 17:39:35 +02006461static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006462smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006463{
Emeric Brunba841a12014-04-30 17:05:08 +02006464 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006465 X509 *crt = NULL;
6466 X509_NAME *name;
6467 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006468 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006469 struct connection *conn;
Emeric Brun87855892012-10-17 17:39:35 +02006470
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006471 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006472 if (!conn || conn->xprt != &ssl_sock)
6473 return 0;
6474
6475 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006476 smp->flags |= SMP_F_MAY_CHANGE;
6477 return 0;
6478 }
6479
Emeric Brunba841a12014-04-30 17:05:08 +02006480 if (cert_peer)
6481 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6482 else
6483 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun87855892012-10-17 17:39:35 +02006484 if (!crt)
6485 goto out;
6486
6487 name = X509_get_subject_name(crt);
6488 if (!name)
6489 goto out;
6490
Willy Tarreau47ca5452012-12-23 20:22:19 +01006491 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006492 if (args && args[0].type == ARGT_STR) {
6493 int pos = 1;
6494
6495 if (args[1].type == ARGT_SINT)
6496 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006497
6498 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6499 goto out;
6500 }
6501 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6502 goto out;
6503
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006504 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006505 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006506 ret = 1;
6507out:
Emeric Brunba841a12014-04-30 17:05:08 +02006508 /* SSL_get_peer_certificate, it increase X509 * ref count */
6509 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006510 X509_free(crt);
6511 return ret;
6512}
Emeric Brun9143d372012-12-20 15:44:16 +01006513
6514/* integer, returns true if current session use a client certificate */
6515static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006516smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01006517{
6518 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006519 struct connection *conn;
Emeric Brun9143d372012-12-20 15:44:16 +01006520
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006521 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006522 if (!conn || conn->xprt != &ssl_sock)
6523 return 0;
6524
6525 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01006526 smp->flags |= SMP_F_MAY_CHANGE;
6527 return 0;
6528 }
6529
6530 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006531 crt = SSL_get_peer_certificate(conn->xprt_ctx);
Emeric Brun9143d372012-12-20 15:44:16 +01006532 if (crt) {
6533 X509_free(crt);
6534 }
6535
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006536 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006537 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01006538 return 1;
6539}
6540
Emeric Brunba841a12014-04-30 17:05:08 +02006541/* integer, returns the certificate version
6542 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6543 * should be use.
6544 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02006545static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006546smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006547{
Emeric Brunba841a12014-04-30 17:05:08 +02006548 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006549 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006550 struct connection *conn;
6551
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006552 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006553 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006554 return 0;
6555
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006556 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02006557 smp->flags |= SMP_F_MAY_CHANGE;
6558 return 0;
6559 }
6560
Emeric Brunba841a12014-04-30 17:05:08 +02006561 if (cert_peer)
6562 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6563 else
6564 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Bruna7359fd2012-10-17 15:03:11 +02006565 if (!crt)
6566 return 0;
6567
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006568 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02006569 /* SSL_get_peer_certificate increase X509 * ref count */
6570 if (cert_peer)
6571 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006572 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006573
6574 return 1;
6575}
6576
Emeric Brunba841a12014-04-30 17:05:08 +02006577/* string, returns the certificate's signature algorithm.
6578 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6579 * should be use.
6580 */
Emeric Brun7f56e742012-10-19 18:15:40 +02006581static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006582smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02006583{
Emeric Brunba841a12014-04-30 17:05:08 +02006584 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02006585 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006586 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02006587 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006588 struct connection *conn;
Emeric Brun7f56e742012-10-19 18:15:40 +02006589
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006590 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006591 if (!conn || conn->xprt != &ssl_sock)
6592 return 0;
6593
6594 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02006595 smp->flags |= SMP_F_MAY_CHANGE;
6596 return 0;
6597 }
6598
Emeric Brunba841a12014-04-30 17:05:08 +02006599 if (cert_peer)
6600 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6601 else
6602 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun7f56e742012-10-19 18:15:40 +02006603 if (!crt)
6604 return 0;
6605
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006606 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6607 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02006608
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006609 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
6610 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02006611 /* SSL_get_peer_certificate increase X509 * ref count */
6612 if (cert_peer)
6613 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02006614 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02006615 }
Emeric Brun7f56e742012-10-19 18:15:40 +02006616
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006617 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006618 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006619 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02006620 /* SSL_get_peer_certificate increase X509 * ref count */
6621 if (cert_peer)
6622 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02006623
6624 return 1;
6625}
6626
Emeric Brunba841a12014-04-30 17:05:08 +02006627/* string, returns the certificate's key algorithm.
6628 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6629 * should be use.
6630 */
Emeric Brun521a0112012-10-22 12:22:55 +02006631static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006632smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02006633{
Emeric Brunba841a12014-04-30 17:05:08 +02006634 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02006635 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006636 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02006637 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006638 struct connection *conn;
Emeric Brun521a0112012-10-22 12:22:55 +02006639
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006640 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006641 if (!conn || conn->xprt != &ssl_sock)
6642 return 0;
6643
6644 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02006645 smp->flags |= SMP_F_MAY_CHANGE;
6646 return 0;
6647 }
6648
Emeric Brunba841a12014-04-30 17:05:08 +02006649 if (cert_peer)
6650 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6651 else
6652 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun521a0112012-10-22 12:22:55 +02006653 if (!crt)
6654 return 0;
6655
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006656 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
6657 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02006658
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006659 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
6660 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02006661 /* SSL_get_peer_certificate increase X509 * ref count */
6662 if (cert_peer)
6663 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02006664 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02006665 }
Emeric Brun521a0112012-10-22 12:22:55 +02006666
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006667 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006668 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006669 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02006670 if (cert_peer)
6671 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02006672
6673 return 1;
6674}
6675
Emeric Brun645ae792014-04-30 14:21:06 +02006676/* boolean, returns true if front conn. transport layer is SSL.
6677 * This function is also usable on backend conn if the fetch keyword 5th
6678 * char is 'b'.
6679 */
Willy Tarreau7875d092012-09-10 08:20:03 +02006680static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006681smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006682{
Emeric Bruneb8def92018-02-19 15:59:48 +01006683 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6684 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006685
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006686 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006687 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02006688 return 1;
6689}
6690
Emeric Brun2525b6b2012-10-18 15:59:43 +02006691/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02006692static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006693smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006694{
6695#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006696 struct connection *conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006697
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006698 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006699 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006700 conn->xprt_ctx &&
6701 SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02006702 return 1;
6703#else
6704 return 0;
6705#endif
6706}
6707
Emeric Brun74f7ffa2018-02-19 16:14:12 +01006708/* boolean, returns true if client session has been resumed.
6709 * This function is also usable on backend conn if the fetch keyword 5th
6710 * char is 'b'.
6711 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006712static int
6713smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
6714{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01006715 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6716 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
6717
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006718
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006719 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006720 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006721 conn->xprt_ctx &&
6722 SSL_session_reused(conn->xprt_ctx);
6723 return 1;
6724}
6725
Emeric Brun645ae792014-04-30 14:21:06 +02006726/* string, returns the used cipher if front conn. transport layer is SSL.
6727 * This function is also usable on backend conn if the fetch keyword 5th
6728 * char is 'b'.
6729 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006730static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006731smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006732{
Emeric Bruneb8def92018-02-19 15:59:48 +01006733 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6734 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Emeric Brun589fcad2012-10-16 14:13:26 +02006735
Willy Tarreaube508f12016-03-10 11:47:01 +01006736 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006737 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02006738 return 0;
6739
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006740 smp->data.u.str.area = (char *)SSL_get_cipher_name(conn->xprt_ctx);
6741 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02006742 return 0;
6743
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006744 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006745 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006746 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02006747
6748 return 1;
6749}
6750
Emeric Brun645ae792014-04-30 14:21:06 +02006751/* integer, returns the algoritm's keysize if front conn. transport layer
6752 * is SSL.
6753 * This function is also usable on backend conn if the fetch keyword 5th
6754 * char is 'b'.
6755 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006756static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006757smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006758{
Emeric Bruneb8def92018-02-19 15:59:48 +01006759 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6760 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01006761 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01006762
Emeric Brun589fcad2012-10-16 14:13:26 +02006763 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006764 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02006765 return 0;
6766
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02006767 if (!SSL_get_cipher_bits(conn->xprt_ctx, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006768 return 0;
6769
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006770 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006771 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02006772
6773 return 1;
6774}
6775
Emeric Brun645ae792014-04-30 14:21:06 +02006776/* integer, returns the used keysize if front conn. transport layer is SSL.
6777 * This function is also usable on backend conn if the fetch keyword 5th
6778 * char is 'b'.
6779 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006780static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006781smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006782{
Emeric Bruneb8def92018-02-19 15:59:48 +01006783 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6784 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaube508f12016-03-10 11:47:01 +01006785
Emeric Brun589fcad2012-10-16 14:13:26 +02006786 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006787 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6788 return 0;
6789
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006790 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(conn->xprt_ctx, NULL);
6791 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02006792 return 0;
6793
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006794 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02006795
6796 return 1;
6797}
6798
Bernard Spil13c53f82018-02-15 13:34:58 +01006799#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau7875d092012-09-10 08:20:03 +02006800static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006801smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02006802{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006803 struct connection *conn;
6804
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006805 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006806 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02006807
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006808 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006809 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6810 return 0;
6811
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006812 smp->data.u.str.area = NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006813 SSL_get0_next_proto_negotiated(conn->xprt_ctx,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006814 (const unsigned char **)&smp->data.u.str.area,
6815 (unsigned *)&smp->data.u.str.data);
Willy Tarreaua33c6542012-10-15 13:19:06 +02006816
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006817 if (!smp->data.u.str.area)
Willy Tarreaua33c6542012-10-15 13:19:06 +02006818 return 0;
6819
6820 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02006821}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02006822#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02006823
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01006824#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02006825static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006826smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02006827{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006828 struct connection *conn;
6829
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006830 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006831 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02006832
Willy Tarreaue26bf052015-05-12 10:30:12 +02006833 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006834 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02006835 return 0;
6836
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006837 smp->data.u.str.area = NULL;
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01006838 SSL_get0_alpn_selected(conn->xprt_ctx,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006839 (const unsigned char **)&smp->data.u.str.area,
6840 (unsigned *)&smp->data.u.str.data);
Willy Tarreauab861d32013-04-02 02:30:41 +02006841
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006842 if (!smp->data.u.str.area)
Willy Tarreauab861d32013-04-02 02:30:41 +02006843 return 0;
6844
6845 return 1;
6846}
6847#endif
6848
Emeric Brun645ae792014-04-30 14:21:06 +02006849/* string, returns the used protocol if front conn. transport layer is SSL.
6850 * This function is also usable on backend conn if the fetch keyword 5th
6851 * char is 'b'.
6852 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02006853static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006854smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006855{
Emeric Bruneb8def92018-02-19 15:59:48 +01006856 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6857 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaube508f12016-03-10 11:47:01 +01006858
Emeric Brun589fcad2012-10-16 14:13:26 +02006859 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006860 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6861 return 0;
6862
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006863 smp->data.u.str.area = (char *)SSL_get_version(conn->xprt_ctx);
6864 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02006865 return 0;
6866
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006867 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006868 smp->flags = SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006869 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02006870
6871 return 1;
6872}
6873
Willy Tarreau87b09662015-04-03 00:22:06 +02006874/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02006875 * This function is also usable on backend conn if the fetch keyword 5th
6876 * char is 'b'.
6877 */
Patrick Hemmer41966772018-04-28 19:15:48 -04006878#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun589fcad2012-10-16 14:13:26 +02006879static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006880smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02006881{
Emeric Bruneb8def92018-02-19 15:59:48 +01006882 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6883 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01006884 SSL_SESSION *ssl_sess;
Willy Tarreaube508f12016-03-10 11:47:01 +01006885
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006886 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006887 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02006888
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006889 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6890 return 0;
6891
Willy Tarreau192252e2015-04-04 01:47:55 +02006892 ssl_sess = SSL_get_session(conn->xprt_ctx);
6893 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02006894 return 0;
6895
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006896 smp->data.u.str.area = (char *)SSL_SESSION_get_id(ssl_sess,
6897 (unsigned int *)&smp->data.u.str.data);
6898 if (!smp->data.u.str.area || !smp->data.u.str.data)
Emeric Brunfe68f682012-10-16 14:59:28 +02006899 return 0;
6900
6901 return 1;
Emeric Brunfe68f682012-10-16 14:59:28 +02006902}
Patrick Hemmer41966772018-04-28 19:15:48 -04006903#endif
6904
Emeric Brunfe68f682012-10-16 14:59:28 +02006905
Patrick Hemmere0275472018-04-28 19:15:51 -04006906#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
6907static int
6908smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
6909{
6910 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6911 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
6912 SSL_SESSION *ssl_sess;
Willy Tarreau83061a82018-07-13 11:56:34 +02006913 struct buffer *data;
Patrick Hemmere0275472018-04-28 19:15:51 -04006914
6915 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6916 return 0;
6917
6918 ssl_sess = SSL_get_session(conn->xprt_ctx);
6919 if (!ssl_sess)
6920 return 0;
6921
6922 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006923 data->data = SSL_SESSION_get_master_key(ssl_sess,
6924 (unsigned char *) data->area,
6925 data->size);
6926 if (!data->data)
Patrick Hemmere0275472018-04-28 19:15:51 -04006927 return 0;
6928
6929 smp->flags = 0;
6930 smp->data.type = SMP_T_BIN;
6931 smp->data.u.str = *data;
6932
6933 return 1;
6934}
6935#endif
6936
Patrick Hemmer41966772018-04-28 19:15:48 -04006937#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emeric Brunfe68f682012-10-16 14:59:28 +02006938static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006939smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006940{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006941 struct connection *conn;
6942
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006943 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006944 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02006945
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006946 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006947 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6948 return 0;
6949
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006950 smp->data.u.str.area = (char *)SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
6951 if (!smp->data.u.str.area)
Willy Tarreau3e394c92012-09-14 23:56:58 +02006952 return 0;
6953
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006954 smp->data.u.str.data = strlen(smp->data.u.str.area);
Willy Tarreau7875d092012-09-10 08:20:03 +02006955 return 1;
Willy Tarreau7875d092012-09-10 08:20:03 +02006956}
Patrick Hemmer41966772018-04-28 19:15:48 -04006957#endif
Willy Tarreau7875d092012-09-10 08:20:03 +02006958
David Sc1ad52e2014-04-08 18:48:47 -04006959static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006960smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
6961{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006962 struct connection *conn;
6963 struct ssl_capture *capture;
6964
6965 conn = objt_conn(smp->sess->origin);
6966 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6967 return 0;
6968
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01006969 capture = SSL_get_ex_data(conn->xprt_ctx, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006970 if (!capture)
6971 return 0;
6972
6973 smp->flags = SMP_F_CONST;
6974 smp->data.type = SMP_T_BIN;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006975 smp->data.u.str.area = capture->ciphersuite;
6976 smp->data.u.str.data = capture->ciphersuite_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006977 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006978}
6979
6980static int
6981smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
6982{
Willy Tarreau83061a82018-07-13 11:56:34 +02006983 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006984
6985 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
6986 return 0;
6987
6988 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006989 dump_binary(data, smp->data.u.str.area, smp->data.u.str.data);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006990 smp->data.type = SMP_T_BIN;
6991 smp->data.u.str = *data;
6992 return 1;
6993}
6994
6995static int
6996smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
6997{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006998 struct connection *conn;
6999 struct ssl_capture *capture;
7000
7001 conn = objt_conn(smp->sess->origin);
7002 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7003 return 0;
7004
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01007005 capture = SSL_get_ex_data(conn->xprt_ctx, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007006 if (!capture)
7007 return 0;
7008
7009 smp->data.type = SMP_T_SINT;
7010 smp->data.u.sint = capture->xxh64;
7011 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007012}
7013
7014static int
7015smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
7016{
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007017#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && !defined(LIBRESSL_VERSION_NUMBER)
Willy Tarreau83061a82018-07-13 11:56:34 +02007018 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007019 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007020
7021 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7022 return 0;
7023
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007024 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007025 for (i = 0; i + 1 < smp->data.u.str.data; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007026 const char *str;
7027 const SSL_CIPHER *cipher;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007028 const unsigned char *bin = (const unsigned char *) smp->data.u.str.area + i;
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007029 uint16_t id = (bin[0] << 8) | bin[1];
7030#if defined(OPENSSL_IS_BORINGSSL)
7031 cipher = SSL_get_cipher_by_value(id);
7032#else
7033 struct connection *conn = objt_conn(smp->sess->origin);
7034 cipher = SSL_CIPHER_find(conn->xprt_ctx, bin);
7035#endif
7036 str = SSL_CIPHER_get_name(cipher);
7037 if (!str || strcmp(str, "(NONE)") == 0)
7038 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007039 else
7040 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
7041 }
7042 smp->data.type = SMP_T_STR;
7043 smp->data.u.str = *data;
7044 return 1;
7045#else
7046 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
7047#endif
7048}
7049
Patrick Hemmer41966772018-04-28 19:15:48 -04007050#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007051static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007052smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04007053{
Emeric Bruneb8def92018-02-19 15:59:48 +01007054 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7055 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04007056 int finished_len;
Willy Tarreau83061a82018-07-13 11:56:34 +02007057 struct buffer *finished_trash;
David Sc1ad52e2014-04-08 18:48:47 -04007058
7059 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04007060 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7061 return 0;
7062
7063 if (!(conn->flags & CO_FL_CONNECTED)) {
7064 smp->flags |= SMP_F_MAY_CHANGE;
7065 return 0;
7066 }
7067
7068 finished_trash = get_trash_chunk();
7069 if (!SSL_session_reused(conn->xprt_ctx))
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007070 finished_len = SSL_get_peer_finished(conn->xprt_ctx,
7071 finished_trash->area,
7072 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007073 else
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007074 finished_len = SSL_get_finished(conn->xprt_ctx,
7075 finished_trash->area,
7076 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007077
7078 if (!finished_len)
7079 return 0;
7080
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007081 finished_trash->data = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007082 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007083 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04007084
7085 return 1;
David Sc1ad52e2014-04-08 18:48:47 -04007086}
Patrick Hemmer41966772018-04-28 19:15:48 -04007087#endif
David Sc1ad52e2014-04-08 18:48:47 -04007088
Emeric Brun2525b6b2012-10-18 15:59:43 +02007089/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007090static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007091smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007092{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007093 struct connection *conn;
7094
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007095 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007096 if (!conn || conn->xprt != &ssl_sock)
7097 return 0;
7098
7099 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007100 smp->flags = SMP_F_MAY_CHANGE;
7101 return 0;
7102 }
7103
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007104 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007105 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007106 smp->flags = 0;
7107
7108 return 1;
7109}
7110
Emeric Brun2525b6b2012-10-18 15:59:43 +02007111/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007112static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007113smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007114{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007115 struct connection *conn;
7116
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007117 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007118 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02007119 return 0;
7120
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007121 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007122 smp->flags = SMP_F_MAY_CHANGE;
7123 return 0;
7124 }
7125
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007126 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007127 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007128 smp->flags = 0;
7129
7130 return 1;
7131}
7132
Emeric Brun2525b6b2012-10-18 15:59:43 +02007133/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02007134static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007135smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007136{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007137 struct connection *conn;
7138
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007139 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007140 if (!conn || conn->xprt != &ssl_sock)
7141 return 0;
7142
7143 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007144 smp->flags = SMP_F_MAY_CHANGE;
7145 return 0;
7146 }
7147
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007148 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007149 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007150 smp->flags = 0;
7151
7152 return 1;
7153}
7154
Emeric Brun2525b6b2012-10-18 15:59:43 +02007155/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007156static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007157smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007158{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007159 struct connection *conn;
7160
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007161 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007162 if (!conn || conn->xprt != &ssl_sock)
7163 return 0;
7164
7165 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007166 smp->flags = SMP_F_MAY_CHANGE;
7167 return 0;
7168 }
7169
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007170 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007171 return 0;
7172
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007173 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007174 smp->data.u.sint = (long long int)SSL_get_verify_result(conn->xprt_ctx);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007175 smp->flags = 0;
7176
7177 return 1;
7178}
7179
Emeric Brunfb510ea2012-10-05 12:00:26 +02007180/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007181static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007182{
7183 if (!*args[cur_arg + 1]) {
7184 if (err)
7185 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7186 return ERR_ALERT | ERR_FATAL;
7187 }
7188
Willy Tarreauef934602016-12-22 23:12:01 +01007189 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7190 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007191 else
7192 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007193
Emeric Brund94b3fe2012-09-20 18:23:56 +02007194 return 0;
7195}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007196static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7197{
7198 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
7199}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007200
Christopher Faulet31af49d2015-06-09 17:29:50 +02007201/* parse the "ca-sign-file" bind keyword */
7202static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7203{
7204 if (!*args[cur_arg + 1]) {
7205 if (err)
7206 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7207 return ERR_ALERT | ERR_FATAL;
7208 }
7209
Willy Tarreauef934602016-12-22 23:12:01 +01007210 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7211 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02007212 else
7213 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
7214
7215 return 0;
7216}
7217
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007218/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02007219static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7220{
7221 if (!*args[cur_arg + 1]) {
7222 if (err)
7223 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
7224 return ERR_ALERT | ERR_FATAL;
7225 }
7226 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
7227 return 0;
7228}
7229
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007230/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007231static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007232{
7233 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007234 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007235 return ERR_ALERT | ERR_FATAL;
7236 }
7237
Emeric Brun76d88952012-10-05 15:47:31 +02007238 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02007239 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007240 return 0;
7241}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007242static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7243{
7244 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
7245}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007246/* parse the "crt" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007247static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007248{
Willy Tarreau38011032013-08-13 16:59:39 +02007249 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02007250
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007251 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007252 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007253 return ERR_ALERT | ERR_FATAL;
7254 }
7255
Willy Tarreauef934602016-12-22 23:12:01 +01007256 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
7257 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02007258 memprintf(err, "'%s' : path too long", args[cur_arg]);
7259 return ERR_ALERT | ERR_FATAL;
7260 }
Willy Tarreauef934602016-12-22 23:12:01 +01007261 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreau03209342016-12-22 17:08:28 +01007262 if (ssl_sock_load_cert(path, conf, err) > 0)
Emeric Brunc8e8d122012-10-02 18:42:10 +02007263 return ERR_ALERT | ERR_FATAL;
7264
7265 return 0;
7266 }
7267
Willy Tarreau03209342016-12-22 17:08:28 +01007268 if (ssl_sock_load_cert(args[cur_arg + 1], conf, err) > 0)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007269 return ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007270
7271 return 0;
7272}
7273
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007274/* parse the "crt-list" bind keyword */
7275static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7276{
7277 if (!*args[cur_arg + 1]) {
7278 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
7279 return ERR_ALERT | ERR_FATAL;
7280 }
7281
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007282 if (ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err) > 0) {
Willy Tarreauad1731d2013-04-02 17:35:58 +02007283 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007284 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02007285 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007286
7287 return 0;
7288}
7289
Emeric Brunfb510ea2012-10-05 12:00:26 +02007290/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007291static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007292{
Emeric Brun051cdab2012-10-02 19:25:50 +02007293#ifndef X509_V_FLAG_CRL_CHECK
7294 if (err)
7295 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
7296 return ERR_ALERT | ERR_FATAL;
7297#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02007298 if (!*args[cur_arg + 1]) {
7299 if (err)
7300 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
7301 return ERR_ALERT | ERR_FATAL;
7302 }
Emeric Brun2b58d042012-09-20 17:10:03 +02007303
Willy Tarreauef934602016-12-22 23:12:01 +01007304 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7305 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007306 else
7307 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007308
Emeric Brun2b58d042012-09-20 17:10:03 +02007309 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02007310#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02007311}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007312static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7313{
7314 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
7315}
Emeric Brun2b58d042012-09-20 17:10:03 +02007316
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007317/* parse the "curves" bind keyword keyword */
7318static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7319{
7320#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
7321 if (!*args[cur_arg + 1]) {
7322 if (err)
7323 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
7324 return ERR_ALERT | ERR_FATAL;
7325 }
7326 conf->curves = strdup(args[cur_arg + 1]);
7327 return 0;
7328#else
7329 if (err)
7330 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
7331 return ERR_ALERT | ERR_FATAL;
7332#endif
7333}
7334static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7335{
7336 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
7337}
7338
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007339/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007340static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02007341{
7342#if OPENSSL_VERSION_NUMBER < 0x0090800fL
7343 if (err)
7344 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
7345 return ERR_ALERT | ERR_FATAL;
7346#elif defined(OPENSSL_NO_ECDH)
7347 if (err)
7348 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
7349 return ERR_ALERT | ERR_FATAL;
7350#else
7351 if (!*args[cur_arg + 1]) {
7352 if (err)
7353 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
7354 return ERR_ALERT | ERR_FATAL;
7355 }
7356
7357 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007358
7359 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02007360#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007361}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007362static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7363{
7364 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
7365}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007366
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007367/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02007368static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7369{
7370 int code;
7371 char *p = args[cur_arg + 1];
7372 unsigned long long *ignerr = &conf->crt_ignerr;
7373
7374 if (!*p) {
7375 if (err)
7376 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
7377 return ERR_ALERT | ERR_FATAL;
7378 }
7379
7380 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
7381 ignerr = &conf->ca_ignerr;
7382
7383 if (strcmp(p, "all") == 0) {
7384 *ignerr = ~0ULL;
7385 return 0;
7386 }
7387
7388 while (p) {
7389 code = atoi(p);
7390 if ((code <= 0) || (code > 63)) {
7391 if (err)
7392 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
7393 args[cur_arg], code, args[cur_arg + 1]);
7394 return ERR_ALERT | ERR_FATAL;
7395 }
7396 *ignerr |= 1ULL << code;
7397 p = strchr(p, ',');
7398 if (p)
7399 p++;
7400 }
7401
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007402 return 0;
7403}
7404
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007405/* parse tls_method_options "no-xxx" and "force-xxx" */
7406static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007407{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007408 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007409 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007410 p = strchr(arg, '-');
7411 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007412 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007413 p++;
7414 if (!strcmp(p, "sslv3"))
7415 v = CONF_SSLV3;
7416 else if (!strcmp(p, "tlsv10"))
7417 v = CONF_TLSV10;
7418 else if (!strcmp(p, "tlsv11"))
7419 v = CONF_TLSV11;
7420 else if (!strcmp(p, "tlsv12"))
7421 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02007422 else if (!strcmp(p, "tlsv13"))
7423 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007424 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007425 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007426 if (!strncmp(arg, "no-", 3))
7427 methods->flags |= methodVersions[v].flag;
7428 else if (!strncmp(arg, "force-", 6))
7429 methods->min = methods->max = v;
7430 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007431 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007432 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007433 fail:
7434 if (err)
7435 memprintf(err, "'%s' : option not implemented", arg);
7436 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007437}
7438
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007439static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007440{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007441 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007442}
7443
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007444static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007445{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007446 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
7447}
7448
7449/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
7450static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
7451{
7452 uint16_t i, v = 0;
7453 char *argv = args[cur_arg + 1];
7454 if (!*argv) {
7455 if (err)
7456 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
7457 return ERR_ALERT | ERR_FATAL;
7458 }
7459 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
7460 if (!strcmp(argv, methodVersions[i].name))
7461 v = i;
7462 if (!v) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007463 if (err)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007464 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007465 return ERR_ALERT | ERR_FATAL;
7466 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007467 if (!strcmp("ssl-min-ver", args[cur_arg]))
7468 methods->min = v;
7469 else if (!strcmp("ssl-max-ver", args[cur_arg]))
7470 methods->max = v;
7471 else {
7472 if (err)
7473 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
7474 return ERR_ALERT | ERR_FATAL;
7475 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007476 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007477}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007478
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02007479static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7480{
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02007481#if (OPENSSL_VERSION_NUMBER < 0x10101000L) || !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01007482 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02007483#endif
7484 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
7485}
7486
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007487static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7488{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007489 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007490}
7491
7492static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7493{
7494 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
7495}
7496
Emeric Brun2d0c4822012-10-02 13:45:20 +02007497/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01007498static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02007499{
Emeric Brun89675492012-10-05 13:48:26 +02007500 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02007501 return 0;
7502}
Emeric Brun2d0c4822012-10-02 13:45:20 +02007503
Olivier Houchardc2aae742017-09-22 18:26:28 +02007504/* parse the "allow-0rtt" bind keyword */
7505static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7506{
7507 conf->early_data = 1;
7508 return 0;
7509}
7510
7511static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7512{
Olivier Houchard9679ac92017-10-27 14:58:08 +02007513 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02007514 return 0;
7515}
7516
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007517/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007518static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007519{
Bernard Spil13c53f82018-02-15 13:34:58 +01007520#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007521 char *p1, *p2;
7522
7523 if (!*args[cur_arg + 1]) {
7524 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
7525 return ERR_ALERT | ERR_FATAL;
7526 }
7527
7528 free(conf->npn_str);
7529
Willy Tarreau3724da12016-02-12 17:11:12 +01007530 /* the NPN string is built as a suite of (<len> <name>)*,
7531 * so we reuse each comma to store the next <len> and need
7532 * one more for the end of the string.
7533 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007534 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01007535 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007536 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
7537
7538 /* replace commas with the name length */
7539 p1 = conf->npn_str;
7540 p2 = p1 + 1;
7541 while (1) {
7542 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
7543 if (!p2)
7544 p2 = p1 + 1 + strlen(p1 + 1);
7545
7546 if (p2 - (p1 + 1) > 255) {
7547 *p2 = '\0';
7548 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
7549 return ERR_ALERT | ERR_FATAL;
7550 }
7551
7552 *p1 = p2 - (p1 + 1);
7553 p1 = p2;
7554
7555 if (!*p2)
7556 break;
7557
7558 *(p2++) = '\0';
7559 }
7560 return 0;
7561#else
7562 if (err)
7563 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
7564 return ERR_ALERT | ERR_FATAL;
7565#endif
7566}
7567
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007568static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7569{
7570 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
7571}
7572
Willy Tarreauab861d32013-04-02 02:30:41 +02007573/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007574static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02007575{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01007576#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02007577 char *p1, *p2;
7578
7579 if (!*args[cur_arg + 1]) {
7580 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
7581 return ERR_ALERT | ERR_FATAL;
7582 }
7583
7584 free(conf->alpn_str);
7585
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01007586 /* the ALPN string is built as a suite of (<len> <name>)*,
7587 * so we reuse each comma to store the next <len> and need
7588 * one more for the end of the string.
7589 */
Willy Tarreauab861d32013-04-02 02:30:41 +02007590 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01007591 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02007592 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
7593
7594 /* replace commas with the name length */
7595 p1 = conf->alpn_str;
7596 p2 = p1 + 1;
7597 while (1) {
7598 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
7599 if (!p2)
7600 p2 = p1 + 1 + strlen(p1 + 1);
7601
7602 if (p2 - (p1 + 1) > 255) {
7603 *p2 = '\0';
7604 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
7605 return ERR_ALERT | ERR_FATAL;
7606 }
7607
7608 *p1 = p2 - (p1 + 1);
7609 p1 = p2;
7610
7611 if (!*p2)
7612 break;
7613
7614 *(p2++) = '\0';
7615 }
7616 return 0;
7617#else
7618 if (err)
7619 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
7620 return ERR_ALERT | ERR_FATAL;
7621#endif
7622}
7623
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007624static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7625{
7626 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
7627}
7628
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007629/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007630static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007631{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01007632 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02007633 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02007634
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007635 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
7636 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01007637 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007638 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
7639 if (!conf->ssl_conf.ssl_methods.min)
7640 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
7641 if (!conf->ssl_conf.ssl_methods.max)
7642 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02007643
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007644 return 0;
7645}
7646
Lukas Tribus53ae85c2017-05-04 15:45:40 +00007647/* parse the "prefer-client-ciphers" bind keyword */
7648static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7649{
7650 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
7651 return 0;
7652}
7653
Christopher Faulet31af49d2015-06-09 17:29:50 +02007654/* parse the "generate-certificates" bind keyword */
7655static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7656{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01007657#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02007658 conf->generate_certs = 1;
7659#else
7660 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
7661 err && *err ? *err : "");
7662#endif
7663 return 0;
7664}
7665
Emmanuel Hocdet65623372013-01-24 17:17:15 +01007666/* parse the "strict-sni" bind keyword */
7667static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7668{
7669 conf->strict_sni = 1;
7670 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007671}
7672
7673/* parse the "tls-ticket-keys" bind keyword */
7674static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7675{
7676#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
7677 FILE *f;
7678 int i = 0;
7679 char thisline[LINESIZE];
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007680 struct tls_keys_ref *keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007681
7682 if (!*args[cur_arg + 1]) {
7683 if (err)
7684 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
7685 return ERR_ALERT | ERR_FATAL;
7686 }
7687
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007688 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02007689 if (keys_ref) {
7690 keys_ref->refcount++;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007691 conf->keys_ref = keys_ref;
7692 return 0;
7693 }
7694
Vincent Bernat02779b62016-04-03 13:48:43 +02007695 keys_ref = malloc(sizeof(*keys_ref));
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007696 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(struct tls_sess_key));
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007697
7698 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
7699 if (err)
7700 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
7701 return ERR_ALERT | ERR_FATAL;
7702 }
7703
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007704 keys_ref->filename = strdup(args[cur_arg + 1]);
7705
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007706 while (fgets(thisline, sizeof(thisline), f) != NULL) {
7707 int len = strlen(thisline);
7708 /* Strip newline characters from the end */
7709 if(thisline[len - 1] == '\n')
7710 thisline[--len] = 0;
7711
7712 if(thisline[len - 1] == '\r')
7713 thisline[--len] = 0;
7714
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007715 if (base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(struct tls_sess_key)) != sizeof(struct tls_sess_key)) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007716 if (err)
7717 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
mildis16aa0152016-06-22 17:46:29 +02007718 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007719 return ERR_ALERT | ERR_FATAL;
7720 }
7721 i++;
7722 }
7723
7724 if (i < TLS_TICKETS_NO) {
7725 if (err)
7726 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
mildis16aa0152016-06-22 17:46:29 +02007727 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007728 return ERR_ALERT | ERR_FATAL;
7729 }
7730
7731 fclose(f);
7732
7733 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01007734 i -= 2;
7735 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007736 keys_ref->unique_id = -1;
Willy Tarreau17b4aa12018-07-17 10:05:32 +02007737 keys_ref->refcount = 1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01007738 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007739 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007740
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007741 LIST_ADD(&tlskeys_reference, &keys_ref->list);
7742
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007743 return 0;
7744#else
7745 if (err)
7746 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
7747 return ERR_ALERT | ERR_FATAL;
7748#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01007749}
7750
Emeric Brund94b3fe2012-09-20 18:23:56 +02007751/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007752static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007753{
7754 if (!*args[cur_arg + 1]) {
7755 if (err)
7756 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
7757 return ERR_ALERT | ERR_FATAL;
7758 }
7759
7760 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007761 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007762 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007763 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007764 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007765 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007766 else {
7767 if (err)
7768 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
7769 args[cur_arg], args[cur_arg + 1]);
7770 return ERR_ALERT | ERR_FATAL;
7771 }
7772
7773 return 0;
7774}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007775static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7776{
7777 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
7778}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007779
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02007780/* parse the "no-ca-names" bind keyword */
7781static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7782{
7783 conf->no_ca_names = 1;
7784 return 0;
7785}
7786static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7787{
7788 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
7789}
7790
Willy Tarreau92faadf2012-10-10 23:04:25 +02007791/************** "server" keywords ****************/
7792
Emeric Brunef42d922012-10-11 16:11:36 +02007793/* parse the "ca-file" server keyword */
7794static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7795{
7796 if (!*args[*cur_arg + 1]) {
7797 if (err)
7798 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
7799 return ERR_ALERT | ERR_FATAL;
7800 }
7801
Willy Tarreauef934602016-12-22 23:12:01 +01007802 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
7803 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007804 else
7805 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
7806
7807 return 0;
7808}
7809
Olivier Houchard9130a962017-10-17 17:33:43 +02007810/* parse the "check-sni" server keyword */
7811static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7812{
7813 if (!*args[*cur_arg + 1]) {
7814 if (err)
7815 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
7816 return ERR_ALERT | ERR_FATAL;
7817 }
7818
7819 newsrv->check.sni = strdup(args[*cur_arg + 1]);
7820 if (!newsrv->check.sni) {
7821 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
7822 return ERR_ALERT | ERR_FATAL;
7823 }
7824 return 0;
7825
7826}
7827
Willy Tarreau92faadf2012-10-10 23:04:25 +02007828/* parse the "check-ssl" server keyword */
7829static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7830{
7831 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01007832 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
7833 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
7834 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007835 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
7836 if (!newsrv->ssl_ctx.methods.min)
7837 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
7838 if (!newsrv->ssl_ctx.methods.max)
7839 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
7840
Willy Tarreau92faadf2012-10-10 23:04:25 +02007841 return 0;
7842}
7843
7844/* parse the "ciphers" server keyword */
7845static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7846{
7847 if (!*args[*cur_arg + 1]) {
7848 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
7849 return ERR_ALERT | ERR_FATAL;
7850 }
7851
7852 free(newsrv->ssl_ctx.ciphers);
7853 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
7854 return 0;
7855}
7856
Emeric Brunef42d922012-10-11 16:11:36 +02007857/* parse the "crl-file" server keyword */
7858static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7859{
7860#ifndef X509_V_FLAG_CRL_CHECK
7861 if (err)
7862 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
7863 return ERR_ALERT | ERR_FATAL;
7864#else
7865 if (!*args[*cur_arg + 1]) {
7866 if (err)
7867 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
7868 return ERR_ALERT | ERR_FATAL;
7869 }
7870
Willy Tarreauef934602016-12-22 23:12:01 +01007871 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
7872 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007873 else
7874 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
7875
7876 return 0;
7877#endif
7878}
7879
Emeric Bruna7aa3092012-10-26 12:58:00 +02007880/* parse the "crt" server keyword */
7881static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7882{
7883 if (!*args[*cur_arg + 1]) {
7884 if (err)
7885 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
7886 return ERR_ALERT | ERR_FATAL;
7887 }
7888
Willy Tarreauef934602016-12-22 23:12:01 +01007889 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01007890 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02007891 else
7892 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
7893
7894 return 0;
7895}
Emeric Brunef42d922012-10-11 16:11:36 +02007896
Frédéric Lécaille340ae602017-03-13 10:38:04 +01007897/* parse the "no-check-ssl" server keyword */
7898static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7899{
7900 newsrv->check.use_ssl = 0;
7901 free(newsrv->ssl_ctx.ciphers);
7902 newsrv->ssl_ctx.ciphers = NULL;
7903 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
7904 return 0;
7905}
7906
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01007907/* parse the "no-send-proxy-v2-ssl" server keyword */
7908static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7909{
7910 newsrv->pp_opts &= ~SRV_PP_V2;
7911 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
7912 return 0;
7913}
7914
7915/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
7916static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7917{
7918 newsrv->pp_opts &= ~SRV_PP_V2;
7919 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
7920 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
7921 return 0;
7922}
7923
Frédéric Lécaillee381d762017-03-13 11:54:17 +01007924/* parse the "no-ssl" server keyword */
7925static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7926{
7927 newsrv->use_ssl = 0;
7928 free(newsrv->ssl_ctx.ciphers);
7929 newsrv->ssl_ctx.ciphers = NULL;
7930 return 0;
7931}
7932
Olivier Houchard522eea72017-11-03 16:27:47 +01007933/* parse the "allow-0rtt" server keyword */
7934static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7935{
7936 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
7937 return 0;
7938}
7939
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01007940/* parse the "no-ssl-reuse" server keyword */
7941static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7942{
7943 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
7944 return 0;
7945}
7946
Emeric Brunf9c5c472012-10-11 15:28:34 +02007947/* parse the "no-tls-tickets" server keyword */
7948static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7949{
7950 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
7951 return 0;
7952}
David Safb76832014-05-08 23:42:08 -04007953/* parse the "send-proxy-v2-ssl" server keyword */
7954static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7955{
7956 newsrv->pp_opts |= SRV_PP_V2;
7957 newsrv->pp_opts |= SRV_PP_V2_SSL;
7958 return 0;
7959}
7960
7961/* parse the "send-proxy-v2-ssl-cn" server keyword */
7962static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7963{
7964 newsrv->pp_opts |= SRV_PP_V2;
7965 newsrv->pp_opts |= SRV_PP_V2_SSL;
7966 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
7967 return 0;
7968}
Emeric Brunf9c5c472012-10-11 15:28:34 +02007969
Willy Tarreau732eac42015-07-09 11:40:25 +02007970/* parse the "sni" server keyword */
7971static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7972{
7973#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
7974 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
7975 return ERR_ALERT | ERR_FATAL;
7976#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01007977 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02007978
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01007979 arg = args[*cur_arg + 1];
7980 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02007981 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
7982 return ERR_ALERT | ERR_FATAL;
7983 }
7984
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01007985 free(newsrv->sni_expr);
7986 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02007987
Willy Tarreau732eac42015-07-09 11:40:25 +02007988 return 0;
7989#endif
7990}
7991
Willy Tarreau92faadf2012-10-10 23:04:25 +02007992/* parse the "ssl" server keyword */
7993static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7994{
7995 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01007996 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
7997 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Willy Tarreau92faadf2012-10-10 23:04:25 +02007998 return 0;
7999}
8000
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008001/* parse the "ssl-reuse" server keyword */
8002static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8003{
8004 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
8005 return 0;
8006}
8007
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008008/* parse the "tls-tickets" server keyword */
8009static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8010{
8011 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
8012 return 0;
8013}
8014
Emeric Brunef42d922012-10-11 16:11:36 +02008015/* parse the "verify" server keyword */
8016static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8017{
8018 if (!*args[*cur_arg + 1]) {
8019 if (err)
8020 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
8021 return ERR_ALERT | ERR_FATAL;
8022 }
8023
8024 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008025 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02008026 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008027 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02008028 else {
8029 if (err)
8030 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
8031 args[*cur_arg], args[*cur_arg + 1]);
8032 return ERR_ALERT | ERR_FATAL;
8033 }
8034
Evan Broderbe554312013-06-27 00:05:25 -07008035 return 0;
8036}
8037
8038/* parse the "verifyhost" server keyword */
8039static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8040{
8041 if (!*args[*cur_arg + 1]) {
8042 if (err)
8043 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
8044 return ERR_ALERT | ERR_FATAL;
8045 }
8046
Frédéric Lécaille273f3212017-03-13 15:52:01 +01008047 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07008048 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
8049
Emeric Brunef42d922012-10-11 16:11:36 +02008050 return 0;
8051}
8052
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008053/* parse the "ssl-default-bind-options" keyword in global section */
8054static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
8055 struct proxy *defpx, const char *file, int line,
8056 char **err) {
8057 int i = 1;
8058
8059 if (*(args[i]) == 0) {
8060 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8061 return -1;
8062 }
8063 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008064 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008065 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008066 else if (!strcmp(args[i], "prefer-client-ciphers"))
8067 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008068 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8069 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
8070 i++;
8071 else {
8072 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8073 return -1;
8074 }
8075 }
8076 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008077 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8078 return -1;
8079 }
8080 i++;
8081 }
8082 return 0;
8083}
8084
8085/* parse the "ssl-default-server-options" keyword in global section */
8086static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
8087 struct proxy *defpx, const char *file, int line,
8088 char **err) {
8089 int i = 1;
8090
8091 if (*(args[i]) == 0) {
8092 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8093 return -1;
8094 }
8095 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008096 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008097 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008098 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8099 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
8100 i++;
8101 else {
8102 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8103 return -1;
8104 }
8105 }
8106 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008107 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8108 return -1;
8109 }
8110 i++;
8111 }
8112 return 0;
8113}
8114
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008115/* parse the "ca-base" / "crt-base" keywords in global section.
8116 * Returns <0 on alert, >0 on warning, 0 on success.
8117 */
8118static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
8119 struct proxy *defpx, const char *file, int line,
8120 char **err)
8121{
8122 char **target;
8123
Willy Tarreauef934602016-12-22 23:12:01 +01008124 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008125
8126 if (too_many_args(1, args, err, NULL))
8127 return -1;
8128
8129 if (*target) {
8130 memprintf(err, "'%s' already specified.", args[0]);
8131 return -1;
8132 }
8133
8134 if (*(args[1]) == 0) {
8135 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
8136 return -1;
8137 }
8138 *target = strdup(args[1]);
8139 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008140}
8141
8142/* parse the "ssl-mode-async" keyword in global section.
8143 * Returns <0 on alert, >0 on warning, 0 on success.
8144 */
8145static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
8146 struct proxy *defpx, const char *file, int line,
8147 char **err)
8148{
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02008149#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008150 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01008151 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008152 return 0;
8153#else
8154 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
8155 return -1;
8156#endif
8157}
8158
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008159#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008160static int ssl_check_async_engine_count(void) {
8161 int err_code = 0;
8162
Emeric Brun3854e012017-05-17 20:42:48 +02008163 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01008164 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008165 err_code = ERR_ABORT;
8166 }
8167 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008168}
8169
Grant Zhang872f9c22017-01-21 01:10:18 +00008170/* parse the "ssl-engine" keyword in global section.
8171 * Returns <0 on alert, >0 on warning, 0 on success.
8172 */
8173static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
8174 struct proxy *defpx, const char *file, int line,
8175 char **err)
8176{
8177 char *algo;
8178 int ret = -1;
8179
8180 if (*(args[1]) == 0) {
8181 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
8182 return ret;
8183 }
8184
8185 if (*(args[2]) == 0) {
8186 /* if no list of algorithms is given, it defaults to ALL */
8187 algo = strdup("ALL");
8188 goto add_engine;
8189 }
8190
8191 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
8192 if (strcmp(args[2], "algo") != 0) {
8193 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
8194 return ret;
8195 }
8196
8197 if (*(args[3]) == 0) {
8198 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
8199 return ret;
8200 }
8201 algo = strdup(args[3]);
8202
8203add_engine:
8204 if (ssl_init_single_engine(args[1], algo)==0) {
8205 openssl_engines_initialized++;
8206 ret = 0;
8207 }
8208 free(algo);
8209 return ret;
8210}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008211#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00008212
Willy Tarreauf22e9682016-12-21 23:23:19 +01008213/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
8214 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
8215 */
8216static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
8217 struct proxy *defpx, const char *file, int line,
8218 char **err)
8219{
8220 char **target;
8221
Willy Tarreauef934602016-12-22 23:12:01 +01008222 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01008223
8224 if (too_many_args(1, args, err, NULL))
8225 return -1;
8226
8227 if (*(args[1]) == 0) {
8228 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
8229 return -1;
8230 }
8231
8232 free(*target);
8233 *target = strdup(args[1]);
8234 return 0;
8235}
8236
Willy Tarreau9ceda382016-12-21 23:13:03 +01008237/* parse various global tune.ssl settings consisting in positive integers.
8238 * Returns <0 on alert, >0 on warning, 0 on success.
8239 */
8240static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
8241 struct proxy *defpx, const char *file, int line,
8242 char **err)
8243{
8244 int *target;
8245
8246 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
8247 target = &global.tune.sslcachesize;
8248 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01008249 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008250 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01008251 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01008252 else if (strcmp(args[0], "maxsslconn") == 0)
8253 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008254 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
8255 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008256 else {
8257 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
8258 return -1;
8259 }
8260
8261 if (too_many_args(1, args, err, NULL))
8262 return -1;
8263
8264 if (*(args[1]) == 0) {
8265 memprintf(err, "'%s' expects an integer argument.", args[0]);
8266 return -1;
8267 }
8268
8269 *target = atoi(args[1]);
8270 if (*target < 0) {
8271 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
8272 return -1;
8273 }
8274 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008275}
8276
8277static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
8278 struct proxy *defpx, const char *file, int line,
8279 char **err)
8280{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008281 int ret;
8282
8283 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
8284 if (ret != 0)
8285 return ret;
8286
Willy Tarreaubafbe012017-11-24 17:34:44 +01008287 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008288 memprintf(err, "'%s' is already configured.", args[0]);
8289 return -1;
8290 }
8291
Willy Tarreaubafbe012017-11-24 17:34:44 +01008292 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
8293 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008294 memprintf(err, "Out of memory error.");
8295 return -1;
8296 }
8297 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008298}
8299
8300/* parse "ssl.force-private-cache".
8301 * Returns <0 on alert, >0 on warning, 0 on success.
8302 */
8303static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
8304 struct proxy *defpx, const char *file, int line,
8305 char **err)
8306{
8307 if (too_many_args(0, args, err, NULL))
8308 return -1;
8309
Willy Tarreauef934602016-12-22 23:12:01 +01008310 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008311 return 0;
8312}
8313
8314/* parse "ssl.lifetime".
8315 * Returns <0 on alert, >0 on warning, 0 on success.
8316 */
8317static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
8318 struct proxy *defpx, const char *file, int line,
8319 char **err)
8320{
8321 const char *res;
8322
8323 if (too_many_args(1, args, err, NULL))
8324 return -1;
8325
8326 if (*(args[1]) == 0) {
8327 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
8328 return -1;
8329 }
8330
Willy Tarreauef934602016-12-22 23:12:01 +01008331 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9ceda382016-12-21 23:13:03 +01008332 if (res) {
8333 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
8334 return -1;
8335 }
8336 return 0;
8337}
8338
8339#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01008340/* parse "ssl-dh-param-file".
8341 * Returns <0 on alert, >0 on warning, 0 on success.
8342 */
8343static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
8344 struct proxy *defpx, const char *file, int line,
8345 char **err)
8346{
8347 if (too_many_args(1, args, err, NULL))
8348 return -1;
8349
8350 if (*(args[1]) == 0) {
8351 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
8352 return -1;
8353 }
8354
8355 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
8356 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
8357 return -1;
8358 }
8359 return 0;
8360}
8361
Willy Tarreau9ceda382016-12-21 23:13:03 +01008362/* parse "ssl.default-dh-param".
8363 * Returns <0 on alert, >0 on warning, 0 on success.
8364 */
8365static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
8366 struct proxy *defpx, const char *file, int line,
8367 char **err)
8368{
8369 if (too_many_args(1, args, err, NULL))
8370 return -1;
8371
8372 if (*(args[1]) == 0) {
8373 memprintf(err, "'%s' expects an integer argument.", args[0]);
8374 return -1;
8375 }
8376
Willy Tarreauef934602016-12-22 23:12:01 +01008377 global_ssl.default_dh_param = atoi(args[1]);
8378 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01008379 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
8380 return -1;
8381 }
8382 return 0;
8383}
8384#endif
8385
8386
William Lallemand32af2032016-10-29 18:09:35 +02008387/* This function is used with TLS ticket keys management. It permits to browse
8388 * each reference. The variable <getnext> must contain the current node,
8389 * <end> point to the root node.
8390 */
8391#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8392static inline
8393struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
8394{
8395 struct tls_keys_ref *ref = getnext;
8396
8397 while (1) {
8398
8399 /* Get next list entry. */
8400 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
8401
8402 /* If the entry is the last of the list, return NULL. */
8403 if (&ref->list == end)
8404 return NULL;
8405
8406 return ref;
8407 }
8408}
8409
8410static inline
8411struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
8412{
8413 int id;
8414 char *error;
8415
8416 /* If the reference starts by a '#', this is numeric id. */
8417 if (reference[0] == '#') {
8418 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
8419 id = strtol(reference + 1, &error, 10);
8420 if (*error != '\0')
8421 return NULL;
8422
8423 /* Perform the unique id lookup. */
8424 return tlskeys_ref_lookupid(id);
8425 }
8426
8427 /* Perform the string lookup. */
8428 return tlskeys_ref_lookup(reference);
8429}
8430#endif
8431
8432
8433#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8434
8435static int cli_io_handler_tlskeys_files(struct appctx *appctx);
8436
8437static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
8438 return cli_io_handler_tlskeys_files(appctx);
8439}
8440
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008441/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
8442 * (next index to be dumped), and cli.p0 (next key reference).
8443 */
William Lallemand32af2032016-10-29 18:09:35 +02008444static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
8445
8446 struct stream_interface *si = appctx->owner;
8447
8448 switch (appctx->st2) {
8449 case STAT_ST_INIT:
8450 /* Display the column headers. If the message cannot be sent,
8451 * quit the fucntion with returning 0. The function is called
8452 * later and restart at the state "STAT_ST_INIT".
8453 */
8454 chunk_reset(&trash);
8455
8456 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
8457 chunk_appendf(&trash, "# id secret\n");
8458 else
8459 chunk_appendf(&trash, "# id (file)\n");
8460
Willy Tarreau06d80a92017-10-19 14:32:15 +02008461 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008462 si_applet_cant_put(si);
8463 return 0;
8464 }
8465
William Lallemand32af2032016-10-29 18:09:35 +02008466 /* Now, we start the browsing of the references lists.
8467 * Note that the following call to LIST_ELEM return bad pointer. The only
8468 * available field of this pointer is <list>. It is used with the function
8469 * tlskeys_list_get_next() for retruning the first available entry
8470 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008471 if (appctx->ctx.cli.p0 == NULL) {
8472 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
8473 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02008474 }
8475
8476 appctx->st2 = STAT_ST_LIST;
8477 /* fall through */
8478
8479 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008480 while (appctx->ctx.cli.p0) {
8481 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +02008482
8483 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008484 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +02008485 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008486
8487 if (appctx->ctx.cli.i1 == 0)
8488 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
8489
William Lallemand32af2032016-10-29 18:09:35 +02008490 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +01008491 int head;
8492
8493 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
8494 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008495 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
Willy Tarreau83061a82018-07-13 11:56:34 +02008496 struct buffer *t2 = get_trash_chunk();
William Lallemand32af2032016-10-29 18:09:35 +02008497
8498 chunk_reset(t2);
8499 /* should never fail here because we dump only a key in the t2 buffer */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008500 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
8501 sizeof(struct tls_sess_key),
8502 t2->area, t2->size);
8503 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
8504 t2->area);
William Lallemand32af2032016-10-29 18:09:35 +02008505
Willy Tarreau06d80a92017-10-19 14:32:15 +02008506 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008507 /* let's try again later from this stream. We add ourselves into
8508 * this stream's users so that it can remove us upon termination.
8509 */
Christopher Faulet16f45c82018-02-16 11:23:49 +01008510 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
William Lallemand32af2032016-10-29 18:09:35 +02008511 si_applet_cant_put(si);
8512 return 0;
8513 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008514 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +02008515 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01008516 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008517 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +02008518 }
Willy Tarreau06d80a92017-10-19 14:32:15 +02008519 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008520 /* let's try again later from this stream. We add ourselves into
8521 * this stream's users so that it can remove us upon termination.
8522 */
8523 si_applet_cant_put(si);
8524 return 0;
8525 }
8526
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008527 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +02008528 break;
8529
8530 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008531 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02008532 }
8533
8534 appctx->st2 = STAT_ST_FIN;
8535 /* fall through */
8536
8537 default:
8538 appctx->st2 = STAT_ST_FIN;
8539 return 1;
8540 }
8541 return 0;
8542}
8543
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008544/* sets cli.i0 to non-zero if only file lists should be dumped */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02008545static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02008546{
William Lallemand32af2032016-10-29 18:09:35 +02008547 /* no parameter, shows only file list */
8548 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008549 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02008550 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01008551 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02008552 }
8553
8554 if (args[2][0] == '*') {
8555 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008556 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02008557 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008558 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
8559 if (!appctx->ctx.cli.p0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008560 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008561 appctx->ctx.cli.msg = "'show tls-keys' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008562 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008563 return 1;
8564 }
8565 }
William Lallemand32af2032016-10-29 18:09:35 +02008566 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01008567 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02008568}
8569
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02008570static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02008571{
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008572 struct tls_keys_ref *ref;
Willy Tarreau1c913e42018-08-22 05:26:57 +02008573 int ret;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008574
William Lallemand32af2032016-10-29 18:09:35 +02008575 /* Expect two parameters: the filename and the new new TLS key in encoding */
8576 if (!*args[3] || !*args[4]) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008577 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008578 appctx->ctx.cli.msg = "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008579 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008580 return 1;
8581 }
8582
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008583 ref = tlskeys_ref_lookup_ref(args[3]);
8584 if (!ref) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008585 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008586 appctx->ctx.cli.msg = "'set ssl tls-key' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008587 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008588 return 1;
8589 }
8590
Willy Tarreau1c913e42018-08-22 05:26:57 +02008591 ret = base64dec(args[4], strlen(args[4]), trash.area, trash.size);
8592 if (ret != sizeof(struct tls_sess_key)) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008593 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008594 appctx->ctx.cli.msg = "'set ssl tls-key' received invalid base64 encoded TLS key.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008595 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008596 return 1;
8597 }
Willy Tarreau1c913e42018-08-22 05:26:57 +02008598 trash.data = ret;
Christopher Faulet16f45c82018-02-16 11:23:49 +01008599 ssl_sock_update_tlskey_ref(ref, &trash);
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008600 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01008601 appctx->ctx.cli.msg = "TLS ticket key updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008602 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008603 return 1;
8604
8605}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008606#endif
William Lallemand32af2032016-10-29 18:09:35 +02008607
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02008608static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02008609{
8610#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
8611 char *err = NULL;
Willy Tarreau1c913e42018-08-22 05:26:57 +02008612 int i, j, ret;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02008613
8614 if (!payload)
8615 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +02008616
8617 /* Expect one parameter: the new response in base64 encoding */
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02008618 if (!*payload) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008619 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008620 appctx->ctx.cli.msg = "'set ssl ocsp-response' expects response in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008621 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008622 return 1;
8623 }
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02008624
8625 /* remove \r and \n from the payload */
8626 for (i = 0, j = 0; payload[i]; i++) {
8627 if (payload[i] == '\r' || payload[i] == '\n')
8628 continue;
8629 payload[j++] = payload[i];
8630 }
8631 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +02008632
Willy Tarreau1c913e42018-08-22 05:26:57 +02008633 ret = base64dec(payload, j, trash.area, trash.size);
8634 if (ret < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008635 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008636 appctx->ctx.cli.msg = "'set ssl ocsp-response' received invalid base64 encoded response.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008637 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008638 return 1;
8639 }
8640
Willy Tarreau1c913e42018-08-22 05:26:57 +02008641 trash.data = ret;
William Lallemand32af2032016-10-29 18:09:35 +02008642 if (ssl_sock_update_ocsp_response(&trash, &err)) {
8643 if (err) {
8644 memprintf(&err, "%s.\n", err);
8645 appctx->ctx.cli.err = err;
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008646 appctx->st0 = CLI_ST_PRINT_FREE;
William Lallemand32af2032016-10-29 18:09:35 +02008647 }
Aurélien Nephtali9a4da682018-04-16 19:02:42 +02008648 else {
8649 appctx->ctx.cli.severity = LOG_ERR;
8650 appctx->ctx.cli.msg = "Failed to update OCSP response.\n";
8651 appctx->st0 = CLI_ST_PRINT;
8652 }
William Lallemand32af2032016-10-29 18:09:35 +02008653 return 1;
8654 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008655 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01008656 appctx->ctx.cli.msg = "OCSP Response updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008657 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008658 return 1;
8659#else
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008660 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008661 appctx->ctx.cli.msg = "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008662 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008663 return 1;
8664#endif
8665
8666}
8667
8668/* register cli keywords */
8669static struct cli_kw_list cli_kws = {{ },{
8670#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8671 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +02008672 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02008673#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008674 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02008675 { { NULL }, NULL, NULL, NULL }
8676}};
8677
8678
Willy Tarreau7875d092012-09-10 08:20:03 +02008679/* Note: must not be declared <const> as its list will be overwritten.
8680 * Please take care of keeping this list alphabetically sorted.
8681 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02008682static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +02008683 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008684 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02008685 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brun74f7ffa2018-02-19 16:14:12 +01008686 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02008687 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +02008688 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008689 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04008690#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +02008691 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04008692#endif
Patrick Hemmere0275472018-04-28 19:15:51 -04008693#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
8694 { "ssl_bc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
8695#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008696 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
8697 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01008698 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008699 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02008700 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8701 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8702 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8703 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8704 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8705 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8706 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
8707 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008708 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008709 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
8710 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01008711 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02008712 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8713 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8714 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8715 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8716 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8717 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8718 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +02008719 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008720 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008721 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008722 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008723 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008724 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008725 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008726 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02008727 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Bernard Spil13c53f82018-02-15 13:34:58 +01008728#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008729 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +02008730#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008731#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008732 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +02008733#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008734 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04008735#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brunb73a9b02014-04-30 18:49:19 +02008736 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04008737#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008738 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04008739#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008740 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04008741#endif
Patrick Hemmere0275472018-04-28 19:15:51 -04008742#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
8743 { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
8744#endif
Patrick Hemmer41966772018-04-28 19:15:48 -04008745#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008746 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04008747#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008748 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8749 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
8750 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8751 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +02008752 { NULL, NULL, 0, 0, 0 },
8753}};
8754
8755/* Note: must not be declared <const> as its list will be overwritten.
8756 * Please take care of keeping this list alphabetically sorted.
8757 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02008758static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +01008759 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
8760 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +01008761 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +02008762}};
8763
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008764/* Note: must not be declared <const> as its list will be overwritten.
8765 * Please take care of keeping this list alphabetically sorted, doing so helps
8766 * all code contributors.
8767 * Optional keywords are also declared with a NULL ->parse() function so that
8768 * the config parser can report an appropriate error when a known keyword was
8769 * not enabled.
8770 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008771static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +02008772 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008773 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
8774 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
8775 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
8776 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008777 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008778 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008779 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008780 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008781 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
8782 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008783 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
8784 { NULL, NULL, 0 },
8785};
8786
Willy Tarreau51fb7652012-09-18 18:24:39 +02008787static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +02008788 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008789 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
8790 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
8791 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
8792 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
8793 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
8794 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
8795 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
8796 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
8797 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
8798 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
8799 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
8800 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
8801 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
8802 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
8803 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
8804 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008805 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008806 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008807 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008808 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
8809 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
8810 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
8811 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008812 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008813 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
8814 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008815 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
8816 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008817 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
8818 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
8819 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
8820 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
8821 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008822 { NULL, NULL, 0 },
8823}};
Emeric Brun46591952012-05-18 15:47:34 +02008824
Willy Tarreau92faadf2012-10-10 23:04:25 +02008825/* Note: must not be declared <const> as its list will be overwritten.
8826 * Please take care of keeping this list alphabetically sorted, doing so helps
8827 * all code contributors.
8828 * Optional keywords are also declared with a NULL ->parse() function so that
8829 * the config parser can report an appropriate error when a known keyword was
8830 * not enabled.
8831 */
8832static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +01008833 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008834 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard9130a962017-10-17 17:33:43 +02008835 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008836 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
8837 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
8838 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
8839 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
8840 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
8841 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
8842 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
8843 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
8844 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
8845 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
8846 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
8847 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
8848 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
8849 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
8850 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
8851 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
8852 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
8853 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
8854 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
8855 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
8856 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
8857 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
8858 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
8859 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
8860 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
8861 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
8862 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
8863 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
8864 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
8865 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +02008866 { NULL, NULL, 0, 0 },
8867}};
8868
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008869static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008870 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
8871 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +01008872 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008873 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
8874 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +01008875#ifndef OPENSSL_NO_DH
8876 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
8877#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008878 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008879#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00008880 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008881#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +01008882 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
8883#ifndef OPENSSL_NO_DH
8884 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
8885#endif
8886 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
8887 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
8888 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
8889 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008890 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +01008891 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
8892 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008893 { 0, NULL, NULL },
8894}};
8895
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02008896/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +01008897static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +02008898 .snd_buf = ssl_sock_from_buf,
8899 .rcv_buf = ssl_sock_to_buf,
Olivier Houchard6ff20392018-07-17 18:46:31 +02008900 .subscribe = conn_subscribe,
Emeric Brun46591952012-05-18 15:47:34 +02008901 .rcv_pipe = NULL,
8902 .snd_pipe = NULL,
8903 .shutr = NULL,
8904 .shutw = ssl_sock_shutw,
8905 .close = ssl_sock_close,
8906 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +01008907 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +01008908 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +01008909 .prepare_srv = ssl_sock_prepare_srv_ctx,
8910 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +01008911 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +01008912 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +02008913};
8914
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008915enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
8916 struct session *sess, struct stream *s, int flags)
8917{
8918 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +01008919 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008920
8921 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +01008922 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008923
Olivier Houchard6fa63d92017-11-27 18:41:32 +01008924 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008925 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +01008926 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008927 s->req.flags |= CF_READ_NULL;
8928 return ACT_RET_YIELD;
8929 }
8930 }
8931 return (ACT_RET_CONT);
8932}
8933
8934static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
8935{
8936 rule->action_ptr = ssl_action_wait_for_hs;
8937
8938 return ACT_RET_PRS_OK;
8939}
8940
8941static struct action_kw_list http_req_actions = {ILH, {
8942 { "wait-for-handshake", ssl_parse_wait_for_hs },
8943 { /* END */ }
8944}};
8945
Daniel Jakots54ffb912015-11-06 20:02:41 +01008946#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01008947
8948static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
8949{
8950 if (ptr) {
8951 chunk_destroy(ptr);
8952 free(ptr);
8953 }
8954}
8955
8956#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01008957static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
8958{
Willy Tarreaubafbe012017-11-24 17:34:44 +01008959 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01008960}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01008961
Emeric Brun46591952012-05-18 15:47:34 +02008962__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +02008963static void __ssl_sock_init(void)
8964{
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008965 char *ptr;
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +02008966 int i;
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008967
Emeric Brun46591952012-05-18 15:47:34 +02008968 STACK_OF(SSL_COMP)* cm;
8969
Willy Tarreauef934602016-12-22 23:12:01 +01008970 if (global_ssl.listen_default_ciphers)
8971 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
8972 if (global_ssl.connect_default_ciphers)
8973 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Willy Tarreau610f04b2014-02-13 11:36:41 +01008974
Willy Tarreau13e14102016-12-22 20:25:26 +01008975 xprt_register(XPRT_SSL, &ssl_sock);
Emeric Brun46591952012-05-18 15:47:34 +02008976 SSL_library_init();
8977 cm = SSL_COMP_get_compression_methods();
8978 sk_SSL_COMP_zero(cm);
Emeric Brun821bb9b2017-06-15 16:37:39 +02008979#ifdef USE_THREAD
8980 ssl_locking_init();
8981#endif
Daniel Jakots54ffb912015-11-06 20:02:41 +01008982#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01008983 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
8984#endif
Thierry FOURNIER28962c92018-06-17 21:37:05 +02008985 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +02008986 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01008987 ssl_pkey_info_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Willy Tarreau7875d092012-09-10 08:20:03 +02008988 sample_register_fetches(&sample_fetch_keywords);
8989 acl_register_keywords(&acl_kws);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008990 bind_register_keywords(&bind_kws);
Willy Tarreau92faadf2012-10-10 23:04:25 +02008991 srv_register_keywords(&srv_kws);
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008992 cfg_register_keywords(&cfg_kws);
William Lallemand32af2032016-10-29 18:09:35 +02008993 cli_register_kw(&cli_kws);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008994#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00008995 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008996 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008997#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +01008998#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8999 hap_register_post_check(tlskeys_finalize_config);
9000#endif
Willy Tarreaud92aa5c2015-01-15 21:34:39 +01009001
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009002 ptr = NULL;
9003 memprintf(&ptr, "Built with OpenSSL version : "
9004#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01009005 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009006#else /* OPENSSL_IS_BORINGSSL */
9007 OPENSSL_VERSION_TEXT
9008 "\nRunning on OpenSSL version : %s%s",
9009 SSLeay_version(SSLEAY_VERSION),
9010 ((OPENSSL_VERSION_NUMBER ^ SSLeay()) >> 8) ? " (VERSIONS DIFFER!)" : "");
9011#endif
9012 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
9013#if OPENSSL_VERSION_NUMBER < 0x00907000L
9014 "no (library version too old)"
9015#elif defined(OPENSSL_NO_TLSEXT)
9016 "no (disabled via OPENSSL_NO_TLSEXT)"
9017#else
9018 "yes"
9019#endif
9020 "", ptr);
9021
9022 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
9023#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
9024 "yes"
9025#else
9026#ifdef OPENSSL_NO_TLSEXT
9027 "no (because of OPENSSL_NO_TLSEXT)"
9028#else
9029 "no (version might be too old, 0.9.8f min needed)"
9030#endif
9031#endif
9032 "", ptr);
9033
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +02009034 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
9035 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
9036 if (methodVersions[i].option)
9037 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01009038
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009039 hap_register_build_opts(ptr, 1);
9040
Willy Tarreaud92aa5c2015-01-15 21:34:39 +01009041 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
9042 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
Remi Gacogne4f902b82015-05-28 16:23:00 +02009043
9044#ifndef OPENSSL_NO_DH
9045 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Grant Zhang872f9c22017-01-21 01:10:18 +00009046 hap_register_post_deinit(ssl_free_dh);
Remi Gacogne4f902b82015-05-28 16:23:00 +02009047#endif
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009048#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009049 hap_register_post_deinit(ssl_free_engines);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009050#endif
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02009051 /* Load SSL string for the verbose & debug mode. */
9052 ERR_load_SSL_strings();
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009053
9054 http_req_keywords_register(&http_req_actions);
Emeric Brun46591952012-05-18 15:47:34 +02009055}
9056
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009057#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009058void ssl_free_engines(void) {
9059 struct ssl_engine_list *wl, *wlb;
9060 /* free up engine list */
9061 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
9062 ENGINE_finish(wl->e);
9063 ENGINE_free(wl->e);
9064 LIST_DEL(&wl->list);
9065 free(wl);
9066 }
9067}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009068#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +02009069
Remi Gacogned3a23c32015-05-28 16:39:47 +02009070#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +00009071void ssl_free_dh(void) {
9072 if (local_dh_1024) {
9073 DH_free(local_dh_1024);
9074 local_dh_1024 = NULL;
9075 }
9076 if (local_dh_2048) {
9077 DH_free(local_dh_2048);
9078 local_dh_2048 = NULL;
9079 }
9080 if (local_dh_4096) {
9081 DH_free(local_dh_4096);
9082 local_dh_4096 = NULL;
9083 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02009084 if (global_dh) {
9085 DH_free(global_dh);
9086 global_dh = NULL;
9087 }
Grant Zhang872f9c22017-01-21 01:10:18 +00009088}
9089#endif
9090
9091__attribute__((destructor))
9092static void __ssl_sock_deinit(void)
9093{
9094#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02009095 if (ssl_ctx_lru_tree) {
9096 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01009097 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +02009098 }
Remi Gacogned3a23c32015-05-28 16:39:47 +02009099#endif
9100
9101 ERR_remove_state(0);
9102 ERR_free_strings();
9103
9104 EVP_cleanup();
9105
9106#if OPENSSL_VERSION_NUMBER >= 0x00907000L
9107 CRYPTO_cleanup_all_ex_data();
9108#endif
9109}
9110
9111
Emeric Brun46591952012-05-18 15:47:34 +02009112/*
9113 * Local variables:
9114 * c-indent-level: 8
9115 * c-basic-offset: 8
9116 * End:
9117 */