blob: 7e8739a633b9a492dab66986fcb62d2dc85d7400 [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
26#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020027#include <ctype.h>
28#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020029#include <errno.h>
30#include <fcntl.h>
31#include <stdio.h>
32#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020033#include <string.h>
34#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020035
36#include <sys/socket.h>
37#include <sys/stat.h>
38#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020039#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020040#include <netinet/tcp.h>
41
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +020042#include <openssl/crypto.h>
Emeric Brun46591952012-05-18 15:47:34 +020043#include <openssl/ssl.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020044#include <openssl/x509.h>
45#include <openssl/x509v3.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020046#include <openssl/err.h>
Thierry Fournier383085f2013-01-24 14:15:43 +010047#include <openssl/rand.h>
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +020048#include <openssl/hmac.h>
Lukas Tribuse4e30f72014-12-09 16:32:51 +010049#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +020050#include <openssl/ocsp.h>
51#endif
Remi Gacogne4f902b82015-05-28 16:23:00 +020052#ifndef OPENSSL_NO_DH
53#include <openssl/dh.h>
54#endif
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020055#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000056#include <openssl/engine.h>
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020057#endif
Emeric Brun46591952012-05-18 15:47:34 +020058
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +020059#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000060#include <openssl/async.h>
61#endif
62
Christopher Faulet31af49d2015-06-09 17:29:50 +020063#include <import/lru.h>
64#include <import/xxhash.h>
65
Emeric Brun46591952012-05-18 15:47:34 +020066#include <common/buffer.h>
Willy Tarreau843b7cb2018-07-13 10:54:26 +020067#include <common/chunk.h>
Emeric Brun46591952012-05-18 15:47:34 +020068#include <common/compat.h>
69#include <common/config.h>
70#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020071#include <common/errors.h>
Emeric Brun46591952012-05-18 15:47:34 +020072#include <common/standard.h>
73#include <common/ticks.h>
74#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010075#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010076#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020077
Emeric Brunfc0421f2012-09-07 17:30:07 +020078#include <ebsttree.h>
79
William Lallemand32af2032016-10-29 18:09:35 +020080#include <types/applet.h>
81#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020082#include <types/global.h>
83#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +020084#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020085
Willy Tarreau7875d092012-09-10 08:20:03 +020086#include <proto/acl.h>
87#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +020088#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +020089#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +020090#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +020091#include <proto/fd.h>
92#include <proto/freq_ctr.h>
93#include <proto/frontend.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020094#include <proto/listener.h>
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +020095#include <proto/openssl-compat.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010096#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020097#include <proto/proto_tcp.h>
Olivier Houchardccaa7de2017-10-02 11:51:03 +020098#include <proto/proto_http.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +020099#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +0200100#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +0200101#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +0200102#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +0200103#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +0200104#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +0200105#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +0200106#include <proto/task.h>
107
Willy Tarreau518cedd2014-02-17 15:43:01 +0100108/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200109#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100110#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100111#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200112#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
113
Emeric Brunf282a812012-09-21 15:27:54 +0200114/* bits 0xFFFF0000 are reserved to store verify errors */
115
116/* Verify errors macros */
117#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
118#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
119#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
120
121#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
122#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
123#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200124
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100125/* Supported hash function for TLS tickets */
126#ifdef OPENSSL_NO_SHA256
127#define HASH_FUNCT EVP_sha1
128#else
129#define HASH_FUNCT EVP_sha256
130#endif /* OPENSSL_NO_SHA256 */
131
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200132/* ssl_methods flags for ssl options */
133#define MC_SSL_O_ALL 0x0000
134#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
135#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
136#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
137#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200138#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200139
140/* ssl_methods versions */
141enum {
142 CONF_TLSV_NONE = 0,
143 CONF_TLSV_MIN = 1,
144 CONF_SSLV3 = 1,
145 CONF_TLSV10 = 2,
146 CONF_TLSV11 = 3,
147 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200148 CONF_TLSV13 = 5,
149 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200150};
151
Emeric Brun850efd52014-01-29 12:24:34 +0100152/* server and bind verify method, it uses a global value as default */
153enum {
154 SSL_SOCK_VERIFY_DEFAULT = 0,
155 SSL_SOCK_VERIFY_REQUIRED = 1,
156 SSL_SOCK_VERIFY_OPTIONAL = 2,
157 SSL_SOCK_VERIFY_NONE = 3,
158};
159
William Lallemand3f85c9a2017-10-09 16:30:50 +0200160
Willy Tarreau71b734c2014-01-28 15:19:44 +0100161int sslconns = 0;
162int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100163static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100164int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200165
Willy Tarreauef934602016-12-22 23:12:01 +0100166static struct {
167 char *crt_base; /* base directory path for certificates */
168 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000169 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100170
171 char *listen_default_ciphers;
172 char *connect_default_ciphers;
173 int listen_default_ssloptions;
174 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200175 struct tls_version_filter listen_default_sslmethods;
176 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100177
178 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
179 unsigned int life_time; /* SSL session lifetime in seconds */
180 unsigned int max_record; /* SSL max record size */
181 unsigned int default_dh_param; /* SSL maximum DH parameter size */
182 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100183 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100184} global_ssl = {
185#ifdef LISTEN_DEFAULT_CIPHERS
186 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
187#endif
188#ifdef CONNECT_DEFAULT_CIPHERS
189 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
190#endif
191 .listen_default_ssloptions = BC_SSL_O_NONE,
192 .connect_default_ssloptions = SRV_SSL_O_NONE,
193
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200194 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
195 .listen_default_sslmethods.min = CONF_TLSV_NONE,
196 .listen_default_sslmethods.max = CONF_TLSV_NONE,
197 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
198 .connect_default_sslmethods.min = CONF_TLSV_NONE,
199 .connect_default_sslmethods.max = CONF_TLSV_NONE,
200
Willy Tarreauef934602016-12-22 23:12:01 +0100201#ifdef DEFAULT_SSL_MAX_RECORD
202 .max_record = DEFAULT_SSL_MAX_RECORD,
203#endif
204 .default_dh_param = SSL_DEFAULT_DH_PARAM,
205 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100206 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100207};
208
Emeric Brun821bb9b2017-06-15 16:37:39 +0200209#ifdef USE_THREAD
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100210
Emeric Brun821bb9b2017-06-15 16:37:39 +0200211static HA_RWLOCK_T *ssl_rwlocks;
212
213
214unsigned long ssl_id_function(void)
215{
216 return (unsigned long)tid;
217}
218
219void ssl_locking_function(int mode, int n, const char * file, int line)
220{
221 if (mode & CRYPTO_LOCK) {
222 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100223 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200224 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100225 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200226 }
227 else {
228 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100229 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200230 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100231 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200232 }
233}
234
235static int ssl_locking_init(void)
236{
237 int i;
238
239 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
240 if (!ssl_rwlocks)
241 return -1;
242
243 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100244 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200245
246 CRYPTO_set_id_callback(ssl_id_function);
247 CRYPTO_set_locking_callback(ssl_locking_function);
248
249 return 0;
250}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100251
Emeric Brun821bb9b2017-06-15 16:37:39 +0200252#endif
253
254
255
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100256/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100257struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100258 unsigned long long int xxh64;
259 unsigned char ciphersuite_len;
260 char ciphersuite[0];
261};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100262struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100263static int ssl_capture_ptr_index = -1;
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200264static int ssl_app_data_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100265
Emmanuel Hocdet96b78342017-10-31 15:46:07 +0100266static int ssl_pkey_info_index = -1;
267
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200268#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
269struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
270#endif
271
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200272#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000273static unsigned int openssl_engines_initialized;
274struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
275struct ssl_engine_list {
276 struct list list;
277 ENGINE *e;
278};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200279#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000280
Remi Gacogne8de54152014-07-15 11:36:40 +0200281#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200282static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200283static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200284static DH *local_dh_1024 = NULL;
285static DH *local_dh_2048 = NULL;
286static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100287static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200288#endif /* OPENSSL_NO_DH */
289
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100290#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200291/* X509V3 Extensions that will be added on generated certificates */
292#define X509V3_EXT_SIZE 5
293static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
294 "basicConstraints",
295 "nsComment",
296 "subjectKeyIdentifier",
297 "authorityKeyIdentifier",
298 "keyUsage",
299};
300static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
301 "CA:FALSE",
302 "\"OpenSSL Generated Certificate\"",
303 "hash",
304 "keyid,issuer:always",
305 "nonRepudiation,digitalSignature,keyEncipherment"
306};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200307/* LRU cache to store generated certificate */
308static struct lru64_head *ssl_ctx_lru_tree = NULL;
309static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200310static unsigned int ssl_ctx_serial;
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100311__decl_hathreads(static HA_RWLOCK_T ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200312
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200313#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
314
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100315static struct ssl_bind_kw ssl_bind_kws[];
316
yanbzhube2774d2015-12-10 15:07:30 -0500317#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
318/* The order here matters for picking a default context,
319 * keep the most common keytype at the bottom of the list
320 */
321const char *SSL_SOCK_KEYTYPE_NAMES[] = {
322 "dsa",
323 "ecdsa",
324 "rsa"
325};
326#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100327#else
328#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500329#endif
330
William Lallemandc3cd35f2017-11-28 11:04:43 +0100331static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100332static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
333
334#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
335
336#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
337 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
338
339#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
340 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200341
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100342/*
343 * This function gives the detail of the SSL error. It is used only
344 * if the debug mode and the verbose mode are activated. It dump all
345 * the SSL error until the stack was empty.
346 */
347static forceinline void ssl_sock_dump_errors(struct connection *conn)
348{
349 unsigned long ret;
350
351 if (unlikely(global.mode & MODE_DEBUG)) {
352 while(1) {
353 ret = ERR_get_error();
354 if (ret == 0)
355 return;
356 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200357 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100358 ERR_func_error_string(ret), ERR_reason_error_string(ret));
359 }
360 }
361}
362
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200363#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
yanbzhube2774d2015-12-10 15:07:30 -0500364/*
365 * struct alignment works here such that the key.key is the same as key_data
366 * Do not change the placement of key_data
367 */
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200368struct certificate_ocsp {
369 struct ebmb_node key;
370 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
Willy Tarreau83061a82018-07-13 11:56:34 +0200371 struct buffer response;
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200372 long expire;
373};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200374
yanbzhube2774d2015-12-10 15:07:30 -0500375struct ocsp_cbk_arg {
376 int is_single;
377 int single_kt;
378 union {
379 struct certificate_ocsp *s_ocsp;
380 /*
381 * m_ocsp will have multiple entries dependent on key type
382 * Entry 0 - DSA
383 * Entry 1 - ECDSA
384 * Entry 2 - RSA
385 */
386 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
387 };
388};
389
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200390#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000391static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
392{
393 int err_code = ERR_ABORT;
394 ENGINE *engine;
395 struct ssl_engine_list *el;
396
397 /* grab the structural reference to the engine */
398 engine = ENGINE_by_id(engine_id);
399 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100400 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000401 goto fail_get;
402 }
403
404 if (!ENGINE_init(engine)) {
405 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100406 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000407 goto fail_init;
408 }
409
410 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100411 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000412 goto fail_set_method;
413 }
414
415 el = calloc(1, sizeof(*el));
416 el->e = engine;
417 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100418 nb_engines++;
419 if (global_ssl.async)
420 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000421 return 0;
422
423fail_set_method:
424 /* release the functional reference from ENGINE_init() */
425 ENGINE_finish(engine);
426
427fail_init:
428 /* release the structural reference from ENGINE_by_id() */
429 ENGINE_free(engine);
430
431fail_get:
432 return err_code;
433}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200434#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000435
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +0200436#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200437/*
438 * openssl async fd handler
439 */
440static void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000441{
442 struct connection *conn = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000443
Emeric Brun3854e012017-05-17 20:42:48 +0200444 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000445 * to poll this fd until it is requested
446 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000447 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000448 fd_cant_recv(fd);
449
450 /* crypto engine is available, let's notify the associated
451 * connection that it can pursue its processing.
452 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000453 __conn_sock_want_recv(conn);
454 __conn_sock_want_send(conn);
455 conn_update_sock_polling(conn);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000456}
457
Emeric Brun3854e012017-05-17 20:42:48 +0200458/*
459 * openssl async delayed SSL_free handler
460 */
461static void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000462{
463 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200464 OSSL_ASYNC_FD all_fd[32];
465 size_t num_all_fds = 0;
466 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000467
Emeric Brun3854e012017-05-17 20:42:48 +0200468 /* We suppose that the async job for a same SSL *
469 * are serialized. So if we are awake it is
470 * because the running job has just finished
471 * and we can remove all async fds safely
472 */
473 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
474 if (num_all_fds > 32) {
475 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
476 return;
477 }
478
479 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
480 for (i=0 ; i < num_all_fds ; i++)
481 fd_remove(all_fd[i]);
482
483 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000484 SSL_free(ssl);
485 sslconns--;
Christopher Faulet8d8aa0d2017-05-30 15:36:50 +0200486 HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000487}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000488/*
Emeric Brun3854e012017-05-17 20:42:48 +0200489 * function used to manage a returned SSL_ERROR_WANT_ASYNC
490 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000491 */
Emeric Brun3854e012017-05-17 20:42:48 +0200492static void inline ssl_async_process_fds(struct connection *conn, SSL *ssl)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000493{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100494 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200495 OSSL_ASYNC_FD del_fd[32];
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000496 size_t num_add_fds = 0;
497 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200498 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000499
500 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
501 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200502 if (num_add_fds > 32 || num_del_fds > 32) {
503 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000504 return;
505 }
506
Emeric Brun3854e012017-05-17 20:42:48 +0200507 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000508
Emeric Brun3854e012017-05-17 20:42:48 +0200509 /* We remove unused fds from the fdtab */
510 for (i=0 ; i < num_del_fds ; i++)
511 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000512
Emeric Brun3854e012017-05-17 20:42:48 +0200513 /* We add new fds to the fdtab */
514 for (i=0 ; i < num_add_fds ; i++) {
Willy Tarreaua9786b62018-01-25 07:22:13 +0100515 fd_insert(add_fd[i], conn, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000516 }
517
Emeric Brun3854e012017-05-17 20:42:48 +0200518 num_add_fds = 0;
519 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
520 if (num_add_fds > 32) {
521 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
522 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000523 }
Emeric Brun3854e012017-05-17 20:42:48 +0200524
525 /* We activate the polling for all known async fds */
526 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000527 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200528 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000529 /* To ensure that the fd cache won't be used
530 * We'll prefer to catch a real RD event
531 * because handling an EAGAIN on this fd will
532 * result in a context switch and also
533 * some engines uses a fd in blocking mode.
534 */
535 fd_cant_recv(add_fd[i]);
536 }
Emeric Brun3854e012017-05-17 20:42:48 +0200537
538 /* We must also prevent the conn_handler
539 * to be called until a read event was
540 * polled on an async fd
541 */
542 __conn_sock_stop_both(conn);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000543}
544#endif
545
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200546/*
547 * This function returns the number of seconds elapsed
548 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
549 * date presented un ASN1_GENERALIZEDTIME.
550 *
551 * In parsing error case, it returns -1.
552 */
553static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
554{
555 long epoch;
556 char *p, *end;
557 const unsigned short month_offset[12] = {
558 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
559 };
560 int year, month;
561
562 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
563
564 p = (char *)d->data;
565 end = p + d->length;
566
567 if (end - p < 4) return -1;
568 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
569 p += 4;
570 if (end - p < 2) return -1;
571 month = 10 * (p[0] - '0') + p[1] - '0';
572 if (month < 1 || month > 12) return -1;
573 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
574 We consider leap years and the current month (<marsh or not) */
575 epoch = ( ((year - 1970) * 365)
576 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
577 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
578 + month_offset[month-1]
579 ) * 24 * 60 * 60;
580 p += 2;
581 if (end - p < 2) return -1;
582 /* Add the number of seconds of completed days of current month */
583 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
584 p += 2;
585 if (end - p < 2) return -1;
586 /* Add the completed hours of the current day */
587 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
588 p += 2;
589 if (end - p < 2) return -1;
590 /* Add the completed minutes of the current hour */
591 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
592 p += 2;
593 if (p == end) return -1;
594 /* Test if there is available seconds */
595 if (p[0] < '0' || p[0] > '9')
596 goto nosec;
597 if (end - p < 2) return -1;
598 /* Add the seconds of the current minute */
599 epoch += 10 * (p[0] - '0') + p[1] - '0';
600 p += 2;
601 if (p == end) return -1;
602 /* Ignore seconds float part if present */
603 if (p[0] == '.') {
604 do {
605 if (++p == end) return -1;
606 } while (p[0] >= '0' && p[0] <= '9');
607 }
608
609nosec:
610 if (p[0] == 'Z') {
611 if (end - p != 1) return -1;
612 return epoch;
613 }
614 else if (p[0] == '+') {
615 if (end - p != 5) return -1;
616 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700617 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200618 }
619 else if (p[0] == '-') {
620 if (end - p != 5) return -1;
621 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700622 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200623 }
624
625 return -1;
626}
627
Emeric Brun1d3865b2014-06-20 15:37:32 +0200628static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200629
630/* This function starts to check if the OCSP response (in DER format) contained
631 * in chunk 'ocsp_response' is valid (else exits on error).
632 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
633 * contained in the OCSP Response and exits on error if no match.
634 * If it's a valid OCSP Response:
635 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
636 * pointed by 'ocsp'.
637 * If 'ocsp' is NULL, the function looks up into the OCSP response's
638 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
639 * from the response) and exits on error if not found. Finally, If an OCSP response is
640 * already present in the container, it will be overwritten.
641 *
642 * Note: OCSP response containing more than one OCSP Single response is not
643 * considered valid.
644 *
645 * Returns 0 on success, 1 in error case.
646 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200647static int ssl_sock_load_ocsp_response(struct buffer *ocsp_response,
648 struct certificate_ocsp *ocsp,
649 OCSP_CERTID *cid, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200650{
651 OCSP_RESPONSE *resp;
652 OCSP_BASICRESP *bs = NULL;
653 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200654 OCSP_CERTID *id;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200655 unsigned char *p = (unsigned char *) ocsp_response->area;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200656 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200657 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200658 int reason;
659 int ret = 1;
660
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200661 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p,
662 ocsp_response->data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200663 if (!resp) {
664 memprintf(err, "Unable to parse OCSP response");
665 goto out;
666 }
667
668 rc = OCSP_response_status(resp);
669 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
670 memprintf(err, "OCSP response status not successful");
671 goto out;
672 }
673
674 bs = OCSP_response_get1_basic(resp);
675 if (!bs) {
676 memprintf(err, "Failed to get basic response from OCSP Response");
677 goto out;
678 }
679
680 count_sr = OCSP_resp_count(bs);
681 if (count_sr > 1) {
682 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
683 goto out;
684 }
685
686 sr = OCSP_resp_get0(bs, 0);
687 if (!sr) {
688 memprintf(err, "Failed to get OCSP single response");
689 goto out;
690 }
691
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200692 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
693
Emeric Brun4147b2e2014-06-16 18:36:30 +0200694 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200695 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200696 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200697 goto out;
698 }
699
Emeric Brun13a6b482014-06-20 15:44:34 +0200700 if (!nextupd) {
701 memprintf(err, "OCSP single response: missing nextupdate");
702 goto out;
703 }
704
Emeric Brunc8b27b62014-06-19 14:16:17 +0200705 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200706 if (!rc) {
707 memprintf(err, "OCSP single response: no longer valid.");
708 goto out;
709 }
710
711 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200712 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200713 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
714 goto out;
715 }
716 }
717
718 if (!ocsp) {
719 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
720 unsigned char *p;
721
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200722 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200723 if (!rc) {
724 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
725 goto out;
726 }
727
728 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
729 memprintf(err, "OCSP single response: Certificate ID too long");
730 goto out;
731 }
732
733 p = key;
734 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200735 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200736 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
737 if (!ocsp) {
738 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
739 goto out;
740 }
741 }
742
743 /* According to comments on "chunk_dup", the
744 previous chunk buffer will be freed */
745 if (!chunk_dup(&ocsp->response, ocsp_response)) {
746 memprintf(err, "OCSP response: Memory allocation error");
747 goto out;
748 }
749
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200750 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
751
Emeric Brun4147b2e2014-06-16 18:36:30 +0200752 ret = 0;
753out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +0100754 ERR_clear_error();
755
Emeric Brun4147b2e2014-06-16 18:36:30 +0200756 if (bs)
757 OCSP_BASICRESP_free(bs);
758
759 if (resp)
760 OCSP_RESPONSE_free(resp);
761
762 return ret;
763}
764/*
765 * External function use to update the OCSP response in the OCSP response's
766 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
767 * to update in DER format.
768 *
769 * Returns 0 on success, 1 in error case.
770 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200771int ssl_sock_update_ocsp_response(struct buffer *ocsp_response, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200772{
773 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
774}
775
776/*
777 * This function load the OCSP Resonse in DER format contained in file at
778 * path 'ocsp_path' and call 'ssl_sock_load_ocsp_response'
779 *
780 * Returns 0 on success, 1 in error case.
781 */
782static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
783{
784 int fd = -1;
785 int r = 0;
786 int ret = 1;
787
788 fd = open(ocsp_path, O_RDONLY);
789 if (fd == -1) {
790 memprintf(err, "Error opening OCSP response file");
791 goto end;
792 }
793
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200794 trash.data = 0;
795 while (trash.data < trash.size) {
796 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200797 if (r < 0) {
798 if (errno == EINTR)
799 continue;
800
801 memprintf(err, "Error reading OCSP response from file");
802 goto end;
803 }
804 else if (r == 0) {
805 break;
806 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200807 trash.data += r;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200808 }
809
810 close(fd);
811 fd = -1;
812
813 ret = ssl_sock_load_ocsp_response(&trash, ocsp, cid, err);
814end:
815 if (fd != -1)
816 close(fd);
817
818 return ret;
819}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100820#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +0200821
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100822#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
823static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
824{
Christopher Faulet16f45c82018-02-16 11:23:49 +0100825 struct tls_keys_ref *ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100826 struct tls_sess_key *keys;
827 struct connection *conn;
828 int head;
829 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100830 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100831
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200832 conn = SSL_get_ex_data(s, ssl_app_data_index);
Christopher Faulet16f45c82018-02-16 11:23:49 +0100833 ref = objt_listener(conn->target)->bind_conf->keys_ref;
834 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
835
836 keys = ref->tlskeys;
837 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100838
839 if (enc) {
840 memcpy(key_name, keys[head].name, 16);
841
842 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100843 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100844
845 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].aes_key, iv))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100846 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100847
848 HMAC_Init_ex(hctx, keys[head].hmac_key, 16, HASH_FUNCT(), NULL);
Christopher Faulet16f45c82018-02-16 11:23:49 +0100849 ret = 1;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100850 } else {
851 for (i = 0; i < TLS_TICKETS_NO; i++) {
852 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
853 goto found;
854 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100855 ret = 0;
856 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100857
Christopher Faulet16f45c82018-02-16 11:23:49 +0100858 found:
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100859 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].hmac_key, 16, HASH_FUNCT(), NULL);
860 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].aes_key, iv))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100861 goto end;
862
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100863 /* 2 for key renewal, 1 if current key is still valid */
Christopher Faulet16f45c82018-02-16 11:23:49 +0100864 ret = i ? 2 : 1;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100865 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100866 end:
867 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
868 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200869}
870
871struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
872{
873 struct tls_keys_ref *ref;
874
875 list_for_each_entry(ref, &tlskeys_reference, list)
876 if (ref->filename && strcmp(filename, ref->filename) == 0)
877 return ref;
878 return NULL;
879}
880
881struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
882{
883 struct tls_keys_ref *ref;
884
885 list_for_each_entry(ref, &tlskeys_reference, list)
886 if (ref->unique_id == unique_id)
887 return ref;
888 return NULL;
889}
890
Willy Tarreau83061a82018-07-13 11:56:34 +0200891void ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref,
892 struct buffer *tlskey)
Christopher Faulet16f45c82018-02-16 11:23:49 +0100893{
894 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200895 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)),
896 tlskey->area, tlskey->data);
Christopher Faulet16f45c82018-02-16 11:23:49 +0100897 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
898 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
899}
900
Willy Tarreau83061a82018-07-13 11:56:34 +0200901int ssl_sock_update_tlskey(char *filename, struct buffer *tlskey, char **err)
Christopher Faulet16f45c82018-02-16 11:23:49 +0100902{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200903 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
904
905 if(!ref) {
906 memprintf(err, "Unable to locate the referenced filename: %s", filename);
907 return 1;
908 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100909 ssl_sock_update_tlskey_ref(ref, tlskey);
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200910 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100911}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200912
913/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +0100914 * automatic ids. It's called just after the basic checks. It returns
915 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200916 */
Willy Tarreaud1c57502016-12-22 22:46:15 +0100917static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200918{
919 int i = 0;
920 struct tls_keys_ref *ref, *ref2, *ref3;
921 struct list tkr = LIST_HEAD_INIT(tkr);
922
923 list_for_each_entry(ref, &tlskeys_reference, list) {
924 if (ref->unique_id == -1) {
925 /* Look for the first free id. */
926 while (1) {
927 list_for_each_entry(ref2, &tlskeys_reference, list) {
928 if (ref2->unique_id == i) {
929 i++;
930 break;
931 }
932 }
933 if (&ref2->list == &tlskeys_reference)
934 break;
935 }
936
937 /* Uses the unique id and increment it for the next entry. */
938 ref->unique_id = i;
939 i++;
940 }
941 }
942
943 /* This sort the reference list by id. */
944 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
945 LIST_DEL(&ref->list);
946 list_for_each_entry(ref3, &tkr, list) {
947 if (ref->unique_id < ref3->unique_id) {
948 LIST_ADDQ(&ref3->list, &ref->list);
949 break;
950 }
951 }
952 if (&ref3->list == &tkr)
953 LIST_ADDQ(&tkr, &ref->list);
954 }
955
956 /* swap root */
957 LIST_ADD(&tkr, &tlskeys_reference);
958 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +0100959 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200960}
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100961#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
962
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100963#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -0500964int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
965{
966 switch (evp_keytype) {
967 case EVP_PKEY_RSA:
968 return 2;
969 case EVP_PKEY_DSA:
970 return 0;
971 case EVP_PKEY_EC:
972 return 1;
973 }
974
975 return -1;
976}
977
Emeric Brun4147b2e2014-06-16 18:36:30 +0200978/*
979 * Callback used to set OCSP status extension content in server hello.
980 */
981int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
982{
yanbzhube2774d2015-12-10 15:07:30 -0500983 struct certificate_ocsp *ocsp;
984 struct ocsp_cbk_arg *ocsp_arg;
985 char *ssl_buf;
986 EVP_PKEY *ssl_pkey;
987 int key_type;
988 int index;
989
Vincent Bernat3c2f2f22016-04-03 13:48:42 +0200990 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -0500991
992 ssl_pkey = SSL_get_privatekey(ssl);
993 if (!ssl_pkey)
994 return SSL_TLSEXT_ERR_NOACK;
995
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200996 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -0500997
998 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
999 ocsp = ocsp_arg->s_ocsp;
1000 else {
1001 /* For multiple certs per context, we have to find the correct OCSP response based on
1002 * the certificate type
1003 */
1004 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
1005
1006 if (index < 0)
1007 return SSL_TLSEXT_ERR_NOACK;
1008
1009 ocsp = ocsp_arg->m_ocsp[index];
1010
1011 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001012
1013 if (!ocsp ||
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001014 !ocsp->response.area ||
1015 !ocsp->response.data ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001016 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001017 return SSL_TLSEXT_ERR_NOACK;
1018
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001019 ssl_buf = OPENSSL_malloc(ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001020 if (!ssl_buf)
1021 return SSL_TLSEXT_ERR_NOACK;
1022
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001023 memcpy(ssl_buf, ocsp->response.area, ocsp->response.data);
1024 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001025
1026 return SSL_TLSEXT_ERR_OK;
1027}
1028
1029/*
1030 * This function enables the handling of OCSP status extension on 'ctx' if a
1031 * file name 'cert_path' suffixed using ".ocsp" is present.
1032 * To enable OCSP status extension, the issuer's certificate is mandatory.
1033 * It should be present in the certificate's extra chain builded from file
1034 * 'cert_path'. If not found, the issuer certificate is loaded from a file
1035 * named 'cert_path' suffixed using '.issuer'.
1036 *
1037 * In addition, ".ocsp" file content is loaded as a DER format of an OCSP
1038 * response. If file is empty or content is not a valid OCSP response,
1039 * OCSP status extension is enabled but OCSP response is ignored (a warning
1040 * is displayed).
1041 *
1042 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
1043 * succesfully enabled, or -1 in other error case.
1044 */
1045static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
1046{
1047
1048 BIO *in = NULL;
1049 X509 *x, *xi = NULL, *issuer = NULL;
1050 STACK_OF(X509) *chain = NULL;
1051 OCSP_CERTID *cid = NULL;
1052 SSL *ssl;
1053 char ocsp_path[MAXPATHLEN+1];
1054 int i, ret = -1;
1055 struct stat st;
1056 struct certificate_ocsp *ocsp = NULL, *iocsp;
1057 char *warn = NULL;
1058 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001059 pem_password_cb *passwd_cb;
1060 void *passwd_cb_userdata;
1061 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001062
1063 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1064
1065 if (stat(ocsp_path, &st))
1066 return 1;
1067
1068 ssl = SSL_new(ctx);
1069 if (!ssl)
1070 goto out;
1071
1072 x = SSL_get_certificate(ssl);
1073 if (!x)
1074 goto out;
1075
1076 /* Try to lookup for issuer in certificate extra chain */
1077#ifdef SSL_CTRL_GET_EXTRA_CHAIN_CERTS
1078 SSL_CTX_get_extra_chain_certs(ctx, &chain);
1079#else
1080 chain = ctx->extra_certs;
1081#endif
1082 for (i = 0; i < sk_X509_num(chain); i++) {
1083 issuer = sk_X509_value(chain, i);
1084 if (X509_check_issued(issuer, x) == X509_V_OK)
1085 break;
1086 else
1087 issuer = NULL;
1088 }
1089
1090 /* If not found try to load issuer from a suffixed file */
1091 if (!issuer) {
1092 char issuer_path[MAXPATHLEN+1];
1093
1094 in = BIO_new(BIO_s_file());
1095 if (!in)
1096 goto out;
1097
1098 snprintf(issuer_path, MAXPATHLEN+1, "%s.issuer", cert_path);
1099 if (BIO_read_filename(in, issuer_path) <= 0)
1100 goto out;
1101
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001102 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
1103 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
1104
1105 xi = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001106 if (!xi)
1107 goto out;
1108
1109 if (X509_check_issued(xi, x) != X509_V_OK)
1110 goto out;
1111
1112 issuer = xi;
1113 }
1114
1115 cid = OCSP_cert_to_id(0, x, issuer);
1116 if (!cid)
1117 goto out;
1118
1119 i = i2d_OCSP_CERTID(cid, NULL);
1120 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1121 goto out;
1122
Vincent Bernat02779b62016-04-03 13:48:43 +02001123 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001124 if (!ocsp)
1125 goto out;
1126
1127 p = ocsp->key_data;
1128 i2d_OCSP_CERTID(cid, &p);
1129
1130 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1131 if (iocsp == ocsp)
1132 ocsp = NULL;
1133
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001134#ifndef SSL_CTX_get_tlsext_status_cb
1135# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1136 *cb = (void (*) (void))ctx->tlsext_status_cb;
1137#endif
1138 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1139
1140 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001141 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001142 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001143
1144 cb_arg->is_single = 1;
1145 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001146
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001147 pkey = X509_get_pubkey(x);
1148 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1149 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001150
1151 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1152 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1153 } else {
1154 /*
1155 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1156 * Update that cb_arg with the new cert's staple
1157 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001158 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001159 struct certificate_ocsp *tmp_ocsp;
1160 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001161 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001162 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001163
1164#ifdef SSL_CTX_get_tlsext_status_arg
1165 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1166#else
1167 cb_arg = ctx->tlsext_status_arg;
1168#endif
yanbzhube2774d2015-12-10 15:07:30 -05001169
1170 /*
1171 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1172 * the order of operations below matter, take care when changing it
1173 */
1174 tmp_ocsp = cb_arg->s_ocsp;
1175 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1176 cb_arg->s_ocsp = NULL;
1177 cb_arg->m_ocsp[index] = tmp_ocsp;
1178 cb_arg->is_single = 0;
1179 cb_arg->single_kt = 0;
1180
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001181 pkey = X509_get_pubkey(x);
1182 key_type = EVP_PKEY_base_id(pkey);
1183 EVP_PKEY_free(pkey);
1184
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001185 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001186 if (index >= 0 && !cb_arg->m_ocsp[index])
1187 cb_arg->m_ocsp[index] = iocsp;
1188
1189 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001190
1191 ret = 0;
1192
1193 warn = NULL;
1194 if (ssl_sock_load_ocsp_response_from_file(ocsp_path, iocsp, cid, &warn)) {
1195 memprintf(&warn, "Loading '%s': %s. Content will be ignored", ocsp_path, warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001196 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001197 }
1198
1199out:
1200 if (ssl)
1201 SSL_free(ssl);
1202
1203 if (in)
1204 BIO_free(in);
1205
1206 if (xi)
1207 X509_free(xi);
1208
1209 if (cid)
1210 OCSP_CERTID_free(cid);
1211
1212 if (ocsp)
1213 free(ocsp);
1214
1215 if (warn)
1216 free(warn);
1217
1218
1219 return ret;
1220}
1221
1222#endif
1223
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001224#ifdef OPENSSL_IS_BORINGSSL
1225static int ssl_sock_set_ocsp_response_from_file(SSL_CTX *ctx, const char *cert_path)
1226{
1227 char ocsp_path[MAXPATHLEN+1];
1228 struct stat st;
1229 int fd = -1, r = 0;
1230
1231 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1232 if (stat(ocsp_path, &st))
1233 return 0;
1234
1235 fd = open(ocsp_path, O_RDONLY);
1236 if (fd == -1) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01001237 ha_warning("Error opening OCSP response file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001238 return -1;
1239 }
1240
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001241 trash.data = 0;
1242 while (trash.data < trash.size) {
1243 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001244 if (r < 0) {
1245 if (errno == EINTR)
1246 continue;
Christopher Faulet767a84b2017-11-24 16:50:31 +01001247 ha_warning("Error reading OCSP response from file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001248 close(fd);
1249 return -1;
1250 }
1251 else if (r == 0) {
1252 break;
1253 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001254 trash.data += r;
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001255 }
1256 close(fd);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001257 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *) trash.area,
1258 trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001259}
1260#endif
1261
Daniel Jakots54ffb912015-11-06 20:02:41 +01001262#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001263
1264#define CT_EXTENSION_TYPE 18
1265
1266static int sctl_ex_index = -1;
1267
1268/*
1269 * Try to parse Signed Certificate Timestamp List structure. This function
1270 * makes only basic test if the data seems like SCTL. No signature validation
1271 * is performed.
1272 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001273static int ssl_sock_parse_sctl(struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001274{
1275 int ret = 1;
1276 int len, pos, sct_len;
1277 unsigned char *data;
1278
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001279 if (sctl->data < 2)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001280 goto out;
1281
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001282 data = (unsigned char *) sctl->area;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001283 len = (data[0] << 8) | data[1];
1284
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001285 if (len + 2 != sctl->data)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001286 goto out;
1287
1288 data = data + 2;
1289 pos = 0;
1290 while (pos < len) {
1291 if (len - pos < 2)
1292 goto out;
1293
1294 sct_len = (data[pos] << 8) | data[pos + 1];
1295 if (pos + sct_len + 2 > len)
1296 goto out;
1297
1298 pos += sct_len + 2;
1299 }
1300
1301 ret = 0;
1302
1303out:
1304 return ret;
1305}
1306
Willy Tarreau83061a82018-07-13 11:56:34 +02001307static int ssl_sock_load_sctl_from_file(const char *sctl_path,
1308 struct buffer **sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001309{
1310 int fd = -1;
1311 int r = 0;
1312 int ret = 1;
1313
1314 *sctl = NULL;
1315
1316 fd = open(sctl_path, O_RDONLY);
1317 if (fd == -1)
1318 goto end;
1319
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001320 trash.data = 0;
1321 while (trash.data < trash.size) {
1322 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001323 if (r < 0) {
1324 if (errno == EINTR)
1325 continue;
1326
1327 goto end;
1328 }
1329 else if (r == 0) {
1330 break;
1331 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001332 trash.data += r;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001333 }
1334
1335 ret = ssl_sock_parse_sctl(&trash);
1336 if (ret)
1337 goto end;
1338
Vincent Bernat02779b62016-04-03 13:48:43 +02001339 *sctl = calloc(1, sizeof(**sctl));
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001340 if (!chunk_dup(*sctl, &trash)) {
1341 free(*sctl);
1342 *sctl = NULL;
1343 goto end;
1344 }
1345
1346end:
1347 if (fd != -1)
1348 close(fd);
1349
1350 return ret;
1351}
1352
1353int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1354{
Willy Tarreau83061a82018-07-13 11:56:34 +02001355 struct buffer *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001356
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001357 *out = (unsigned char *) sctl->area;
1358 *outlen = sctl->data;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001359
1360 return 1;
1361}
1362
1363int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1364{
1365 return 1;
1366}
1367
1368static int ssl_sock_load_sctl(SSL_CTX *ctx, const char *cert_path)
1369{
1370 char sctl_path[MAXPATHLEN+1];
1371 int ret = -1;
1372 struct stat st;
Willy Tarreau83061a82018-07-13 11:56:34 +02001373 struct buffer *sctl = NULL;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001374
1375 snprintf(sctl_path, MAXPATHLEN+1, "%s.sctl", cert_path);
1376
1377 if (stat(sctl_path, &st))
1378 return 1;
1379
1380 if (ssl_sock_load_sctl_from_file(sctl_path, &sctl))
1381 goto out;
1382
1383 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL)) {
1384 free(sctl);
1385 goto out;
1386 }
1387
1388 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1389
1390 ret = 0;
1391
1392out:
1393 return ret;
1394}
1395
1396#endif
1397
Emeric Brune1f38db2012-09-03 20:36:47 +02001398void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1399{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001400 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brund8b2bb52014-01-28 15:43:53 +01001401 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001402 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001403
1404 if (where & SSL_CB_HANDSHAKE_START) {
1405 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001406 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001407 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001408 conn->err_code = CO_ER_SSL_RENEG;
1409 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001410 }
Emeric Brund8b2bb52014-01-28 15:43:53 +01001411
1412 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
1413 if (!(conn->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
1414 /* Long certificate chains optimz
1415 If write and read bios are differents, we
1416 consider that the buffering was activated,
1417 so we rise the output buffer size from 4k
1418 to 16k */
1419 write_bio = SSL_get_wbio(ssl);
1420 if (write_bio != SSL_get_rbio(ssl)) {
1421 BIO_set_write_buffer_size(write_bio, 16384);
1422 conn->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
1423 }
1424 }
1425 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001426}
1427
Emeric Brune64aef12012-09-21 13:15:06 +02001428/* Callback is called for each certificate of the chain during a verify
1429 ok is set to 1 if preverify detect no error on current certificate.
1430 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001431int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001432{
1433 SSL *ssl;
1434 struct connection *conn;
Emeric Brun81c00f02012-09-21 14:31:21 +02001435 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001436
1437 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001438 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001439
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001440 conn->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001441
Emeric Brun81c00f02012-09-21 14:31:21 +02001442 if (ok) /* no errors */
1443 return ok;
1444
1445 depth = X509_STORE_CTX_get_error_depth(x_store);
1446 err = X509_STORE_CTX_get_error(x_store);
1447
1448 /* check if CA error needs to be ignored */
1449 if (depth > 0) {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001450 if (!SSL_SOCK_ST_TO_CA_ERROR(conn->xprt_st)) {
1451 conn->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1452 conn->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001453 }
1454
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001455 if (objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001456 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001457 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001458 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001459 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001460
Willy Tarreau20879a02012-12-03 16:32:10 +01001461 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001462 return 0;
1463 }
1464
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001465 if (!SSL_SOCK_ST_TO_CRTERROR(conn->xprt_st))
1466 conn->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001467
Emeric Brun81c00f02012-09-21 14:31:21 +02001468 /* check if certificate error needs to be ignored */
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001469 if (objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001470 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001471 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001472 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001473 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001474
Willy Tarreau20879a02012-12-03 16:32:10 +01001475 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001476 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001477}
1478
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001479static inline
1480void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001481 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001482{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001483 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001484 unsigned char *msg;
1485 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001486 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001487
1488 /* This function is called for "from client" and "to server"
1489 * connections. The combination of write_p == 0 and content_type == 22
1490 * is only avalaible during "from client" connection.
1491 */
1492
1493 /* "write_p" is set to 0 is the bytes are received messages,
1494 * otherwise it is set to 1.
1495 */
1496 if (write_p != 0)
1497 return;
1498
1499 /* content_type contains the type of message received or sent
1500 * according with the SSL/TLS protocol spec. This message is
1501 * encoded with one byte. The value 256 (two bytes) is used
1502 * for designing the SSL/TLS record layer. According with the
1503 * rfc6101, the expected message (other than 256) are:
1504 * - change_cipher_spec(20)
1505 * - alert(21)
1506 * - handshake(22)
1507 * - application_data(23)
1508 * - (255)
1509 * We are interessed by the handshake and specially the client
1510 * hello.
1511 */
1512 if (content_type != 22)
1513 return;
1514
1515 /* The message length is at least 4 bytes, containing the
1516 * message type and the message length.
1517 */
1518 if (len < 4)
1519 return;
1520
1521 /* First byte of the handshake message id the type of
1522 * message. The konwn types are:
1523 * - hello_request(0)
1524 * - client_hello(1)
1525 * - server_hello(2)
1526 * - certificate(11)
1527 * - server_key_exchange (12)
1528 * - certificate_request(13)
1529 * - server_hello_done(14)
1530 * We are interested by the client hello.
1531 */
1532 msg = (unsigned char *)buf;
1533 if (msg[0] != 1)
1534 return;
1535
1536 /* Next three bytes are the length of the message. The total length
1537 * must be this decoded length + 4. If the length given as argument
1538 * is not the same, we abort the protocol dissector.
1539 */
1540 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1541 if (len < rec_len + 4)
1542 return;
1543 msg += 4;
1544 end = msg + rec_len;
1545 if (end < msg)
1546 return;
1547
1548 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1549 * for minor, the random, composed by 4 bytes for the unix time and
1550 * 28 bytes for unix payload, and them 1 byte for the session id. So
1551 * we jump 1 + 1 + 4 + 28 + 1 bytes.
1552 */
1553 msg += 1 + 1 + 4 + 28 + 1;
1554 if (msg > end)
1555 return;
1556
1557 /* Next two bytes are the ciphersuite length. */
1558 if (msg + 2 > end)
1559 return;
1560 rec_len = (msg[0] << 8) + msg[1];
1561 msg += 2;
1562 if (msg + rec_len > end || msg + rec_len < msg)
1563 return;
1564
Willy Tarreaubafbe012017-11-24 17:34:44 +01001565 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001566 if (!capture)
1567 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001568 /* Compute the xxh64 of the ciphersuite. */
1569 capture->xxh64 = XXH64(msg, rec_len, 0);
1570
1571 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001572 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1573 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001574 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001575
1576 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001577}
1578
Emeric Brun29f037d2014-04-25 19:05:36 +02001579/* Callback is called for ssl protocol analyse */
1580void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1581{
Emeric Brun29f037d2014-04-25 19:05:36 +02001582#ifdef TLS1_RT_HEARTBEAT
1583 /* test heartbeat received (write_p is set to 0
1584 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001585 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001586 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreauf51c6982014-04-25 20:02:39 +02001587 const unsigned char *p = buf;
1588 unsigned int payload;
1589
Emeric Brun29f037d2014-04-25 19:05:36 +02001590 conn->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001591
1592 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1593 if (*p != TLS1_HB_REQUEST)
1594 return;
1595
Willy Tarreauaeed6722014-04-25 23:59:58 +02001596 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001597 goto kill_it;
1598
1599 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001600 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001601 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001602 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001603 /* We have a clear heartbleed attack (CVE-2014-0160), the
1604 * advertised payload is larger than the advertised packet
1605 * length, so we have garbage in the buffer between the
1606 * payload and the end of the buffer (p+len). We can't know
1607 * if the SSL stack is patched, and we don't know if we can
1608 * safely wipe out the area between p+3+len and payload.
1609 * So instead, we prevent the response from being sent by
1610 * setting the max_send_fragment to 0 and we report an SSL
1611 * error, which will kill this connection. It will be reported
1612 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001613 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1614 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001615 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001616 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1617 return;
1618 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001619#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001620 if (global_ssl.capture_cipherlist > 0)
1621 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001622}
1623
Bernard Spil13c53f82018-02-15 13:34:58 +01001624#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001625/* This callback is used so that the server advertises the list of
1626 * negociable protocols for NPN.
1627 */
1628static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1629 unsigned int *len, void *arg)
1630{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001631 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001632
1633 *data = (const unsigned char *)conf->npn_str;
1634 *len = conf->npn_len;
1635 return SSL_TLSEXT_ERR_OK;
1636}
1637#endif
1638
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001639#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001640/* This callback is used so that the server advertises the list of
1641 * negociable protocols for ALPN.
1642 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001643static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1644 unsigned char *outlen,
1645 const unsigned char *server,
1646 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001647{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001648 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001649
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001650 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1651 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1652 return SSL_TLSEXT_ERR_NOACK;
1653 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001654 return SSL_TLSEXT_ERR_OK;
1655}
1656#endif
1657
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001658#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001659#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001660
Christopher Faulet30548802015-06-11 13:39:32 +02001661/* Create a X509 certificate with the specified servername and serial. This
1662 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001663static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001664ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001665{
Christopher Faulet7969a332015-10-09 11:15:03 +02001666 X509 *cacert = bind_conf->ca_sign_cert;
1667 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001668 SSL_CTX *ssl_ctx = NULL;
1669 X509 *newcrt = NULL;
1670 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001671 SSL *tmp_ssl = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001672 X509_NAME *name;
1673 const EVP_MD *digest;
1674 X509V3_CTX ctx;
1675 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001676 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001677
Christopher Faulet48a83322017-07-28 16:56:09 +02001678 /* Get the private key of the default certificate and use it */
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001679#if (OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined LIBRESSL_VERSION_NUMBER)
1680 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1681#else
1682 tmp_ssl = SSL_new(bind_conf->default_ctx);
1683 if (tmp_ssl)
1684 pkey = SSL_get_privatekey(tmp_ssl);
1685#endif
1686 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001687 goto mkcert_error;
1688
1689 /* Create the certificate */
1690 if (!(newcrt = X509_new()))
1691 goto mkcert_error;
1692
1693 /* Set version number for the certificate (X509v3) and the serial
1694 * number */
1695 if (X509_set_version(newcrt, 2L) != 1)
1696 goto mkcert_error;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001697 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001698
1699 /* Set duration for the certificate */
1700 if (!X509_gmtime_adj(X509_get_notBefore(newcrt), (long)-60*60*24) ||
1701 !X509_gmtime_adj(X509_get_notAfter(newcrt),(long)60*60*24*365))
1702 goto mkcert_error;
1703
1704 /* set public key in the certificate */
1705 if (X509_set_pubkey(newcrt, pkey) != 1)
1706 goto mkcert_error;
1707
1708 /* Set issuer name from the CA */
1709 if (!(name = X509_get_subject_name(cacert)))
1710 goto mkcert_error;
1711 if (X509_set_issuer_name(newcrt, name) != 1)
1712 goto mkcert_error;
1713
1714 /* Set the subject name using the same, but the CN */
1715 name = X509_NAME_dup(name);
1716 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
1717 (const unsigned char *)servername,
1718 -1, -1, 0) != 1) {
1719 X509_NAME_free(name);
1720 goto mkcert_error;
1721 }
1722 if (X509_set_subject_name(newcrt, name) != 1) {
1723 X509_NAME_free(name);
1724 goto mkcert_error;
1725 }
1726 X509_NAME_free(name);
1727
1728 /* Add x509v3 extensions as specified */
1729 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
1730 for (i = 0; i < X509V3_EXT_SIZE; i++) {
1731 X509_EXTENSION *ext;
1732
1733 if (!(ext = X509V3_EXT_conf(NULL, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
1734 goto mkcert_error;
1735 if (!X509_add_ext(newcrt, ext, -1)) {
1736 X509_EXTENSION_free(ext);
1737 goto mkcert_error;
1738 }
1739 X509_EXTENSION_free(ext);
1740 }
1741
1742 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001743
1744 key_type = EVP_PKEY_base_id(capkey);
1745
1746 if (key_type == EVP_PKEY_DSA)
1747 digest = EVP_sha1();
1748 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001749 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001750 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02001751 digest = EVP_sha256();
1752 else {
Christopher Faulete7db2162015-10-19 13:59:24 +02001753#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL)
Christopher Faulet7969a332015-10-09 11:15:03 +02001754 int nid;
1755
1756 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
1757 goto mkcert_error;
1758 if (!(digest = EVP_get_digestbynid(nid)))
1759 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02001760#else
1761 goto mkcert_error;
1762#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02001763 }
1764
Christopher Faulet31af49d2015-06-09 17:29:50 +02001765 if (!(X509_sign(newcrt, capkey, digest)))
1766 goto mkcert_error;
1767
1768 /* Create and set the new SSL_CTX */
1769 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
1770 goto mkcert_error;
1771 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1772 goto mkcert_error;
1773 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
1774 goto mkcert_error;
1775 if (!SSL_CTX_check_private_key(ssl_ctx))
1776 goto mkcert_error;
1777
1778 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02001779
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001780#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001781 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001782#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001783#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
1784 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001785 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001786 EC_KEY *ecc;
1787 int nid;
1788
1789 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
1790 goto end;
1791 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
1792 goto end;
1793 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
1794 EC_KEY_free(ecc);
1795 }
1796#endif
1797 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02001798 return ssl_ctx;
1799
1800 mkcert_error:
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001801 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001802 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
1803 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001804 return NULL;
1805}
1806
Christopher Faulet7969a332015-10-09 11:15:03 +02001807SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001808ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02001809{
1810 struct bind_conf *bind_conf = objt_listener(conn->target)->bind_conf;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001811
1812 return ssl_sock_do_create_cert(servername, bind_conf, conn->xprt_ctx);
Christopher Faulet7969a332015-10-09 11:15:03 +02001813}
1814
Christopher Faulet30548802015-06-11 13:39:32 +02001815/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02001816 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02001817SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02001818ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02001819{
1820 struct lru64 *lru = NULL;
1821
1822 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001823 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001824 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001825 if (lru && lru->domain) {
1826 if (ssl)
1827 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001828 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001829 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001830 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001831 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001832 }
1833 return NULL;
1834}
1835
Emeric Brun821bb9b2017-06-15 16:37:39 +02001836/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
1837 * function is not thread-safe, it should only be used to check if a certificate
1838 * exists in the lru cache (with no warranty it will not be removed by another
1839 * thread). It is kept for backward compatibility. */
1840SSL_CTX *
1841ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
1842{
1843 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
1844}
1845
Christopher Fauletd2cab922015-07-28 16:03:47 +02001846/* Set a certificate int the LRU cache used to store generated
1847 * certificate. Return 0 on success, otherwise -1 */
1848int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001849ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02001850{
1851 struct lru64 *lru = NULL;
1852
1853 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001854 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001855 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001856 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001857 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001858 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001859 }
Christopher Faulet30548802015-06-11 13:39:32 +02001860 if (lru->domain && lru->data)
1861 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02001862 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001863 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001864 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02001865 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02001866 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02001867}
1868
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001869/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02001870unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001871ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02001872{
1873 return XXH32(data, len, ssl_ctx_lru_seed);
1874}
1875
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001876/* Generate a cert and immediately assign it to the SSL session so that the cert's
1877 * refcount is maintained regardless of the cert's presence in the LRU cache.
1878 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001879static int
Christopher Faulet7969a332015-10-09 11:15:03 +02001880ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001881{
1882 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001883 SSL_CTX *ssl_ctx = NULL;
1884 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001885 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001886
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001887 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001888 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001889 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001890 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001891 if (lru && lru->domain)
1892 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02001893 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001894 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001895 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001896 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001897 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001898 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001899 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001900 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001901 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001902 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001903 SSL_set_SSL_CTX(ssl, ssl_ctx);
1904 /* No LRU cache, this CTX will be released as soon as the session dies */
1905 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001906 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001907 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001908 return 0;
1909}
1910static int
1911ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
1912{
1913 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001914 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001915
1916 conn_get_to_addr(conn);
1917 if (conn->flags & CO_FL_ADDR_TO_SET) {
1918 key = ssl_sock_generated_cert_key(&conn->addr.to, get_addr_len(&conn->addr.to));
Emeric Brun821bb9b2017-06-15 16:37:39 +02001919 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001920 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001921 }
1922 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001923}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001924#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02001925
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001926
1927#ifndef SSL_OP_CIPHER_SERVER_PREFERENCE /* needs OpenSSL >= 0.9.7 */
1928#define SSL_OP_CIPHER_SERVER_PREFERENCE 0
1929#endif
1930
1931#ifndef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION /* needs OpenSSL >= 0.9.7 */
1932#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0
1933#define SSL_renegotiate_pending(arg) 0
1934#endif
1935#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 0.9.8 */
1936#define SSL_OP_SINGLE_ECDH_USE 0
1937#endif
1938#ifndef SSL_OP_NO_TICKET /* needs OpenSSL >= 0.9.8 */
1939#define SSL_OP_NO_TICKET 0
1940#endif
1941#ifndef SSL_OP_NO_COMPRESSION /* needs OpenSSL >= 0.9.9 */
1942#define SSL_OP_NO_COMPRESSION 0
1943#endif
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02001944#ifdef OPENSSL_NO_SSL3 /* SSLv3 support removed */
1945#undef SSL_OP_NO_SSLv3
1946#define SSL_OP_NO_SSLv3 0
1947#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001948#ifndef SSL_OP_NO_TLSv1_1 /* needs OpenSSL >= 1.0.1 */
1949#define SSL_OP_NO_TLSv1_1 0
1950#endif
1951#ifndef SSL_OP_NO_TLSv1_2 /* needs OpenSSL >= 1.0.1 */
1952#define SSL_OP_NO_TLSv1_2 0
1953#endif
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02001954#ifndef SSL_OP_NO_TLSv1_3 /* needs OpenSSL >= 1.1.1 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001955#define SSL_OP_NO_TLSv1_3 0
1956#endif
1957#ifndef SSL_OP_SINGLE_DH_USE /* needs OpenSSL >= 0.9.6 */
1958#define SSL_OP_SINGLE_DH_USE 0
1959#endif
1960#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 1.0.0 */
1961#define SSL_OP_SINGLE_ECDH_USE 0
1962#endif
1963#ifndef SSL_MODE_RELEASE_BUFFERS /* needs OpenSSL >= 1.0.0 */
1964#define SSL_MODE_RELEASE_BUFFERS 0
1965#endif
1966#ifndef SSL_MODE_SMALL_BUFFERS /* needs small_records.patch */
1967#define SSL_MODE_SMALL_BUFFERS 0
1968#endif
Lukas Tribus926594f2018-05-18 17:55:57 +02001969#ifndef SSL_OP_PRIORITIZE_CHACHA /* needs OpenSSL >= 1.1.1 */
1970#define SSL_OP_PRIORITIZE_CHACHA 0
1971#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001972
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02001973#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001974typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
1975
1976static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001977{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02001978#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001979 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001980 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
1981#endif
1982}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001983static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
1984 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001985 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
1986}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001987static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001988#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001989 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001990 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
1991#endif
1992}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001993static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001994#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001995 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001996 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
1997#endif
1998}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001999/* TLS 1.2 is the last supported version in this context. */
2000static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
2001/* Unusable in this context. */
2002static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
2003static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
2004static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
2005static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
2006static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002007#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002008typedef enum { SET_MIN, SET_MAX } set_context_func;
2009
2010static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2011 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002012 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2013}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002014static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2015 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2016 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2017}
2018static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2019 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002020 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2021}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002022static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2023 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2024 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2025}
2026static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2027 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002028 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2029}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002030static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2031 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2032 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2033}
2034static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2035 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002036 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2037}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002038static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2039 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2040 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2041}
2042static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002043#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002044 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002045 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2046#endif
2047}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002048static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2049#if SSL_OP_NO_TLSv1_3
2050 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2051 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002052#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002053}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002054#endif
2055static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2056static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002057
2058static struct {
2059 int option;
2060 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002061 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2062 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002063 const char *name;
2064} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002065 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2066 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2067 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2068 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2069 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2070 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002071};
2072
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002073static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2074{
2075 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2076 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2077 SSL_set_SSL_CTX(ssl, ctx);
2078}
2079
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002080#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002081
2082static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2083{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002084 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002085 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002086
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002087 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2088 return SSL_TLSEXT_ERR_OK;
2089 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002090}
2091
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002092#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002093static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2094{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002095 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002096#else
2097static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2098{
2099#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002100 struct connection *conn;
2101 struct bind_conf *s;
2102 const uint8_t *extension_data;
2103 size_t extension_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002104 int has_rsa = 0, has_ecdsa = 0, has_ecdsa_sig = 0;
2105
2106 char *wildp = NULL;
2107 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002108 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002109 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002110 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002111 int i;
2112
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002113 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002114 s = objt_listener(conn->target)->bind_conf;
2115
Olivier Houchard9679ac92017-10-27 14:58:08 +02002116 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002117 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002118#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002119 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2120 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002121#else
2122 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2123#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002124 /*
2125 * The server_name extension was given too much extensibility when it
2126 * was written, so parsing the normal case is a bit complex.
2127 */
2128 size_t len;
2129 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002130 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002131 /* Extract the length of the supplied list of names. */
2132 len = (*extension_data++) << 8;
2133 len |= *extension_data++;
2134 if (len + 2 != extension_len)
2135 goto abort;
2136 /*
2137 * The list in practice only has a single element, so we only consider
2138 * the first one.
2139 */
2140 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2141 goto abort;
2142 extension_len = len - 1;
2143 /* Now we can finally pull out the byte array with the actual hostname. */
2144 if (extension_len <= 2)
2145 goto abort;
2146 len = (*extension_data++) << 8;
2147 len |= *extension_data++;
2148 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2149 || memchr(extension_data, 0, len) != NULL)
2150 goto abort;
2151 servername = extension_data;
2152 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002153 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002154#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2155 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002156 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002157 }
2158#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002159 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002160 if (!s->strict_sni) {
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002161 ssl_sock_switchctx_set(ssl, s->default_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002162 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002163 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002164 goto abort;
2165 }
2166
2167 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002168#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002169 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002170#else
2171 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2172#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002173 uint8_t sign;
2174 size_t len;
2175 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002176 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002177 len = (*extension_data++) << 8;
2178 len |= *extension_data++;
2179 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002180 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002181 if (len % 2 != 0)
2182 goto abort;
2183 for (; len > 0; len -= 2) {
2184 extension_data++; /* hash */
2185 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002186 switch (sign) {
2187 case TLSEXT_signature_rsa:
2188 has_rsa = 1;
2189 break;
2190 case TLSEXT_signature_ecdsa:
2191 has_ecdsa_sig = 1;
2192 break;
2193 default:
2194 continue;
2195 }
2196 if (has_ecdsa_sig && has_rsa)
2197 break;
2198 }
2199 } else {
2200 /* without TLSEXT_TYPE_signature_algorithms extension (< TLS 1.2) */
2201 has_rsa = 1;
2202 }
2203 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002204 const SSL_CIPHER *cipher;
2205 size_t len;
2206 const uint8_t *cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002207#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002208 len = ctx->cipher_suites_len;
2209 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002210#else
2211 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2212#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002213 if (len % 2 != 0)
2214 goto abort;
2215 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002216#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002217 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002218 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002219#else
2220 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2221#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002222 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002223 has_ecdsa = 1;
2224 break;
2225 }
2226 }
2227 }
2228
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002229 for (i = 0; i < trash.size && i < servername_len; i++) {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002230 trash.area[i] = tolower(servername[i]);
2231 if (!wildp && (trash.area[i] == '.'))
2232 wildp = &trash.area[i];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002233 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002234 trash.area[i] = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002235
2236 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002237 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002238
2239 /* lookup a not neg filter */
2240 for (n = node; n; n = ebmb_next_dup(n)) {
2241 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002242 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002243 case TLSEXT_signature_ecdsa:
2244 if (has_ecdsa) {
2245 node_ecdsa = n;
2246 goto find_one;
2247 }
2248 break;
2249 case TLSEXT_signature_rsa:
2250 if (has_rsa && !node_rsa) {
2251 node_rsa = n;
2252 if (!has_ecdsa)
2253 goto find_one;
2254 }
2255 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002256 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002257 if (!node_anonymous)
2258 node_anonymous = n;
2259 break;
2260 }
2261 }
2262 }
2263 if (wildp) {
2264 /* lookup in wildcards names */
2265 node = ebst_lookup(&s->sni_w_ctx, wildp);
2266 for (n = node; n; n = ebmb_next_dup(n)) {
2267 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002268 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002269 case TLSEXT_signature_ecdsa:
2270 if (has_ecdsa) {
2271 node_ecdsa = n;
2272 goto find_one;
2273 }
2274 break;
2275 case TLSEXT_signature_rsa:
2276 if (has_rsa && !node_rsa) {
2277 node_rsa = n;
2278 if (!has_ecdsa)
2279 goto find_one;
2280 }
2281 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002282 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002283 if (!node_anonymous)
2284 node_anonymous = n;
2285 break;
2286 }
2287 }
2288 }
2289 }
2290 find_one:
2291 /* select by key_signature priority order */
2292 node = node_ecdsa ? node_ecdsa : (node_rsa ? node_rsa : node_anonymous);
2293
2294 if (node) {
2295 /* switch ctx */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02002296 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002297 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002298 if (conf) {
2299 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2300 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2301 if (conf->early_data)
2302 allow_early = 1;
2303 }
2304 goto allow_early;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002305 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002306#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002307 if (s->generate_certs && ssl_sock_generate_certificate(trash.area, s, ssl)) {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002308 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002309 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002310 }
2311#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002312 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002313 /* no certificate match, is the default_ctx */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002314 ssl_sock_switchctx_set(ssl, s->default_ctx);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002315 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002316allow_early:
2317#ifdef OPENSSL_IS_BORINGSSL
2318 if (allow_early)
2319 SSL_set_early_data_enabled(ssl, 1);
2320#else
2321 if (!allow_early)
2322 SSL_set_max_early_data(ssl, 0);
2323#endif
2324 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002325 abort:
2326 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2327 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002328#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002329 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002330#else
2331 *al = SSL_AD_UNRECOGNIZED_NAME;
2332 return 0;
2333#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002334}
2335
2336#else /* OPENSSL_IS_BORINGSSL */
2337
Emeric Brunfc0421f2012-09-07 17:30:07 +02002338/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2339 * warning when no match is found, which implies the default (first) cert
2340 * will keep being used.
2341 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002342static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002343{
2344 const char *servername;
2345 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002346 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002347 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002348 int i;
2349 (void)al; /* shut gcc stupid warning */
2350
2351 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002352 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002353#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002354 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2355 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002356#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002357 if (s->strict_sni)
2358 return SSL_TLSEXT_ERR_ALERT_FATAL;
2359 ssl_sock_switchctx_set(ssl, s->default_ctx);
2360 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002361 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002362
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002363 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002364 if (!servername[i])
2365 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002366 trash.area[i] = tolower(servername[i]);
2367 if (!wildp && (trash.area[i] == '.'))
2368 wildp = &trash.area[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002369 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002370 trash.area[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002371
2372 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002373 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002374
2375 /* lookup a not neg filter */
2376 for (n = node; n; n = ebmb_next_dup(n)) {
2377 if (!container_of(n, struct sni_ctx, name)->neg) {
2378 node = n;
2379 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002380 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002381 }
2382 if (!node && wildp) {
2383 /* lookup in wildcards names */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002384 node = ebst_lookup(&s->sni_w_ctx, wildp);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002385 }
2386 if (!node || container_of(node, struct sni_ctx, name)->neg) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002387#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002388 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2389 /* switch ctx done in ssl_sock_generate_certificate */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002390 return SSL_TLSEXT_ERR_OK;
2391 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002392#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002393 if (s->strict_sni)
2394 return SSL_TLSEXT_ERR_ALERT_FATAL;
2395 ssl_sock_switchctx_set(ssl, s->default_ctx);
2396 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002397 }
2398
2399 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002400 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002401 return SSL_TLSEXT_ERR_OK;
2402}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002403#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002404#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2405
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002406#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002407
2408static DH * ssl_get_dh_1024(void)
2409{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002410 static unsigned char dh1024_p[]={
2411 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2412 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2413 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2414 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2415 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2416 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2417 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2418 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2419 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2420 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2421 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2422 };
2423 static unsigned char dh1024_g[]={
2424 0x02,
2425 };
2426
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002427 BIGNUM *p;
2428 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002429 DH *dh = DH_new();
2430 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002431 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2432 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002433
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002434 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002435 DH_free(dh);
2436 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002437 } else {
2438 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002439 }
2440 }
2441 return dh;
2442}
2443
2444static DH *ssl_get_dh_2048(void)
2445{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002446 static unsigned char dh2048_p[]={
2447 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2448 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2449 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2450 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2451 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2452 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2453 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2454 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2455 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2456 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2457 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2458 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2459 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2460 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2461 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2462 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2463 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2464 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2465 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2466 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2467 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2468 0xB7,0x1F,0x77,0xF3,
2469 };
2470 static unsigned char dh2048_g[]={
2471 0x02,
2472 };
2473
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002474 BIGNUM *p;
2475 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002476 DH *dh = DH_new();
2477 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002478 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2479 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002480
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002481 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002482 DH_free(dh);
2483 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002484 } else {
2485 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002486 }
2487 }
2488 return dh;
2489}
2490
2491static DH *ssl_get_dh_4096(void)
2492{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002493 static unsigned char dh4096_p[]={
2494 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2495 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2496 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2497 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2498 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2499 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2500 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2501 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2502 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2503 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2504 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2505 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2506 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2507 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2508 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2509 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2510 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2511 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2512 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2513 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2514 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2515 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2516 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2517 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2518 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2519 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2520 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2521 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2522 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2523 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2524 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2525 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2526 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2527 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2528 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2529 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2530 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2531 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2532 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2533 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2534 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2535 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2536 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002537 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002538 static unsigned char dh4096_g[]={
2539 0x02,
2540 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002541
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002542 BIGNUM *p;
2543 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002544 DH *dh = DH_new();
2545 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002546 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2547 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002548
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002549 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002550 DH_free(dh);
2551 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002552 } else {
2553 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002554 }
2555 }
2556 return dh;
2557}
2558
2559/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002560 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002561static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2562{
2563 DH *dh = NULL;
2564 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002565 int type;
2566
2567 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002568
2569 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2570 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2571 */
2572 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2573 keylen = EVP_PKEY_bits(pkey);
2574 }
2575
Willy Tarreauef934602016-12-22 23:12:01 +01002576 if (keylen > global_ssl.default_dh_param) {
2577 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002578 }
2579
Remi Gacogned3a341a2015-05-29 16:26:17 +02002580 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002581 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002582 }
2583 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002584 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002585 }
2586 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002587 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002588 }
2589
2590 return dh;
2591}
2592
Remi Gacogne47783ef2015-05-29 15:53:22 +02002593static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002594{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002595 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002596 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002597
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002598 if (in == NULL)
2599 goto end;
2600
Remi Gacogne47783ef2015-05-29 15:53:22 +02002601 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002602 goto end;
2603
Remi Gacogne47783ef2015-05-29 15:53:22 +02002604 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2605
2606end:
2607 if (in)
2608 BIO_free(in);
2609
2610 return dh;
2611}
2612
2613int ssl_sock_load_global_dh_param_from_file(const char *filename)
2614{
2615 global_dh = ssl_sock_get_dh_from_file(filename);
2616
2617 if (global_dh) {
2618 return 0;
2619 }
2620
2621 return -1;
2622}
2623
2624/* Loads Diffie-Hellman parameter from a file. Returns 1 if loaded, else -1
2625 if an error occured, and 0 if parameter not found. */
2626int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file)
2627{
2628 int ret = -1;
2629 DH *dh = ssl_sock_get_dh_from_file(file);
2630
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002631 if (dh) {
2632 ret = 1;
2633 SSL_CTX_set_tmp_dh(ctx, dh);
Remi Gacogne4f902b82015-05-28 16:23:00 +02002634
2635 if (ssl_dh_ptr_index >= 0) {
2636 /* store a pointer to the DH params to avoid complaining about
2637 ssl-default-dh-param not being set for this SSL_CTX */
2638 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
2639 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002640 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02002641 else if (global_dh) {
2642 SSL_CTX_set_tmp_dh(ctx, global_dh);
2643 ret = 0; /* DH params not found */
2644 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002645 else {
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002646 /* Clear openssl global errors stack */
2647 ERR_clear_error();
2648
Willy Tarreauef934602016-12-22 23:12:01 +01002649 if (global_ssl.default_dh_param <= 1024) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002650 /* we are limited to DH parameter of 1024 bits anyway */
Remi Gacognec7e12632016-07-02 16:26:10 +02002651 if (local_dh_1024 == NULL)
2652 local_dh_1024 = ssl_get_dh_1024();
2653
Remi Gacogne8de54152014-07-15 11:36:40 +02002654 if (local_dh_1024 == NULL)
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002655 goto end;
Willy Tarreau6e774b42014-04-25 21:35:23 +02002656
Remi Gacogne8de54152014-07-15 11:36:40 +02002657 SSL_CTX_set_tmp_dh(ctx, local_dh_1024);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002658 }
2659 else {
2660 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
2661 }
Willy Tarreau6e774b42014-04-25 21:35:23 +02002662
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002663 ret = 0; /* DH params not found */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002664 }
Emeric Brun644cde02012-12-14 11:21:13 +01002665
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002666end:
2667 if (dh)
2668 DH_free(dh);
2669
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002670 return ret;
2671}
2672#endif
2673
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002674static int ssl_sock_add_cert_sni(SSL_CTX *ctx, struct bind_conf *s, struct ssl_bind_conf *conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002675 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002676{
2677 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002678 int wild = 0, neg = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002679 struct ebmb_node *node;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002680
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002681 if (*name == '!') {
2682 neg = 1;
2683 name++;
2684 }
2685 if (*name == '*') {
2686 wild = 1;
2687 name++;
2688 }
2689 /* !* filter is a nop */
2690 if (neg && wild)
2691 return order;
2692 if (*name) {
2693 int j, len;
2694 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002695 for (j = 0; j < len && j < trash.size; j++)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002696 trash.area[j] = tolower(name[j]);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002697 if (j >= trash.size)
2698 return order;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002699 trash.area[j] = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002700
2701 /* Check for duplicates. */
2702 if (wild)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002703 node = ebst_lookup(&s->sni_w_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002704 else
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002705 node = ebst_lookup(&s->sni_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002706 for (; node; node = ebmb_next_dup(node)) {
2707 sc = ebmb_entry(node, struct sni_ctx, name);
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002708 if (sc->ctx == ctx && sc->conf == conf && sc->neg == neg)
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002709 return order;
2710 }
2711
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002712 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002713 if (!sc)
2714 return order;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002715 memcpy(sc->name.key, trash.area, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002716 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002717 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002718 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002719 sc->order = order++;
2720 sc->neg = neg;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01002721 if (kinfo.sig != TLSEXT_signature_anonymous)
2722 SSL_CTX_set_ex_data(ctx, ssl_pkey_info_index, &sc->kinfo);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002723 if (wild)
2724 ebst_insert(&s->sni_w_ctx, &sc->name);
2725 else
2726 ebst_insert(&s->sni_ctx, &sc->name);
2727 }
2728 return order;
2729}
2730
yanbzhu488a4d22015-12-01 15:16:07 -05002731
2732/* The following code is used for loading multiple crt files into
2733 * SSL_CTX's based on CN/SAN
2734 */
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01002735#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)
yanbzhu488a4d22015-12-01 15:16:07 -05002736/* This is used to preload the certifcate, private key
2737 * and Cert Chain of a file passed in via the crt
2738 * argument
2739 *
2740 * This way, we do not have to read the file multiple times
2741 */
2742struct cert_key_and_chain {
2743 X509 *cert;
2744 EVP_PKEY *key;
2745 unsigned int num_chain_certs;
2746 /* This is an array of X509 pointers */
2747 X509 **chain_certs;
2748};
2749
yanbzhu08ce6ab2015-12-02 13:01:29 -05002750#define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
2751
2752struct key_combo_ctx {
2753 SSL_CTX *ctx;
2754 int order;
2755};
2756
2757/* Map used for processing multiple keypairs for a single purpose
2758 *
2759 * This maps CN/SNI name to certificate type
2760 */
2761struct sni_keytype {
2762 int keytypes; /* BITMASK for keytypes */
2763 struct ebmb_node name; /* node holding the servername value */
2764};
2765
2766
yanbzhu488a4d22015-12-01 15:16:07 -05002767/* Frees the contents of a cert_key_and_chain
2768 */
2769static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
2770{
2771 int i;
2772
2773 if (!ckch)
2774 return;
2775
2776 /* Free the certificate and set pointer to NULL */
2777 if (ckch->cert)
2778 X509_free(ckch->cert);
2779 ckch->cert = NULL;
2780
2781 /* Free the key and set pointer to NULL */
2782 if (ckch->key)
2783 EVP_PKEY_free(ckch->key);
2784 ckch->key = NULL;
2785
2786 /* Free each certificate in the chain */
2787 for (i = 0; i < ckch->num_chain_certs; i++) {
2788 if (ckch->chain_certs[i])
2789 X509_free(ckch->chain_certs[i]);
2790 }
2791
2792 /* Free the chain obj itself and set to NULL */
2793 if (ckch->num_chain_certs > 0) {
2794 free(ckch->chain_certs);
2795 ckch->num_chain_certs = 0;
2796 ckch->chain_certs = NULL;
2797 }
2798
2799}
2800
2801/* checks if a key and cert exists in the ckch
2802 */
2803static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
2804{
2805 return (ckch->cert != NULL && ckch->key != NULL);
2806}
2807
2808
2809/* Loads the contents of a crt file (path) into a cert_key_and_chain
2810 * This allows us to carry the contents of the file without having to
2811 * read the file multiple times.
2812 *
2813 * returns:
2814 * 0 on Success
2815 * 1 on SSL Failure
2816 * 2 on file not found
2817 */
2818static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
2819{
2820
2821 BIO *in;
2822 X509 *ca = NULL;
2823 int ret = 1;
2824
2825 ssl_sock_free_cert_key_and_chain_contents(ckch);
2826
2827 in = BIO_new(BIO_s_file());
2828 if (in == NULL)
2829 goto end;
2830
2831 if (BIO_read_filename(in, path) <= 0)
2832 goto end;
2833
yanbzhu488a4d22015-12-01 15:16:07 -05002834 /* Read Private Key */
2835 ckch->key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
2836 if (ckch->key == NULL) {
2837 memprintf(err, "%sunable to load private key from file '%s'.\n",
2838 err && *err ? *err : "", path);
2839 goto end;
2840 }
2841
Willy Tarreaubb137a82016-04-06 19:02:38 +02002842 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02002843 if (BIO_reset(in) == -1) {
2844 memprintf(err, "%san error occurred while reading the file '%s'.\n",
2845 err && *err ? *err : "", path);
2846 goto end;
2847 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02002848
2849 /* Read Certificate */
2850 ckch->cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
2851 if (ckch->cert == NULL) {
2852 memprintf(err, "%sunable to load certificate from file '%s'.\n",
2853 err && *err ? *err : "", path);
2854 goto end;
2855 }
2856
yanbzhu488a4d22015-12-01 15:16:07 -05002857 /* Read Certificate Chain */
2858 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
2859 /* Grow the chain certs */
2860 ckch->num_chain_certs++;
2861 ckch->chain_certs = realloc(ckch->chain_certs, (ckch->num_chain_certs * sizeof(X509 *)));
2862
2863 /* use - 1 here since we just incremented it above */
2864 ckch->chain_certs[ckch->num_chain_certs - 1] = ca;
2865 }
2866 ret = ERR_get_error();
2867 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
2868 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
2869 err && *err ? *err : "", path);
2870 ret = 1;
2871 goto end;
2872 }
2873
2874 ret = 0;
2875
2876end:
2877
2878 ERR_clear_error();
2879 if (in)
2880 BIO_free(in);
2881
2882 /* Something went wrong in one of the reads */
2883 if (ret != 0)
2884 ssl_sock_free_cert_key_and_chain_contents(ckch);
2885
2886 return ret;
2887}
2888
2889/* Loads the info in ckch into ctx
2890 * Currently, this does not process any information about ocsp, dhparams or
2891 * sctl
2892 * Returns
2893 * 0 on success
2894 * 1 on failure
2895 */
2896static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
2897{
2898 int i = 0;
2899
2900 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
2901 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
2902 err && *err ? *err : "", path);
2903 return 1;
2904 }
2905
2906 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
2907 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
2908 err && *err ? *err : "", path);
2909 return 1;
2910 }
2911
yanbzhu488a4d22015-12-01 15:16:07 -05002912 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
2913 for (i = 0; i < ckch->num_chain_certs; i++) {
2914 if (!SSL_CTX_add1_chain_cert(ctx, ckch->chain_certs[i])) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05002915 memprintf(err, "%sunable to load chain certificate #%d into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
2916 err && *err ? *err : "", (i+1), path);
yanbzhu488a4d22015-12-01 15:16:07 -05002917 return 1;
2918 }
2919 }
2920
2921 if (SSL_CTX_check_private_key(ctx) <= 0) {
2922 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
2923 err && *err ? *err : "", path);
2924 return 1;
2925 }
2926
2927 return 0;
2928}
2929
yanbzhu08ce6ab2015-12-02 13:01:29 -05002930
2931static void ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
2932{
2933 struct sni_keytype *s_kt = NULL;
2934 struct ebmb_node *node;
2935 int i;
2936
2937 for (i = 0; i < trash.size; i++) {
2938 if (!str[i])
2939 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002940 trash.area[i] = tolower(str[i]);
yanbzhu08ce6ab2015-12-02 13:01:29 -05002941 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002942 trash.area[i] = 0;
2943 node = ebst_lookup(sni_keytypes, trash.area);
yanbzhu08ce6ab2015-12-02 13:01:29 -05002944 if (!node) {
2945 /* CN not found in tree */
2946 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
2947 /* Using memcpy here instead of strncpy.
2948 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
2949 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
2950 */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002951 memcpy(s_kt->name.key, trash.area, i+1);
yanbzhu08ce6ab2015-12-02 13:01:29 -05002952 s_kt->keytypes = 0;
2953 ebst_insert(sni_keytypes, &s_kt->name);
2954 } else {
2955 /* CN found in tree */
2956 s_kt = container_of(node, struct sni_keytype, name);
2957 }
2958
2959 /* Mark that this CN has the keytype of key_index via keytypes mask */
2960 s_kt->keytypes |= 1<<key_index;
2961
2962}
2963
2964
2965/* Given a path that does not exist, try to check for path.rsa, path.dsa and path.ecdsa files.
2966 * If any are found, group these files into a set of SSL_CTX*
2967 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
2968 *
2969 * This will allow the user to explictly group multiple cert/keys for a single purpose
2970 *
2971 * Returns
2972 * 0 on success
2973 * 1 on failure
2974 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002975static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
2976 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05002977{
2978 char fp[MAXPATHLEN+1] = {0};
2979 int n = 0;
2980 int i = 0;
2981 struct cert_key_and_chain certs_and_keys[SSL_SOCK_NUM_KEYTYPES] = { {0} };
2982 struct eb_root sni_keytypes_map = { {0} };
2983 struct ebmb_node *node;
2984 struct ebmb_node *next;
2985 /* Array of SSL_CTX pointers corresponding to each possible combo
2986 * of keytypes
2987 */
2988 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
2989 int rv = 0;
2990 X509_NAME *xname = NULL;
2991 char *str = NULL;
2992#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
2993 STACK_OF(GENERAL_NAME) *names = NULL;
2994#endif
2995
2996 /* Load all possible certs and keys */
2997 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
2998 struct stat buf;
2999
3000 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3001 if (stat(fp, &buf) == 0) {
3002 if (ssl_sock_load_crt_file_into_ckch(fp, &certs_and_keys[n], err) == 1) {
3003 rv = 1;
3004 goto end;
3005 }
3006 }
3007 }
3008
3009 /* Process each ckch and update keytypes for each CN/SAN
3010 * for example, if CN/SAN www.a.com is associated with
3011 * certs with keytype 0 and 2, then at the end of the loop,
3012 * www.a.com will have:
3013 * keyindex = 0 | 1 | 4 = 5
3014 */
3015 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3016
3017 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3018 continue;
3019
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003020 if (fcount) {
Willy Tarreau24b892f2016-06-20 23:01:57 +02003021 for (i = 0; i < fcount; i++)
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003022 ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3023 } else {
3024 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3025 * so the line that contains logic is marked via comments
3026 */
3027 xname = X509_get_subject_name(certs_and_keys[n].cert);
3028 i = -1;
3029 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3030 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003031 ASN1_STRING *value;
3032 value = X509_NAME_ENTRY_get_data(entry);
3033 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003034 /* Important line is here */
3035 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003036
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003037 OPENSSL_free(str);
3038 str = NULL;
3039 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003040 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003041
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003042 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003043#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003044 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3045 if (names) {
3046 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3047 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003048
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003049 if (name->type == GEN_DNS) {
3050 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3051 /* Important line is here */
3052 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003053
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003054 OPENSSL_free(str);
3055 str = NULL;
3056 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003057 }
3058 }
3059 }
3060 }
3061#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3062 }
3063
3064 /* If no files found, return error */
3065 if (eb_is_empty(&sni_keytypes_map)) {
3066 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3067 err && *err ? *err : "", path);
3068 rv = 1;
3069 goto end;
3070 }
3071
3072 /* We now have a map of CN/SAN to keytypes that are loaded in
3073 * Iterate through the map to create the SSL_CTX's (if needed)
3074 * and add each CTX to the SNI tree
3075 *
3076 * Some math here:
3077 * There are 2^n - 1 possibile combinations, each unique
3078 * combination is denoted by the key in the map. Each key
3079 * has a value between 1 and 2^n - 1. Conveniently, the array
3080 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3081 * entry in the array to correspond to the unique combo (key)
3082 * associated with i. This unique key combo (i) will be associated
3083 * with combos[i-1]
3084 */
3085
3086 node = ebmb_first(&sni_keytypes_map);
3087 while (node) {
3088 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003089 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003090 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003091
3092 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3093 i = container_of(node, struct sni_keytype, name)->keytypes;
3094 cur_ctx = key_combos[i-1].ctx;
3095
3096 if (cur_ctx == NULL) {
3097 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003098 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003099 if (cur_ctx == NULL) {
3100 memprintf(err, "%sunable to allocate SSL context.\n",
3101 err && *err ? *err : "");
3102 rv = 1;
3103 goto end;
3104 }
3105
yanbzhube2774d2015-12-10 15:07:30 -05003106 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003107 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3108 if (i & (1<<n)) {
3109 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003110 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3111 if (ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err) != 0) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003112 SSL_CTX_free(cur_ctx);
3113 rv = 1;
3114 goto end;
3115 }
yanbzhube2774d2015-12-10 15:07:30 -05003116
3117#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
3118 /* Load OCSP Info into context */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003119 if (ssl_sock_load_ocsp(cur_ctx, cur_file) < 0) {
yanbzhube2774d2015-12-10 15:07:30 -05003120 if (err)
3121 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
Bertrand Jacquin5424ee02016-11-13 16:37:14 +00003122 *err ? *err : "", cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003123 SSL_CTX_free(cur_ctx);
3124 rv = 1;
3125 goto end;
3126 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003127#elif (defined OPENSSL_IS_BORINGSSL)
3128 ssl_sock_set_ocsp_response_from_file(cur_ctx, cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003129#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05003130 }
3131 }
3132
3133 /* Load DH params into the ctx to support DHE keys */
3134#ifndef OPENSSL_NO_DH
3135 if (ssl_dh_ptr_index >= 0)
3136 SSL_CTX_set_ex_data(cur_ctx, ssl_dh_ptr_index, NULL);
3137
3138 rv = ssl_sock_load_dh_params(cur_ctx, NULL);
3139 if (rv < 0) {
3140 if (err)
3141 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3142 *err ? *err : "", path);
3143 rv = 1;
3144 goto end;
3145 }
3146#endif
3147
3148 /* Update key_combos */
3149 key_combos[i-1].ctx = cur_ctx;
3150 }
3151
3152 /* Update SNI Tree */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003153 key_combos[i-1].order = ssl_sock_add_cert_sni(cur_ctx, bind_conf, ssl_conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003154 kinfo, str, key_combos[i-1].order);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003155 node = ebmb_next(node);
3156 }
3157
3158
3159 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3160 if (!bind_conf->default_ctx) {
3161 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3162 if (key_combos[i].ctx) {
3163 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003164 bind_conf->default_ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003165 break;
3166 }
3167 }
3168 }
3169
3170end:
3171
3172 if (names)
3173 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
3174
3175 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
3176 ssl_sock_free_cert_key_and_chain_contents(&certs_and_keys[n]);
3177
3178 node = ebmb_first(&sni_keytypes_map);
3179 while (node) {
3180 next = ebmb_next(node);
3181 ebmb_delete(node);
3182 node = next;
3183 }
3184
3185 return rv;
3186}
3187#else
3188/* This is a dummy, that just logs an error and returns error */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003189static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3190 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003191{
3192 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3193 err && *err ? *err : "", path, strerror(errno));
3194 return 1;
3195}
3196
yanbzhu488a4d22015-12-01 15:16:07 -05003197#endif /* #if OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
3198
Emeric Brunfc0421f2012-09-07 17:30:07 +02003199/* Loads a certificate key and CA chain from a file. Returns 0 on error, -1 if
3200 * an early error happens and the caller must call SSL_CTX_free() by itelf.
3201 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003202static int ssl_sock_load_cert_chain_file(SSL_CTX *ctx, const char *file, struct bind_conf *s,
3203 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003204{
3205 BIO *in;
3206 X509 *x = NULL, *ca;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003207 int i, err;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003208 int ret = -1;
3209 int order = 0;
3210 X509_NAME *xname;
3211 char *str;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003212 pem_password_cb *passwd_cb;
3213 void *passwd_cb_userdata;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003214 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003215 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003216
Emeric Brunfc0421f2012-09-07 17:30:07 +02003217#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3218 STACK_OF(GENERAL_NAME) *names;
3219#endif
3220
3221 in = BIO_new(BIO_s_file());
3222 if (in == NULL)
3223 goto end;
3224
3225 if (BIO_read_filename(in, file) <= 0)
3226 goto end;
3227
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003228
3229 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
3230 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
3231
3232 x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003233 if (x == NULL)
3234 goto end;
3235
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003236 pkey = X509_get_pubkey(x);
3237 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003238 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003239 switch(EVP_PKEY_base_id(pkey)) {
3240 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003241 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003242 break;
3243 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003244 kinfo.sig = TLSEXT_signature_ecdsa;
3245 break;
3246 case EVP_PKEY_DSA:
3247 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003248 break;
3249 }
3250 EVP_PKEY_free(pkey);
3251 }
3252
Emeric Brun50bcecc2013-04-22 13:05:23 +02003253 if (fcount) {
3254 while (fcount--)
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003255 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, sni_filter[fcount], order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003256 }
3257 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003258#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003259 names = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
3260 if (names) {
3261 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3262 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
3263 if (name->type == GEN_DNS) {
3264 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003265 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003266 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003267 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003268 }
3269 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003270 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003271 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003272#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003273 xname = X509_get_subject_name(x);
3274 i = -1;
3275 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3276 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003277 ASN1_STRING *value;
3278
3279 value = X509_NAME_ENTRY_get_data(entry);
3280 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003281 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003282 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003283 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003284 }
3285 }
3286
3287 ret = 0; /* the caller must not free the SSL_CTX argument anymore */
3288 if (!SSL_CTX_use_certificate(ctx, x))
3289 goto end;
3290
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003291#ifdef SSL_CTX_clear_extra_chain_certs
3292 SSL_CTX_clear_extra_chain_certs(ctx);
3293#else
Emeric Brunfc0421f2012-09-07 17:30:07 +02003294 if (ctx->extra_certs != NULL) {
3295 sk_X509_pop_free(ctx->extra_certs, X509_free);
3296 ctx->extra_certs = NULL;
3297 }
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003298#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003299
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003300 while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_cb_userdata))) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003301 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3302 X509_free(ca);
3303 goto end;
3304 }
3305 }
3306
3307 err = ERR_get_error();
3308 if (!err || (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
3309 /* we successfully reached the last cert in the file */
3310 ret = 1;
3311 }
3312 ERR_clear_error();
3313
3314end:
3315 if (x)
3316 X509_free(x);
3317
3318 if (in)
3319 BIO_free(in);
3320
3321 return ret;
3322}
3323
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003324static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3325 char **sni_filter, int fcount, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003326{
3327 int ret;
3328 SSL_CTX *ctx;
3329
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003330 ctx = SSL_CTX_new(SSLv23_server_method());
Emeric Brunfc0421f2012-09-07 17:30:07 +02003331 if (!ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003332 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3333 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003334 return 1;
3335 }
3336
3337 if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003338 memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n",
3339 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003340 SSL_CTX_free(ctx);
3341 return 1;
3342 }
3343
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003344 ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, ssl_conf, sni_filter, fcount);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003345 if (ret <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003346 memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n",
3347 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003348 if (ret < 0) /* serious error, must do that ourselves */
3349 SSL_CTX_free(ctx);
3350 return 1;
3351 }
Emeric Brun61694ab2012-10-26 13:35:33 +02003352
3353 if (SSL_CTX_check_private_key(ctx) <= 0) {
3354 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3355 err && *err ? *err : "", path);
3356 return 1;
3357 }
3358
Emeric Brunfc0421f2012-09-07 17:30:07 +02003359 /* we must not free the SSL_CTX anymore below, since it's already in
3360 * the tree, so it will be discovered and cleaned in time.
3361 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003362#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +02003363 /* store a NULL pointer to indicate we have not yet loaded
3364 a custom DH param file */
3365 if (ssl_dh_ptr_index >= 0) {
3366 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3367 }
3368
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003369 ret = ssl_sock_load_dh_params(ctx, path);
3370 if (ret < 0) {
3371 if (err)
3372 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3373 *err ? *err : "", path);
3374 return 1;
3375 }
3376#endif
3377
Lukas Tribuse4e30f72014-12-09 16:32:51 +01003378#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +02003379 ret = ssl_sock_load_ocsp(ctx, path);
3380 if (ret < 0) {
3381 if (err)
3382 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3383 *err ? *err : "", path);
3384 return 1;
3385 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003386#elif (defined OPENSSL_IS_BORINGSSL)
3387 ssl_sock_set_ocsp_response_from_file(ctx, path);
Emeric Brun4147b2e2014-06-16 18:36:30 +02003388#endif
3389
Daniel Jakots54ffb912015-11-06 20:02:41 +01003390#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01003391 if (sctl_ex_index >= 0) {
3392 ret = ssl_sock_load_sctl(ctx, path);
3393 if (ret < 0) {
3394 if (err)
3395 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3396 *err ? *err : "", path);
3397 return 1;
3398 }
3399 }
3400#endif
3401
Emeric Brunfc0421f2012-09-07 17:30:07 +02003402#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003403 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003404 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
3405 err && *err ? *err : "");
Emeric Brunfc0421f2012-09-07 17:30:07 +02003406 return 1;
3407 }
3408#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003409 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003410 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003411 bind_conf->default_ssl_conf = ssl_conf;
3412 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003413
3414 return 0;
3415}
3416
Willy Tarreau03209342016-12-22 17:08:28 +01003417int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003418{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003419 struct dirent **de_list;
3420 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003421 DIR *dir;
3422 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01003423 char *end;
3424 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02003425 int cfgerr = 0;
yanbzhu63ea8462015-12-09 13:35:14 -05003426#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
3427 int is_bundle;
3428 int j;
3429#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003430
yanbzhu08ce6ab2015-12-02 13:01:29 -05003431 if (stat(path, &buf) == 0) {
3432 dir = opendir(path);
3433 if (!dir)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003434 return ssl_sock_load_cert_file(path, bind_conf, NULL, NULL, 0, err);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003435
yanbzhu08ce6ab2015-12-02 13:01:29 -05003436 /* strip trailing slashes, including first one */
3437 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
3438 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003439
yanbzhu08ce6ab2015-12-02 13:01:29 -05003440 n = scandir(path, &de_list, 0, alphasort);
3441 if (n < 0) {
3442 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
3443 err && *err ? *err : "", path, strerror(errno));
3444 cfgerr++;
3445 }
3446 else {
3447 for (i = 0; i < n; i++) {
3448 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02003449
yanbzhu08ce6ab2015-12-02 13:01:29 -05003450 end = strrchr(de->d_name, '.');
3451 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
3452 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003453
yanbzhu08ce6ab2015-12-02 13:01:29 -05003454 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
3455 if (stat(fp, &buf) != 0) {
3456 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3457 err && *err ? *err : "", fp, strerror(errno));
3458 cfgerr++;
3459 goto ignore_entry;
3460 }
3461 if (!S_ISREG(buf.st_mode))
3462 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05003463
3464#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
3465 is_bundle = 0;
3466 /* Check if current entry in directory is part of a multi-cert bundle */
3467
3468 if (end) {
3469 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
3470 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
3471 is_bundle = 1;
3472 break;
3473 }
3474 }
3475
3476 if (is_bundle) {
3477 char dp[MAXPATHLEN+1] = {0}; /* this will be the filename w/o the keytype */
3478 int dp_len;
3479
3480 dp_len = end - de->d_name;
3481 snprintf(dp, dp_len + 1, "%s", de->d_name);
3482
3483 /* increment i and free de until we get to a non-bundle cert
3484 * Note here that we look at de_list[i + 1] before freeing de
3485 * this is important since ignore_entry will free de
3486 */
3487 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, dp, dp_len)) {
3488 free(de);
3489 i++;
3490 de = de_list[i];
3491 }
3492
3493 snprintf(fp, sizeof(fp), "%s/%s", path, dp);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003494 ssl_sock_load_multi_cert(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05003495
3496 /* Successfully processed the bundle */
3497 goto ignore_entry;
3498 }
3499 }
3500
3501#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003502 cfgerr += ssl_sock_load_cert_file(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003503ignore_entry:
3504 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003505 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003506 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003507 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003508 closedir(dir);
3509 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003510 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003511
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003512 cfgerr = ssl_sock_load_multi_cert(path, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003513
Emeric Brunfc0421f2012-09-07 17:30:07 +02003514 return cfgerr;
3515}
3516
Thierry Fournier383085f2013-01-24 14:15:43 +01003517/* Make sure openssl opens /dev/urandom before the chroot. The work is only
3518 * done once. Zero is returned if the operation fails. No error is returned
3519 * if the random is said as not implemented, because we expect that openssl
3520 * will use another method once needed.
3521 */
3522static int ssl_initialize_random()
3523{
3524 unsigned char random;
3525 static int random_initialized = 0;
3526
3527 if (!random_initialized && RAND_bytes(&random, 1) != 0)
3528 random_initialized = 1;
3529
3530 return random_initialized;
3531}
3532
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003533/* release ssl bind conf */
3534void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003535{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003536 if (conf) {
Bernard Spil13c53f82018-02-15 13:34:58 +01003537#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003538 free(conf->npn_str);
3539 conf->npn_str = NULL;
3540#endif
3541#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
3542 free(conf->alpn_str);
3543 conf->alpn_str = NULL;
3544#endif
3545 free(conf->ca_file);
3546 conf->ca_file = NULL;
3547 free(conf->crl_file);
3548 conf->crl_file = NULL;
3549 free(conf->ciphers);
3550 conf->ciphers = NULL;
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01003551 free(conf->curves);
3552 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003553 free(conf->ecdhe);
3554 conf->ecdhe = NULL;
3555 }
3556}
3557
3558int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
3559{
3560 char thisline[CRT_LINESIZE];
3561 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003562 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05003563 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003564 int linenum = 0;
3565 int cfgerr = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003566
Willy Tarreauad1731d2013-04-02 17:35:58 +02003567 if ((f = fopen(file, "r")) == NULL) {
3568 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003569 return 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003570 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003571
3572 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003573 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003574 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003575 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003576 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003577 char *crt_path;
3578 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003579
3580 linenum++;
3581 end = line + strlen(line);
3582 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
3583 /* Check if we reached the limit and the last char is not \n.
3584 * Watch out for the last line without the terminating '\n'!
3585 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02003586 memprintf(err, "line %d too long in file '%s', limit is %d characters",
3587 linenum, file, (int)sizeof(thisline)-1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003588 cfgerr = 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003589 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003590 }
3591
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003592 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02003593 newarg = 1;
3594 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003595 if (*line == '#' || *line == '\n' || *line == '\r') {
3596 /* end of string, end of loop */
3597 *line = 0;
3598 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003599 } else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02003600 newarg = 1;
3601 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003602 } else if (*line == '[') {
3603 if (ssl_b) {
3604 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
3605 cfgerr = 1;
3606 break;
3607 }
3608 if (!arg) {
3609 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
3610 cfgerr = 1;
3611 break;
3612 }
3613 ssl_b = arg;
3614 newarg = 1;
3615 *line = 0;
3616 } else if (*line == ']') {
3617 if (ssl_e) {
3618 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Emeric Brun50bcecc2013-04-22 13:05:23 +02003619 cfgerr = 1;
3620 break;
3621 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003622 if (!ssl_b) {
3623 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
3624 cfgerr = 1;
3625 break;
3626 }
3627 ssl_e = arg;
3628 newarg = 1;
3629 *line = 0;
3630 } else if (newarg) {
3631 if (arg == MAX_CRT_ARGS) {
3632 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
3633 cfgerr = 1;
3634 break;
3635 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003636 newarg = 0;
3637 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003638 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003639 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003640 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003641 if (cfgerr)
3642 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003643 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003644
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003645 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003646 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003647 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003648
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003649 crt_path = args[0];
3650 if (*crt_path != '/' && global_ssl.crt_base) {
3651 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
3652 memprintf(err, "'%s' : path too long on line %d in file '%s'",
3653 crt_path, linenum, file);
3654 cfgerr = 1;
3655 break;
3656 }
3657 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
3658 crt_path = path;
3659 }
3660
3661 ssl_conf = calloc(1, sizeof *ssl_conf);
3662 cur_arg = ssl_b ? ssl_b : 1;
3663 while (cur_arg < ssl_e) {
3664 newarg = 0;
3665 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
3666 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
3667 newarg = 1;
3668 cfgerr = ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
3669 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
3670 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
3671 args[cur_arg], linenum, file);
3672 cfgerr = 1;
3673 }
3674 cur_arg += 1 + ssl_bind_kws[i].skip;
3675 break;
3676 }
3677 }
3678 if (!cfgerr && !newarg) {
3679 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
3680 args[cur_arg], linenum, file);
3681 cfgerr = 1;
3682 break;
3683 }
3684 }
3685 if (cfgerr) {
3686 ssl_sock_free_ssl_conf(ssl_conf);
3687 free(ssl_conf);
3688 ssl_conf = NULL;
3689 break;
3690 }
3691
3692 if (stat(crt_path, &buf) == 0) {
3693 cfgerr = ssl_sock_load_cert_file(crt_path, bind_conf, ssl_conf,
3694 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003695 } else {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003696 cfgerr = ssl_sock_load_multi_cert(crt_path, bind_conf, ssl_conf,
3697 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003698 }
3699
Willy Tarreauad1731d2013-04-02 17:35:58 +02003700 if (cfgerr) {
3701 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003702 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003703 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003704 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003705 fclose(f);
3706 return cfgerr;
3707}
3708
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003709/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003710static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003711ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003712{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003713 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003714 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003715 SSL_OP_ALL | /* all known workarounds for bugs */
3716 SSL_OP_NO_SSLv2 |
3717 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003718 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02003719 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003720 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02003721 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003722 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003723 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003724 SSL_MODE_ENABLE_PARTIAL_WRITE |
3725 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01003726 SSL_MODE_RELEASE_BUFFERS |
3727 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02003728 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003729 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003730 int flags = MC_SSL_O_ALL;
3731 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003732
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003733 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003734 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003735
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003736 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01003737 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
3738 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3739 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003740 else
3741 flags = conf_ssl_methods->flags;
3742
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003743 min = conf_ssl_methods->min;
3744 max = conf_ssl_methods->max;
3745 /* start with TLSv10 to remove SSLv3 per default */
3746 if (!min && (!max || max >= CONF_TLSV10))
3747 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003748 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003749 if (min)
3750 flags |= (methodVersions[min].flag - 1);
3751 if (max)
3752 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003753 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003754 min = max = CONF_TLSV_NONE;
3755 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003756 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003757 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003758 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003759 if (min) {
3760 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003761 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
3762 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3763 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
3764 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003765 hole = 0;
3766 }
3767 max = i;
3768 }
3769 else {
3770 min = max = i;
3771 }
3772 }
3773 else {
3774 if (min)
3775 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003776 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003777 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003778 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
3779 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003780 cfgerr += 1;
3781 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02003782 /* save real min/max in bind_conf */
3783 conf_ssl_methods->min = min;
3784 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003785
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02003786#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003787 /* Keep force-xxx implementation as it is in older haproxy. It's a
3788 precautionary measure to avoid any suprise with older openssl version. */
3789 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003790 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003791 else
3792 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
3793 if (flags & methodVersions[i].flag)
3794 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003795#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003796 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003797 methodVersions[min].ctx_set_version(ctx, SET_MIN);
3798 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02003799#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003800
3801 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
3802 options |= SSL_OP_NO_TICKET;
3803 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
3804 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
3805 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003806
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02003807#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003808 if (global_ssl.async)
3809 mode |= SSL_MODE_ASYNC;
3810#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003811 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003812 if (global_ssl.life_time)
3813 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003814
3815#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3816#ifdef OPENSSL_IS_BORINGSSL
3817 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
3818 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02003819#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L)
3820 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
3821 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003822#else
3823 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003824#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02003825 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003826#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003827 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003828}
3829
William Lallemand4f45bb92017-10-30 20:08:51 +01003830
3831static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
3832{
3833 if (first == block) {
3834 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
3835 if (first->len > 0)
3836 sh_ssl_sess_tree_delete(sh_ssl_sess);
3837 }
3838}
3839
3840/* return first block from sh_ssl_sess */
3841static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
3842{
3843 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
3844
3845}
3846
3847/* store a session into the cache
3848 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
3849 * data: asn1 encoded session
3850 * data_len: asn1 encoded session length
3851 * Returns 1 id session was stored (else 0)
3852 */
3853static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
3854{
3855 struct shared_block *first;
3856 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
3857
3858 first = shctx_row_reserve_hot(ssl_shctx, data_len + sizeof(struct sh_ssl_sess_hdr));
3859 if (!first) {
3860 /* Could not retrieve enough free blocks to store that session */
3861 return 0;
3862 }
3863
3864 /* STORE the key in the first elem */
3865 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
3866 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
3867 first->len = sizeof(struct sh_ssl_sess_hdr);
3868
3869 /* it returns the already existing node
3870 or current node if none, never returns null */
3871 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
3872 if (oldsh_ssl_sess != sh_ssl_sess) {
3873 /* NOTE: Row couldn't be in use because we lock read & write function */
3874 /* release the reserved row */
3875 shctx_row_dec_hot(ssl_shctx, first);
3876 /* replace the previous session already in the tree */
3877 sh_ssl_sess = oldsh_ssl_sess;
3878 /* ignore the previous session data, only use the header */
3879 first = sh_ssl_sess_first_block(sh_ssl_sess);
3880 shctx_row_inc_hot(ssl_shctx, first);
3881 first->len = sizeof(struct sh_ssl_sess_hdr);
3882 }
3883
William Lallemand99b90af2018-01-03 19:15:51 +01003884 if (shctx_row_data_append(ssl_shctx, first, data, data_len) < 0) {
3885 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01003886 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01003887 }
3888
3889 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01003890
3891 return 1;
3892}
William Lallemanded0b5ad2017-10-30 19:36:36 +01003893
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003894/* SSL callback used when a new session is created while connecting to a server */
3895static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
3896{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02003897 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01003898 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003899
Olivier Houcharde6060c52017-11-16 17:42:52 +01003900 s = objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003901
Olivier Houcharde6060c52017-11-16 17:42:52 +01003902 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
3903 int len;
3904 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003905
Olivier Houcharde6060c52017-11-16 17:42:52 +01003906 len = i2d_SSL_SESSION(sess, NULL);
3907 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
3908 ptr = s->ssl_ctx.reused_sess[tid].ptr;
3909 } else {
3910 free(s->ssl_ctx.reused_sess[tid].ptr);
3911 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
3912 s->ssl_ctx.reused_sess[tid].allocated_size = len;
3913 }
3914 if (s->ssl_ctx.reused_sess[tid].ptr) {
3915 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
3916 &ptr);
3917 }
3918 } else {
3919 free(s->ssl_ctx.reused_sess[tid].ptr);
3920 s->ssl_ctx.reused_sess[tid].ptr = NULL;
3921 }
3922
3923 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003924}
3925
Olivier Houcharde6060c52017-11-16 17:42:52 +01003926
William Lallemanded0b5ad2017-10-30 19:36:36 +01003927/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01003928int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01003929{
3930 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
3931 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
3932 unsigned char *p;
3933 int data_len;
3934 unsigned int sid_length, sid_ctx_length;
3935 const unsigned char *sid_data;
3936 const unsigned char *sid_ctx_data;
3937
3938 /* Session id is already stored in to key and session id is known
3939 * so we dont store it to keep size.
3940 */
3941
3942 sid_data = SSL_SESSION_get_id(sess, &sid_length);
3943 sid_ctx_data = SSL_SESSION_get0_id_context(sess, &sid_ctx_length);
3944 SSL_SESSION_set1_id(sess, sid_data, 0);
3945 SSL_SESSION_set1_id_context(sess, sid_ctx_data, 0);
3946
3947 /* check if buffer is large enough for the ASN1 encoded session */
3948 data_len = i2d_SSL_SESSION(sess, NULL);
3949 if (data_len > SHSESS_MAX_DATA_LEN)
3950 goto err;
3951
3952 p = encsess;
3953
3954 /* process ASN1 session encoding before the lock */
3955 i2d_SSL_SESSION(sess, &p);
3956
3957 memcpy(encid, sid_data, sid_length);
3958 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
3959 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
3960
William Lallemanda3c77cf2017-10-30 23:44:40 +01003961 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003962 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01003963 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01003964 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003965err:
3966 /* reset original length values */
3967 SSL_SESSION_set1_id(sess, sid_data, sid_length);
3968 SSL_SESSION_set1_id_context(sess, sid_ctx_data, sid_ctx_length);
3969
3970 return 0; /* do not increment session reference count */
3971}
3972
3973/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01003974SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01003975{
William Lallemand4f45bb92017-10-30 20:08:51 +01003976 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01003977 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
3978 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01003979 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01003980 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01003981
3982 global.shctx_lookups++;
3983
3984 /* allow the session to be freed automatically by openssl */
3985 *do_copy = 0;
3986
3987 /* tree key is zeros padded sessionid */
3988 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
3989 memcpy(tmpkey, key, key_len);
3990 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
3991 key = tmpkey;
3992 }
3993
3994 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01003995 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003996
3997 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01003998 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
3999 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004000 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004001 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004002 global.shctx_misses++;
4003 return NULL;
4004 }
4005
William Lallemand4f45bb92017-10-30 20:08:51 +01004006 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
4007 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004008
William Lallemand4f45bb92017-10-30 20:08:51 +01004009 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004010
William Lallemanda3c77cf2017-10-30 23:44:40 +01004011 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004012
4013 /* decode ASN1 session */
4014 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004015 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004016 /* Reset session id and session id contenxt */
4017 if (sess) {
4018 SSL_SESSION_set1_id(sess, key, key_len);
4019 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4020 }
4021
4022 return sess;
4023}
4024
William Lallemand4f45bb92017-10-30 20:08:51 +01004025
William Lallemanded0b5ad2017-10-30 19:36:36 +01004026/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004027void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004028{
William Lallemand4f45bb92017-10-30 20:08:51 +01004029 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004030 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4031 unsigned int sid_length;
4032 const unsigned char *sid_data;
4033 (void)ctx;
4034
4035 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4036 /* tree key is zeros padded sessionid */
4037 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4038 memcpy(tmpkey, sid_data, sid_length);
4039 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4040 sid_data = tmpkey;
4041 }
4042
William Lallemanda3c77cf2017-10-30 23:44:40 +01004043 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004044
4045 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004046 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4047 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004048 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004049 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004050 }
4051
4052 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004053 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004054}
4055
4056/* Set session cache mode to server and disable openssl internal cache.
4057 * Set shared cache callbacks on an ssl context.
4058 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004059void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004060{
4061 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4062
4063 if (!ssl_shctx) {
4064 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4065 return;
4066 }
4067
4068 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4069 SSL_SESS_CACHE_NO_INTERNAL |
4070 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4071
4072 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004073 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4074 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4075 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004076}
4077
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004078int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx)
4079{
4080 struct proxy *curproxy = bind_conf->frontend;
4081 int cfgerr = 0;
4082 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004083 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004084 const char *conf_ciphers;
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004085 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004086
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004087 if (ssl_conf) {
4088 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4089 int i, min, max;
4090 int flags = MC_SSL_O_ALL;
4091
4092 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004093 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4094 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004095 if (min)
4096 flags |= (methodVersions[min].flag - 1);
4097 if (max)
4098 flags |= ~((methodVersions[max].flag << 1) - 1);
4099 min = max = CONF_TLSV_NONE;
4100 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4101 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4102 if (min)
4103 max = i;
4104 else
4105 min = max = i;
4106 }
4107 /* save real min/max */
4108 conf_ssl_methods->min = min;
4109 conf_ssl_methods->max = max;
4110 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004111 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4112 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004113 cfgerr += 1;
4114 }
4115 }
4116
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004117 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01004118 case SSL_SOCK_VERIFY_NONE:
4119 verify = SSL_VERIFY_NONE;
4120 break;
4121 case SSL_SOCK_VERIFY_OPTIONAL:
4122 verify = SSL_VERIFY_PEER;
4123 break;
4124 case SSL_SOCK_VERIFY_REQUIRED:
4125 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
4126 break;
4127 }
4128 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
4129 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004130 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
4131 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
4132 if (ca_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004133 /* load CAfile to verify */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004134 if (!SSL_CTX_load_verify_locations(ctx, ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004135 ha_alert("Proxy '%s': unable to load CA file '%s' for bind '%s' at [%s:%d].\n",
4136 curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004137 cfgerr++;
4138 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02004139 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
4140 /* set CA names for client cert request, function returns void */
4141 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(ca_file));
4142 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004143 }
Emeric Brun850efd52014-01-29 12:24:34 +01004144 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004145 ha_alert("Proxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
4146 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun850efd52014-01-29 12:24:34 +01004147 cfgerr++;
4148 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004149#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004150 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004151 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
4152
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004153 if (!store || !X509_STORE_load_locations(store, crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004154 ha_alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
4155 curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004156 cfgerr++;
4157 }
Emeric Brun561e5742012-10-02 15:20:55 +02004158 else {
4159 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4160 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004161 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004162#endif
Emeric Brun644cde02012-12-14 11:21:13 +01004163 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02004164 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004165#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02004166 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004167 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004168 ha_alert("Proxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
4169 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004170 cfgerr++;
4171 }
4172 }
4173#endif
4174
William Lallemand4f45bb92017-10-30 20:08:51 +01004175 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004176 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
4177 if (conf_ciphers &&
4178 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004179 ha_alert("Proxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
4180 curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004181 cfgerr++;
4182 }
4183
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004184#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02004185 /* If tune.ssl.default-dh-param has not been set,
4186 neither has ssl-default-dh-file and no static DH
4187 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01004188 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02004189 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02004190 (ssl_dh_ptr_index == -1 ||
4191 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004192 STACK_OF(SSL_CIPHER) * ciphers = NULL;
4193 const SSL_CIPHER * cipher = NULL;
4194 char cipher_description[128];
4195 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
4196 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
4197 which is not ephemeral DH. */
4198 const char dhe_description[] = " Kx=DH ";
4199 const char dhe_export_description[] = " Kx=DH(";
4200 int idx = 0;
4201 int dhe_found = 0;
4202 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004203
Remi Gacogne23d5d372014-10-10 17:04:26 +02004204 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004205
Remi Gacogne23d5d372014-10-10 17:04:26 +02004206 if (ssl) {
4207 ciphers = SSL_get_ciphers(ssl);
4208
4209 if (ciphers) {
4210 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
4211 cipher = sk_SSL_CIPHER_value(ciphers, idx);
4212 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
4213 if (strstr(cipher_description, dhe_description) != NULL ||
4214 strstr(cipher_description, dhe_export_description) != NULL) {
4215 dhe_found = 1;
4216 break;
4217 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02004218 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004219 }
4220 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02004221 SSL_free(ssl);
4222 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004223 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004224
Lukas Tribus90132722014-08-18 00:56:33 +02004225 if (dhe_found) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004226 ha_warning("Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n");
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004227 }
4228
Willy Tarreauef934602016-12-22 23:12:01 +01004229 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004230 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004231
Willy Tarreauef934602016-12-22 23:12:01 +01004232 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004233 if (local_dh_1024 == NULL) {
4234 local_dh_1024 = ssl_get_dh_1024();
4235 }
Willy Tarreauef934602016-12-22 23:12:01 +01004236 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004237 if (local_dh_2048 == NULL) {
4238 local_dh_2048 = ssl_get_dh_2048();
4239 }
Willy Tarreauef934602016-12-22 23:12:01 +01004240 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004241 if (local_dh_4096 == NULL) {
4242 local_dh_4096 = ssl_get_dh_4096();
4243 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004244 }
4245 }
4246 }
4247#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004248
Emeric Brunfc0421f2012-09-07 17:30:07 +02004249 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004250#if OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02004251 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004252#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02004253
Bernard Spil13c53f82018-02-15 13:34:58 +01004254#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004255 ssl_conf_cur = NULL;
4256 if (ssl_conf && ssl_conf->npn_str)
4257 ssl_conf_cur = ssl_conf;
4258 else if (bind_conf->ssl_conf.npn_str)
4259 ssl_conf_cur = &bind_conf->ssl_conf;
4260 if (ssl_conf_cur)
4261 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004262#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004263#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004264 ssl_conf_cur = NULL;
4265 if (ssl_conf && ssl_conf->alpn_str)
4266 ssl_conf_cur = ssl_conf;
4267 else if (bind_conf->ssl_conf.alpn_str)
4268 ssl_conf_cur = &bind_conf->ssl_conf;
4269 if (ssl_conf_cur)
4270 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02004271#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004272#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
4273 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
4274 if (conf_curves) {
4275 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004276 ha_alert("Proxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
4277 curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004278 cfgerr++;
4279 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01004280#if defined(SSL_CTX_set_ecdh_auto)
4281 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
4282#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004283 }
4284#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004285#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004286 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02004287 int i;
4288 EC_KEY *ecdh;
Olivier Houchardc2aae742017-09-22 18:26:28 +02004289#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004290 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02004291 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4292 NULL);
4293
4294 if (ecdhe == NULL) {
4295 SSL_CTX_set_dh_auto(ctx, 1);
4296 return cfgerr;
4297 }
4298#else
4299 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
4300 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4301 ECDHE_DEFAULT_CURVE);
4302#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004303
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004304 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02004305 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004306 ha_alert("Proxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
4307 curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun2b58d042012-09-20 17:10:03 +02004308 cfgerr++;
4309 }
4310 else {
4311 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
4312 EC_KEY_free(ecdh);
4313 }
4314 }
4315#endif
4316
Emeric Brunfc0421f2012-09-07 17:30:07 +02004317 return cfgerr;
4318}
4319
Evan Broderbe554312013-06-27 00:05:25 -07004320static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
4321{
4322 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
4323 size_t prefixlen, suffixlen;
4324
4325 /* Trivial case */
4326 if (strcmp(pattern, hostname) == 0)
4327 return 1;
4328
Evan Broderbe554312013-06-27 00:05:25 -07004329 /* The rest of this logic is based on RFC 6125, section 6.4.3
4330 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
4331
Emeric Bruna848dae2013-10-08 11:27:28 +02004332 pattern_wildcard = NULL;
4333 pattern_left_label_end = pattern;
4334 while (*pattern_left_label_end != '.') {
4335 switch (*pattern_left_label_end) {
4336 case 0:
4337 /* End of label not found */
4338 return 0;
4339 case '*':
4340 /* If there is more than one wildcards */
4341 if (pattern_wildcard)
4342 return 0;
4343 pattern_wildcard = pattern_left_label_end;
4344 break;
4345 }
4346 pattern_left_label_end++;
4347 }
4348
4349 /* If it's not trivial and there is no wildcard, it can't
4350 * match */
4351 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07004352 return 0;
4353
4354 /* Make sure all labels match except the leftmost */
4355 hostname_left_label_end = strchr(hostname, '.');
4356 if (!hostname_left_label_end
4357 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
4358 return 0;
4359
4360 /* Make sure the leftmost label of the hostname is long enough
4361 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02004362 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07004363 return 0;
4364
4365 /* Finally compare the string on either side of the
4366 * wildcard */
4367 prefixlen = pattern_wildcard - pattern;
4368 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02004369 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
4370 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07004371 return 0;
4372
4373 return 1;
4374}
4375
4376static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
4377{
4378 SSL *ssl;
4379 struct connection *conn;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004380 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02004381 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07004382
4383 int depth;
4384 X509 *cert;
4385 STACK_OF(GENERAL_NAME) *alt_names;
4386 int i;
4387 X509_NAME *cert_subject;
4388 char *str;
4389
4390 if (ok == 0)
4391 return ok;
4392
4393 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004394 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Evan Broderbe554312013-06-27 00:05:25 -07004395
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004396 /* We're checking if the provided hostnames match the desired one. The
4397 * desired hostname comes from the SNI we presented if any, or if not
4398 * provided then it may have been explicitly stated using a "verifyhost"
4399 * directive. If neither is set, we don't care about the name so the
4400 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02004401 */
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004402 servername = SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02004403 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004404 if (!servername) {
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004405 servername = objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004406 if (!servername)
4407 return ok;
4408 }
Evan Broderbe554312013-06-27 00:05:25 -07004409
4410 /* We only need to verify the CN on the actual server cert,
4411 * not the indirect CAs */
4412 depth = X509_STORE_CTX_get_error_depth(ctx);
4413 if (depth != 0)
4414 return ok;
4415
4416 /* At this point, the cert is *not* OK unless we can find a
4417 * hostname match */
4418 ok = 0;
4419
4420 cert = X509_STORE_CTX_get_current_cert(ctx);
4421 /* It seems like this might happen if verify peer isn't set */
4422 if (!cert)
4423 return ok;
4424
4425 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
4426 if (alt_names) {
4427 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
4428 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
4429 if (name->type == GEN_DNS) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004430#if OPENSSL_VERSION_NUMBER < 0x00907000L
4431 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
4432#else
Evan Broderbe554312013-06-27 00:05:25 -07004433 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004434#endif
Evan Broderbe554312013-06-27 00:05:25 -07004435 ok = ssl_sock_srv_hostcheck(str, servername);
4436 OPENSSL_free(str);
4437 }
4438 }
4439 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02004440 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07004441 }
4442
4443 cert_subject = X509_get_subject_name(cert);
4444 i = -1;
4445 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
4446 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02004447 ASN1_STRING *value;
4448 value = X509_NAME_ENTRY_get_data(entry);
4449 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07004450 ok = ssl_sock_srv_hostcheck(str, servername);
4451 OPENSSL_free(str);
4452 }
4453 }
4454
Willy Tarreau71d058c2017-07-26 20:09:56 +02004455 /* report the mismatch and indicate if SNI was used or not */
4456 if (!ok && !conn->err_code)
4457 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07004458 return ok;
4459}
4460
Emeric Brun94324a42012-10-11 14:00:19 +02004461/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01004462int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02004463{
Willy Tarreau03209342016-12-22 17:08:28 +01004464 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02004465 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004466 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02004467 SSL_OP_ALL | /* all known workarounds for bugs */
4468 SSL_OP_NO_SSLv2 |
4469 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004470 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02004471 SSL_MODE_ENABLE_PARTIAL_WRITE |
4472 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004473 SSL_MODE_RELEASE_BUFFERS |
4474 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01004475 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004476 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004477 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004478 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004479 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02004480
Thierry Fournier383085f2013-01-24 14:15:43 +01004481 /* Make sure openssl opens /dev/urandom before the chroot */
4482 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004483 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01004484 cfgerr++;
4485 }
4486
Willy Tarreaufce03112015-01-15 21:32:40 +01004487 /* Automatic memory computations need to know we use SSL there */
4488 global.ssl_used_backend = 1;
4489
4490 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02004491 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01004492 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004493 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
4494 curproxy->id, srv->id,
4495 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004496 cfgerr++;
4497 return cfgerr;
4498 }
4499 }
Emeric Brun94324a42012-10-11 14:00:19 +02004500 if (srv->use_ssl)
4501 srv->xprt = &ssl_sock;
4502 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01004503 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02004504
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004505 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004506 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004507 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
4508 proxy_type_str(curproxy), curproxy->id,
4509 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02004510 cfgerr++;
4511 return cfgerr;
4512 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004513
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004514 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004515 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
4516 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4517 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004518 else
4519 flags = conf_ssl_methods->flags;
4520
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004521 /* Real min and max should be determinate with configuration and openssl's capabilities */
4522 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004523 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004524 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004525 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004526
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004527 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004528 min = max = CONF_TLSV_NONE;
4529 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004530 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004531 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004532 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004533 if (min) {
4534 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004535 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
4536 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4537 proxy_type_str(curproxy), curproxy->id, srv->id,
4538 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004539 hole = 0;
4540 }
4541 max = i;
4542 }
4543 else {
4544 min = max = i;
4545 }
4546 }
4547 else {
4548 if (min)
4549 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004550 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004551 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004552 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
4553 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004554 cfgerr += 1;
4555 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004556
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02004557#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004558 /* Keep force-xxx implementation as it is in older haproxy. It's a
4559 precautionary measure to avoid any suprise with older openssl version. */
4560 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004561 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004562 else
4563 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4564 if (flags & methodVersions[i].flag)
4565 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004566#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004567 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004568 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4569 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004570#endif
4571
4572 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
4573 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004574 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004575
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02004576#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004577 if (global_ssl.async)
4578 mode |= SSL_MODE_ASYNC;
4579#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004580 SSL_CTX_set_mode(ctx, mode);
4581 srv->ssl_ctx.ctx = ctx;
4582
Emeric Bruna7aa3092012-10-26 12:58:00 +02004583 if (srv->ssl_ctx.client_crt) {
4584 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004585 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
4586 proxy_type_str(curproxy), curproxy->id,
4587 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004588 cfgerr++;
4589 }
4590 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004591 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
4592 proxy_type_str(curproxy), curproxy->id,
4593 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004594 cfgerr++;
4595 }
4596 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004597 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
4598 proxy_type_str(curproxy), curproxy->id,
4599 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004600 cfgerr++;
4601 }
4602 }
Emeric Brun94324a42012-10-11 14:00:19 +02004603
Emeric Brun850efd52014-01-29 12:24:34 +01004604 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
4605 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01004606 switch (srv->ssl_ctx.verify) {
4607 case SSL_SOCK_VERIFY_NONE:
4608 verify = SSL_VERIFY_NONE;
4609 break;
4610 case SSL_SOCK_VERIFY_REQUIRED:
4611 verify = SSL_VERIFY_PEER;
4612 break;
4613 }
Evan Broderbe554312013-06-27 00:05:25 -07004614 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01004615 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02004616 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01004617 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02004618 if (srv->ssl_ctx.ca_file) {
4619 /* load CAfile to verify */
4620 if (!SSL_CTX_load_verify_locations(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004621 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to load CA file '%s'.\n",
4622 curproxy->id, srv->id,
4623 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004624 cfgerr++;
4625 }
4626 }
Emeric Brun850efd52014-01-29 12:24:34 +01004627 else {
4628 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01004629 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
4630 curproxy->id, srv->id,
4631 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004632 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01004633 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
4634 curproxy->id, srv->id,
4635 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004636 cfgerr++;
4637 }
Emeric Brunef42d922012-10-11 16:11:36 +02004638#ifdef X509_V_FLAG_CRL_CHECK
4639 if (srv->ssl_ctx.crl_file) {
4640 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
4641
4642 if (!store || !X509_STORE_load_locations(store, srv->ssl_ctx.crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004643 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
4644 curproxy->id, srv->id,
4645 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004646 cfgerr++;
4647 }
4648 else {
4649 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4650 }
4651 }
4652#endif
4653 }
4654
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004655 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
4656 SSL_SESS_CACHE_NO_INTERNAL_STORE);
4657 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02004658 if (srv->ssl_ctx.ciphers &&
4659 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004660 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
4661 curproxy->id, srv->id,
4662 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02004663 cfgerr++;
4664 }
4665
4666 return cfgerr;
4667}
4668
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004669/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004670 * be NULL, in which case nothing is done. Returns the number of errors
4671 * encountered.
4672 */
Willy Tarreau03209342016-12-22 17:08:28 +01004673int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004674{
4675 struct ebmb_node *node;
4676 struct sni_ctx *sni;
4677 int err = 0;
4678
Willy Tarreaufce03112015-01-15 21:32:40 +01004679 /* Automatic memory computations need to know we use SSL there */
4680 global.ssl_used_frontend = 1;
4681
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004682 /* Make sure openssl opens /dev/urandom before the chroot */
4683 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004684 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004685 err++;
4686 }
4687 /* Create initial_ctx used to start the ssl connection before do switchctx */
4688 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004689 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004690 /* It should not be necessary to call this function, but it's
4691 necessary first to check and move all initialisation related
4692 to initial_ctx in ssl_sock_initial_ctx. */
4693 err += ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx);
4694 }
Emeric Brun0bed9942014-10-30 19:25:24 +01004695 if (bind_conf->default_ctx)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004696 err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx);
Emeric Brun0bed9942014-10-30 19:25:24 +01004697
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004698 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004699 while (node) {
4700 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004701 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4702 /* only initialize the CTX on its first occurrence and
4703 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004704 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004705 node = ebmb_next(node);
4706 }
4707
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004708 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004709 while (node) {
4710 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004711 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4712 /* only initialize the CTX on its first occurrence and
4713 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004714 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004715 node = ebmb_next(node);
4716 }
4717 return err;
4718}
4719
Willy Tarreau55d37912016-12-21 23:38:39 +01004720/* Prepares all the contexts for a bind_conf and allocates the shared SSL
4721 * context if needed. Returns < 0 on error, 0 on success. The warnings and
4722 * alerts are directly emitted since the rest of the stack does it below.
4723 */
4724int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
4725{
4726 struct proxy *px = bind_conf->frontend;
4727 int alloc_ctx;
4728 int err;
4729
4730 if (!bind_conf->is_ssl) {
4731 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004732 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
4733 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01004734 }
4735 return 0;
4736 }
4737 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004738 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004739 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
4740 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004741 }
4742 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004743 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
4744 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004745 return -1;
4746 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004747 }
William Lallemandc61c0b32017-12-04 18:46:39 +01004748 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01004749 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
4750 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE,
4751 sizeof(*sh_ssl_sess_tree),
4752 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
4753 if (alloc_ctx < 0) {
4754 if (alloc_ctx == SHCTX_E_INIT_LOCK)
4755 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
4756 else
4757 ha_alert("Unable to allocate SSL session cache.\n");
4758 return -1;
4759 }
4760 /* free block callback */
4761 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
4762 /* init the root tree within the extra space */
4763 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
4764 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01004765 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004766 err = 0;
4767 /* initialize all certificate contexts */
4768 err += ssl_sock_prepare_all_ctx(bind_conf);
4769
4770 /* initialize CA variables if the certificates generation is enabled */
4771 err += ssl_sock_load_ca(bind_conf);
4772
4773 return -err;
4774}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02004775
4776/* release ssl context allocated for servers. */
4777void ssl_sock_free_srv_ctx(struct server *srv)
4778{
4779 if (srv->ssl_ctx.ctx)
4780 SSL_CTX_free(srv->ssl_ctx.ctx);
4781}
4782
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004783/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004784 * be NULL, in which case nothing is done. The default_ctx is nullified too.
4785 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004786void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004787{
4788 struct ebmb_node *node, *back;
4789 struct sni_ctx *sni;
4790
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004791 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004792 while (node) {
4793 sni = ebmb_entry(node, struct sni_ctx, name);
4794 back = ebmb_next(node);
4795 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004796 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02004797 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004798 ssl_sock_free_ssl_conf(sni->conf);
4799 free(sni->conf);
4800 sni->conf = NULL;
4801 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004802 free(sni);
4803 node = back;
4804 }
4805
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004806 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004807 while (node) {
4808 sni = ebmb_entry(node, struct sni_ctx, name);
4809 back = ebmb_next(node);
4810 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004811 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02004812 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004813 ssl_sock_free_ssl_conf(sni->conf);
4814 free(sni->conf);
4815 sni->conf = NULL;
4816 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004817 free(sni);
4818 node = back;
4819 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004820 SSL_CTX_free(bind_conf->initial_ctx);
4821 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004822 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004823 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02004824}
4825
Willy Tarreau795cdab2016-12-22 17:30:54 +01004826/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
4827void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
4828{
4829 ssl_sock_free_ca(bind_conf);
4830 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004831 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01004832 free(bind_conf->ca_sign_file);
4833 free(bind_conf->ca_sign_pass);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02004834 if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) {
Willy Tarreau795cdab2016-12-22 17:30:54 +01004835 free(bind_conf->keys_ref->filename);
4836 free(bind_conf->keys_ref->tlskeys);
4837 LIST_DEL(&bind_conf->keys_ref->list);
4838 free(bind_conf->keys_ref);
4839 }
4840 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01004841 bind_conf->ca_sign_pass = NULL;
4842 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01004843}
4844
Christopher Faulet31af49d2015-06-09 17:29:50 +02004845/* Load CA cert file and private key used to generate certificates */
4846int
Willy Tarreau03209342016-12-22 17:08:28 +01004847ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02004848{
Willy Tarreau03209342016-12-22 17:08:28 +01004849 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004850 FILE *fp;
4851 X509 *cacert = NULL;
4852 EVP_PKEY *capkey = NULL;
4853 int err = 0;
4854
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02004855 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02004856 return err;
4857
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01004858#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02004859 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01004860 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01004861 HA_RWLOCK_INIT(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004862 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02004863 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004864 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02004865#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02004866
Christopher Faulet31af49d2015-06-09 17:29:50 +02004867 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004868 ha_alert("Proxy '%s': cannot enable certificate generation, "
4869 "no CA certificate File configured at [%s:%d].\n",
4870 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004871 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004872 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02004873
4874 /* read in the CA certificate */
4875 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004876 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
4877 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004878 goto load_error;
4879 }
4880 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004881 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
4882 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004883 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004884 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004885 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004886 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004887 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
4888 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004889 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004890 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02004891
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004892 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004893 bind_conf->ca_sign_cert = cacert;
4894 bind_conf->ca_sign_pkey = capkey;
4895 return err;
4896
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004897 read_error:
4898 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004899 if (capkey) EVP_PKEY_free(capkey);
4900 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004901 load_error:
4902 bind_conf->generate_certs = 0;
4903 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004904 return err;
4905}
4906
4907/* Release CA cert and private key used to generate certificated */
4908void
4909ssl_sock_free_ca(struct bind_conf *bind_conf)
4910{
Christopher Faulet31af49d2015-06-09 17:29:50 +02004911 if (bind_conf->ca_sign_pkey)
4912 EVP_PKEY_free(bind_conf->ca_sign_pkey);
4913 if (bind_conf->ca_sign_cert)
4914 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01004915 bind_conf->ca_sign_pkey = NULL;
4916 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004917}
4918
Emeric Brun46591952012-05-18 15:47:34 +02004919/*
4920 * This function is called if SSL * context is not yet allocated. The function
4921 * is designed to be called before any other data-layer operation and sets the
4922 * handshake flag on the connection. It is safe to call it multiple times.
4923 * It returns 0 on success and -1 in error case.
4924 */
4925static int ssl_sock_init(struct connection *conn)
4926{
4927 /* already initialized */
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02004928 if (conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02004929 return 0;
4930
Willy Tarreau3c728722014-01-23 13:50:42 +01004931 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02004932 return 0;
4933
Willy Tarreau20879a02012-12-03 16:32:10 +01004934 if (global.maxsslconn && sslconns >= global.maxsslconn) {
4935 conn->err_code = CO_ER_SSL_TOO_MANY;
Willy Tarreau403edff2012-09-06 11:58:37 +02004936 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01004937 }
Willy Tarreau403edff2012-09-06 11:58:37 +02004938
Emeric Brun46591952012-05-18 15:47:34 +02004939 /* If it is in client mode initiate SSL session
4940 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004941 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004942 int may_retry = 1;
4943
4944 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02004945 /* Alloc a new SSL session ctx */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004946 conn->xprt_ctx = SSL_new(objt_server(conn->target)->ssl_ctx.ctx);
Willy Tarreau20879a02012-12-03 16:32:10 +01004947 if (!conn->xprt_ctx) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004948 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01004949 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004950 goto retry_connect;
4951 }
Willy Tarreau20879a02012-12-03 16:32:10 +01004952 conn->err_code = CO_ER_SSL_NO_MEM;
Emeric Brun46591952012-05-18 15:47:34 +02004953 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01004954 }
Emeric Brun46591952012-05-18 15:47:34 +02004955
Emeric Brun46591952012-05-18 15:47:34 +02004956 /* set fd on SSL session context */
Willy Tarreau585744b2017-08-24 14:31:19 +02004957 if (!SSL_set_fd(conn->xprt_ctx, conn->handle.fd)) {
Emeric Brun55476152014-11-12 17:35:37 +01004958 SSL_free(conn->xprt_ctx);
4959 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004960 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01004961 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004962 goto retry_connect;
4963 }
Emeric Brun55476152014-11-12 17:35:37 +01004964 conn->err_code = CO_ER_SSL_NO_MEM;
4965 return -1;
4966 }
Emeric Brun46591952012-05-18 15:47:34 +02004967
Evan Broderbe554312013-06-27 00:05:25 -07004968 /* set connection pointer */
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004969 if (!SSL_set_ex_data(conn->xprt_ctx, ssl_app_data_index, conn)) {
Emeric Brun55476152014-11-12 17:35:37 +01004970 SSL_free(conn->xprt_ctx);
4971 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004972 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01004973 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004974 goto retry_connect;
4975 }
Emeric Brun55476152014-11-12 17:35:37 +01004976 conn->err_code = CO_ER_SSL_NO_MEM;
4977 return -1;
4978 }
4979
4980 SSL_set_connect_state(conn->xprt_ctx);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004981 if (objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
4982 const unsigned char *ptr = objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
4983 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
4984 if(sess && !SSL_set_session(conn->xprt_ctx, sess)) {
4985 SSL_SESSION_free(sess);
4986 free(objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
4987 objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
4988 } else if (sess) {
4989 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01004990 }
4991 }
Evan Broderbe554312013-06-27 00:05:25 -07004992
Emeric Brun46591952012-05-18 15:47:34 +02004993 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02004994 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02004995
4996 sslconns++;
Willy Tarreau71b734c2014-01-28 15:19:44 +01004997 totalsslconns++;
Emeric Brun46591952012-05-18 15:47:34 +02004998 return 0;
4999 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005000 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005001 int may_retry = 1;
5002
5003 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02005004 /* Alloc a new SSL session ctx */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005005 conn->xprt_ctx = SSL_new(objt_listener(conn->target)->bind_conf->initial_ctx);
Willy Tarreau20879a02012-12-03 16:32:10 +01005006 if (!conn->xprt_ctx) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005007 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005008 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005009 goto retry_accept;
5010 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005011 conn->err_code = CO_ER_SSL_NO_MEM;
Emeric Brun46591952012-05-18 15:47:34 +02005012 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01005013 }
Emeric Brun46591952012-05-18 15:47:34 +02005014
Emeric Brun46591952012-05-18 15:47:34 +02005015 /* set fd on SSL session context */
Willy Tarreau585744b2017-08-24 14:31:19 +02005016 if (!SSL_set_fd(conn->xprt_ctx, conn->handle.fd)) {
Emeric Brun55476152014-11-12 17:35:37 +01005017 SSL_free(conn->xprt_ctx);
5018 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005019 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005020 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005021 goto retry_accept;
5022 }
Emeric Brun55476152014-11-12 17:35:37 +01005023 conn->err_code = CO_ER_SSL_NO_MEM;
5024 return -1;
5025 }
Emeric Brun46591952012-05-18 15:47:34 +02005026
Emeric Brune1f38db2012-09-03 20:36:47 +02005027 /* set connection pointer */
Thierry FOURNIER28962c92018-06-17 21:37:05 +02005028 if (!SSL_set_ex_data(conn->xprt_ctx, ssl_app_data_index, conn)) {
Emeric Brun55476152014-11-12 17:35:37 +01005029 SSL_free(conn->xprt_ctx);
5030 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005031 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005032 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005033 goto retry_accept;
5034 }
Emeric Brun55476152014-11-12 17:35:37 +01005035 conn->err_code = CO_ER_SSL_NO_MEM;
5036 return -1;
5037 }
5038
5039 SSL_set_accept_state(conn->xprt_ctx);
Emeric Brune1f38db2012-09-03 20:36:47 +02005040
Emeric Brun46591952012-05-18 15:47:34 +02005041 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005042 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005043#if OPENSSL_VERSION_NUMBER >= 0x10101000L || defined(OPENSSL_IS_BORINGSSL)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005044 conn->flags |= CO_FL_EARLY_SSL_HS;
5045#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02005046
5047 sslconns++;
Willy Tarreau71b734c2014-01-28 15:19:44 +01005048 totalsslconns++;
Emeric Brun46591952012-05-18 15:47:34 +02005049 return 0;
5050 }
5051 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01005052 conn->err_code = CO_ER_SSL_NO_TARGET;
Emeric Brun46591952012-05-18 15:47:34 +02005053 return -1;
5054}
5055
5056
5057/* This is the callback which is used when an SSL handshake is pending. It
5058 * updates the FD status if it wants some polling before being called again.
5059 * It returns 0 if it fails in a fatal way or needs to poll to go further,
5060 * otherwise it returns non-zero and removes itself from the connection's
5061 * flags (the bit is provided in <flag> by the caller).
5062 */
5063int ssl_sock_handshake(struct connection *conn, unsigned int flag)
5064{
5065 int ret;
5066
Willy Tarreau3c728722014-01-23 13:50:42 +01005067 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005068 return 0;
5069
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005070 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005071 goto out_error;
5072
Olivier Houchardc2aae742017-09-22 18:26:28 +02005073#if OPENSSL_VERSION_NUMBER >= 0x10101000L
5074 /*
5075 * Check if we have early data. If we do, we have to read them
5076 * before SSL_do_handshake() is called, And there's no way to
5077 * detect early data, except to try to read them
5078 */
5079 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5080 size_t read_data;
5081
5082 ret = SSL_read_early_data(conn->xprt_ctx, &conn->tmp_early_data,
5083 1, &read_data);
5084 if (ret == SSL_READ_EARLY_DATA_ERROR)
5085 goto check_error;
5086 if (ret == SSL_READ_EARLY_DATA_SUCCESS) {
5087 conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
5088 return 1;
5089 } else
5090 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5091 }
5092#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005093 /* If we use SSL_do_handshake to process a reneg initiated by
5094 * the remote peer, it sometimes returns SSL_ERROR_SSL.
5095 * Usually SSL_write and SSL_read are used and process implicitly
5096 * the reneg handshake.
5097 * Here we use SSL_peek as a workaround for reneg.
5098 */
5099 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(conn->xprt_ctx)) {
5100 char c;
5101
5102 ret = SSL_peek(conn->xprt_ctx, &c, 1);
5103 if (ret <= 0) {
5104 /* handshake may have not been completed, let's find why */
5105 ret = SSL_get_error(conn->xprt_ctx, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005106
Emeric Brun674b7432012-11-08 19:21:55 +01005107 if (ret == SSL_ERROR_WANT_WRITE) {
5108 /* SSL handshake needs to write, L4 connection may not be ready */
5109 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005110 __conn_sock_want_send(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005111 fd_cant_send(conn->handle.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01005112 return 0;
5113 }
5114 else if (ret == SSL_ERROR_WANT_READ) {
5115 /* handshake may have been completed but we have
5116 * no more data to read.
5117 */
5118 if (!SSL_renegotiate_pending(conn->xprt_ctx)) {
5119 ret = 1;
5120 goto reneg_ok;
5121 }
5122 /* SSL handshake needs to read, L4 connection is ready */
5123 if (conn->flags & CO_FL_WAIT_L4_CONN)
5124 conn->flags &= ~CO_FL_WAIT_L4_CONN;
5125 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005126 __conn_sock_want_recv(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005127 fd_cant_recv(conn->handle.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01005128 return 0;
5129 }
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005130#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005131 else if (ret == SSL_ERROR_WANT_ASYNC) {
Emeric Brun3854e012017-05-17 20:42:48 +02005132 ssl_async_process_fds(conn, conn->xprt_ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005133 return 0;
5134 }
5135#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005136 else if (ret == SSL_ERROR_SYSCALL) {
5137 /* if errno is null, then connection was successfully established */
5138 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5139 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01005140 if (!conn->err_code) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005141#ifdef OPENSSL_NO_HEARTBEATS /* BoringSSL */
5142 conn->err_code = CO_ER_SSL_HANDSHAKE;
5143#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005144 int empty_handshake;
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01005145#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005146 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
5147 empty_handshake = state == TLS_ST_BEFORE;
5148#else
5149 empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
5150#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005151 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02005152 if (!errno) {
5153 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5154 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5155 else
5156 conn->err_code = CO_ER_SSL_EMPTY;
5157 }
5158 else {
5159 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5160 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5161 else
5162 conn->err_code = CO_ER_SSL_ABORT;
5163 }
5164 }
5165 else {
5166 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5167 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01005168 else
Emeric Brun29f037d2014-04-25 19:05:36 +02005169 conn->err_code = CO_ER_SSL_HANDSHAKE;
5170 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005171#endif
Willy Tarreau20879a02012-12-03 16:32:10 +01005172 }
Emeric Brun674b7432012-11-08 19:21:55 +01005173 goto out_error;
5174 }
5175 else {
5176 /* Fail on all other handshake errors */
5177 /* Note: OpenSSL may leave unread bytes in the socket's
5178 * buffer, causing an RST to be emitted upon close() on
5179 * TCP sockets. We first try to drain possibly pending
5180 * data to avoid this as much as possible.
5181 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005182 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005183 if (!conn->err_code)
Willy Tarreauf51c6982014-04-25 20:02:39 +02005184 conn->err_code = (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
5185 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01005186 goto out_error;
5187 }
5188 }
5189 /* read some data: consider handshake completed */
5190 goto reneg_ok;
5191 }
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005192 ret = SSL_do_handshake(conn->xprt_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005193check_error:
Emeric Brun46591952012-05-18 15:47:34 +02005194 if (ret != 1) {
5195 /* handshake did not complete, let's find why */
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005196 ret = SSL_get_error(conn->xprt_ctx, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005197
5198 if (ret == SSL_ERROR_WANT_WRITE) {
5199 /* SSL handshake needs to write, L4 connection may not be ready */
5200 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005201 __conn_sock_want_send(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005202 fd_cant_send(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005203 return 0;
5204 }
5205 else if (ret == SSL_ERROR_WANT_READ) {
5206 /* SSL handshake needs to read, L4 connection is ready */
5207 if (conn->flags & CO_FL_WAIT_L4_CONN)
5208 conn->flags &= ~CO_FL_WAIT_L4_CONN;
5209 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005210 __conn_sock_want_recv(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005211 fd_cant_recv(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005212 return 0;
5213 }
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005214#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005215 else if (ret == SSL_ERROR_WANT_ASYNC) {
Emeric Brun3854e012017-05-17 20:42:48 +02005216 ssl_async_process_fds(conn, conn->xprt_ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005217 return 0;
5218 }
5219#endif
Willy Tarreau89230192012-09-28 20:22:13 +02005220 else if (ret == SSL_ERROR_SYSCALL) {
5221 /* if errno is null, then connection was successfully established */
5222 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5223 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005224 if (!conn->err_code) {
5225#ifdef OPENSSL_NO_HEARTBEATS /* BoringSSL */
5226 conn->err_code = CO_ER_SSL_HANDSHAKE;
5227#else
5228 int empty_handshake;
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01005229#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005230 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
5231 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005232#else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005233 empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005234#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005235 if (empty_handshake) {
5236 if (!errno) {
5237 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5238 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5239 else
5240 conn->err_code = CO_ER_SSL_EMPTY;
5241 }
5242 else {
5243 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5244 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5245 else
5246 conn->err_code = CO_ER_SSL_ABORT;
5247 }
Emeric Brun29f037d2014-04-25 19:05:36 +02005248 }
5249 else {
5250 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5251 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5252 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005253 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02005254 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005255#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02005256 }
Willy Tarreau89230192012-09-28 20:22:13 +02005257 goto out_error;
5258 }
Emeric Brun46591952012-05-18 15:47:34 +02005259 else {
5260 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02005261 /* Note: OpenSSL may leave unread bytes in the socket's
5262 * buffer, causing an RST to be emitted upon close() on
5263 * TCP sockets. We first try to drain possibly pending
5264 * data to avoid this as much as possible.
5265 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005266 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005267 if (!conn->err_code)
Willy Tarreauf51c6982014-04-25 20:02:39 +02005268 conn->err_code = (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
5269 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005270 goto out_error;
5271 }
5272 }
Olivier Houchard522eea72017-11-03 16:27:47 +01005273#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5274 else {
5275 /*
5276 * If the server refused the early data, we have to send a
5277 * 425 to the client, as we no longer have the data to sent
5278 * them again.
5279 */
5280 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
5281 if (SSL_get_early_data_status(conn->xprt_ctx) == SSL_EARLY_DATA_REJECTED) {
5282 conn->err_code = CO_ER_SSL_EARLY_FAILED;
5283 goto out_error;
5284 }
5285 }
5286 }
5287#endif
5288
Emeric Brun46591952012-05-18 15:47:34 +02005289
Emeric Brun674b7432012-11-08 19:21:55 +01005290reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00005291
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005292#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005293 /* ASYNC engine API doesn't support moving read/write
5294 * buffers. So we disable ASYNC mode right after
5295 * the handshake to avoid buffer oveflows.
5296 */
5297 if (global_ssl.async)
5298 SSL_clear_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5299#endif
Emeric Brun46591952012-05-18 15:47:34 +02005300 /* Handshake succeeded */
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005301 if (!SSL_session_reused(conn->xprt_ctx)) {
5302 if (objt_server(conn->target)) {
5303 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
5304 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
5305 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02005306 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005307 else {
5308 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
5309 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
5310 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
5311 }
Emeric Brun46591952012-05-18 15:47:34 +02005312 }
5313
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005314#ifdef OPENSSL_IS_BORINGSSL
5315 if ((conn->flags & CO_FL_EARLY_SSL_HS) && !SSL_in_early_data(conn->xprt_ctx))
5316 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5317#endif
Emeric Brun46591952012-05-18 15:47:34 +02005318 /* The connection is now established at both layers, it's time to leave */
5319 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
5320 return 1;
5321
5322 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005323 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005324 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005325 ERR_clear_error();
5326
Emeric Brun9fa89732012-10-04 17:09:56 +02005327 /* free resumed session if exists */
Olivier Houcharde6060c52017-11-16 17:42:52 +01005328 if (objt_server(conn->target) && objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5329 free(objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5330 objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02005331 }
5332
Emeric Brun46591952012-05-18 15:47:34 +02005333 /* Fail on all other handshake errors */
5334 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01005335 if (!conn->err_code)
5336 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005337 return 0;
5338}
5339
5340/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01005341 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02005342 * buffer wraps, in which case a second call may be performed. The connection's
5343 * flags are updated with whatever special event is detected (error, read0,
5344 * empty). The caller is responsible for taking care of those events and
5345 * avoiding the call if inappropriate. The function does not call the
5346 * connection's polling update function, so the caller is responsible for this.
5347 */
Willy Tarreau7f3225f2018-06-19 06:15:17 +02005348static size_t ssl_sock_to_buf(struct connection *conn, struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005349{
Willy Tarreaubfc4d772018-07-18 11:22:03 +02005350 ssize_t ret;
5351 size_t try, done = 0;
Emeric Brun46591952012-05-18 15:47:34 +02005352
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005353 conn_refresh_polling_flags(conn);
5354
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005355 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005356 goto out_error;
5357
5358 if (conn->flags & CO_FL_HANDSHAKE)
5359 /* a handshake was requested */
5360 return 0;
5361
Willy Tarreau0c7ed5d2018-07-10 09:53:31 +02005362 b_realign_if_empty(buf);
Emeric Brun46591952012-05-18 15:47:34 +02005363
5364 /* read the largest possible block. For this, we perform only one call
5365 * to recv() unless the buffer wraps and we exactly fill the first hunk,
5366 * in which case we accept to do it once again. A new attempt is made on
5367 * EINTR too.
5368 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01005369 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005370 int need_out = 0;
5371
Willy Tarreau591d4452018-06-15 17:21:00 +02005372 try = b_contig_space(buf);
5373 if (!try)
5374 break;
5375
Willy Tarreauabf08d92014-01-14 11:31:27 +01005376 if (try > count)
5377 try = count;
Willy Tarreau591d4452018-06-15 17:21:00 +02005378
Olivier Houchardc2aae742017-09-22 18:26:28 +02005379 if (((conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_EARLY_SSL_HS) &&
5380 conn->tmp_early_data != -1) {
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005381 *b_tail(buf) = conn->tmp_early_data;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005382 done++;
5383 try--;
5384 count--;
Olivier Houchardacd14032018-06-28 18:17:23 +02005385 b_add(buf, 1);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005386 conn->tmp_early_data = -1;
5387 continue;
5388 }
Willy Tarreauabf08d92014-01-14 11:31:27 +01005389
Olivier Houchardc2aae742017-09-22 18:26:28 +02005390#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5391 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5392 size_t read_length;
5393
5394 ret = SSL_read_early_data(conn->xprt_ctx,
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005395 b_tail(buf), try, &read_length);
Olivier Houchard522eea72017-11-03 16:27:47 +01005396 if (ret == SSL_READ_EARLY_DATA_SUCCESS &&
5397 read_length > 0)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005398 conn->flags |= CO_FL_EARLY_DATA;
5399 if (ret == SSL_READ_EARLY_DATA_SUCCESS ||
5400 ret == SSL_READ_EARLY_DATA_FINISH) {
5401 if (ret == SSL_READ_EARLY_DATA_FINISH) {
5402 /*
5403 * We're done reading the early data,
5404 * let's make the handshake
5405 */
5406 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5407 conn->flags |= CO_FL_SSL_WAIT_HS;
5408 need_out = 1;
5409 if (read_length == 0)
5410 break;
5411 }
5412 ret = read_length;
5413 }
5414 } else
5415#endif
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005416 ret = SSL_read(conn->xprt_ctx, b_tail(buf), try);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005417#ifdef OPENSSL_IS_BORINGSSL
5418 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5419 if (SSL_in_early_data(conn->xprt_ctx)) {
5420 if (ret > 0)
5421 conn->flags |= CO_FL_EARLY_DATA;
5422 } else {
Emmanuel Hocdetcebd7962017-11-27 16:14:40 +01005423 conn->flags &= ~(CO_FL_EARLY_SSL_HS);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005424 }
5425 }
5426#endif
Emeric Brune1f38db2012-09-03 20:36:47 +02005427 if (conn->flags & CO_FL_ERROR) {
5428 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005429 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005430 }
Emeric Brun46591952012-05-18 15:47:34 +02005431 if (ret > 0) {
Olivier Houchardacd14032018-06-28 18:17:23 +02005432 b_add(buf, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005433 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005434 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005435 }
Emeric Brun46591952012-05-18 15:47:34 +02005436 else {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005437 ret = SSL_get_error(conn->xprt_ctx, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005438 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005439 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02005440 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01005441 __conn_sock_want_send(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005442#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005443 /* Async mode can be re-enabled, because we're leaving data state.*/
5444 if (global_ssl.async)
5445 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5446#endif
Emeric Brun46591952012-05-18 15:47:34 +02005447 break;
5448 }
5449 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005450 if (SSL_renegotiate_pending(conn->xprt_ctx)) {
5451 /* handshake is running, and it may need to re-enable read */
5452 conn->flags |= CO_FL_SSL_WAIT_HS;
5453 __conn_sock_want_recv(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005454#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005455 /* Async mode can be re-enabled, because we're leaving data state.*/
5456 if (global_ssl.async)
5457 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5458#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005459 break;
5460 }
Emeric Brun46591952012-05-18 15:47:34 +02005461 /* we need to poll for retry a read later */
Willy Tarreau585744b2017-08-24 14:31:19 +02005462 fd_cant_recv(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005463 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005464 } else if (ret == SSL_ERROR_ZERO_RETURN)
5465 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005466 /* For SSL_ERROR_SYSCALL, make sure to clear the error
5467 * stack before shutting down the connection for
5468 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005469 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
5470 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02005471 /* otherwise it's a real error */
5472 goto out_error;
5473 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005474 if (need_out)
5475 break;
Emeric Brun46591952012-05-18 15:47:34 +02005476 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005477 leave:
5478 conn_cond_update_sock_polling(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005479 return done;
5480
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005481 clear_ssl_error:
5482 /* Clear openssl global errors stack */
5483 ssl_sock_dump_errors(conn);
5484 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02005485 read0:
5486 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005487 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005488
Emeric Brun46591952012-05-18 15:47:34 +02005489 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005490 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01005491 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005492 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005493 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005494 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005495}
5496
5497
Willy Tarreau787db9a2018-06-14 18:31:46 +02005498/* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s
5499 * socket. <flags> may contain some CO_SFL_* flags to hint the system about
5500 * other pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02005501 * Only one call to send() is performed, unless the buffer wraps, in which case
5502 * a second call may be performed. The connection's flags are updated with
5503 * whatever special event is detected (error, empty). The caller is responsible
5504 * for taking care of those events and avoiding the call if inappropriate. The
5505 * function does not call the connection's polling update function, so the caller
Willy Tarreau787db9a2018-06-14 18:31:46 +02005506 * is responsible for this. The buffer's output is not adjusted, it's up to the
5507 * caller to take care of this. It's up to the caller to update the buffer's
5508 * contents based on the return value.
Emeric Brun46591952012-05-18 15:47:34 +02005509 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02005510static size_t ssl_sock_from_buf(struct connection *conn, const struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005511{
Willy Tarreau787db9a2018-06-14 18:31:46 +02005512 ssize_t ret;
5513 size_t try, done;
Emeric Brun46591952012-05-18 15:47:34 +02005514
5515 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005516 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005517
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005518 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005519 goto out_error;
5520
5521 if (conn->flags & CO_FL_HANDSHAKE)
5522 /* a handshake was requested */
5523 return 0;
5524
5525 /* send the largest possible block. For this we perform only one call
5526 * to send() unless the buffer wraps and we exactly fill the first hunk,
5527 * in which case we accept to do it once again.
5528 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02005529 while (count) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005530#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5531 size_t written_data;
5532#endif
5533
Willy Tarreau787db9a2018-06-14 18:31:46 +02005534 try = b_contig_data(buf, done);
5535 if (try > count)
5536 try = count;
Willy Tarreaubfd59462013-02-21 07:46:09 +01005537
Willy Tarreau7bed9452014-02-02 02:00:24 +01005538 if (!(flags & CO_SFL_STREAMER) &&
Willy Tarreau518cedd2014-02-17 15:43:01 +01005539 !(conn->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01005540 global_ssl.max_record && try > global_ssl.max_record) {
5541 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005542 }
5543 else {
5544 /* we need to keep the information about the fact that
5545 * we're not limiting the upcoming send(), because if it
5546 * fails, we'll have to retry with at least as many data.
5547 */
5548 conn->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
5549 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01005550
Olivier Houchardc2aae742017-09-22 18:26:28 +02005551#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5552 if (!SSL_is_init_finished(conn->xprt_ctx)) {
5553 unsigned int max_early;
5554
Olivier Houchard522eea72017-11-03 16:27:47 +01005555 if (objt_listener(conn->target))
5556 max_early = SSL_get_max_early_data(conn->xprt_ctx);
5557 else {
5558 if (SSL_get0_session(conn->xprt_ctx))
5559 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(conn->xprt_ctx));
5560 else
5561 max_early = 0;
5562 }
5563
Olivier Houchard90084a12017-11-23 18:21:29 +01005564 if (try + conn->sent_early_data > max_early) {
5565 try -= (try + conn->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01005566 if (try <= 0) {
Olivier Houchard90084a12017-11-23 18:21:29 +01005567 if (!(conn->flags & CO_FL_EARLY_SSL_HS))
5568 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005569 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01005570 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005571 }
Willy Tarreau787db9a2018-06-14 18:31:46 +02005572 ret = SSL_write_early_data(conn->xprt_ctx, b_peek(buf, done), try, &written_data);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005573 if (ret == 1) {
5574 ret = written_data;
Olivier Houchard90084a12017-11-23 18:21:29 +01005575 conn->sent_early_data += ret;
Olivier Houchard522eea72017-11-03 16:27:47 +01005576 if (objt_server(conn->target)) {
5577 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5578 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
5579 }
5580
Olivier Houchardc2aae742017-09-22 18:26:28 +02005581 }
5582
5583 } else
5584#endif
Willy Tarreau787db9a2018-06-14 18:31:46 +02005585 ret = SSL_write(conn->xprt_ctx, b_peek(buf, done), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01005586
Emeric Brune1f38db2012-09-03 20:36:47 +02005587 if (conn->flags & CO_FL_ERROR) {
5588 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005589 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005590 }
Emeric Brun46591952012-05-18 15:47:34 +02005591 if (ret > 0) {
Willy Tarreau518cedd2014-02-17 15:43:01 +01005592 conn->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau787db9a2018-06-14 18:31:46 +02005593 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005594 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005595 }
5596 else {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005597 ret = SSL_get_error(conn->xprt_ctx, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005598
Emeric Brun46591952012-05-18 15:47:34 +02005599 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005600 if (SSL_renegotiate_pending(conn->xprt_ctx)) {
5601 /* handshake is running, and it may need to re-enable write */
5602 conn->flags |= CO_FL_SSL_WAIT_HS;
5603 __conn_sock_want_send(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005604#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005605 /* Async mode can be re-enabled, because we're leaving data state.*/
5606 if (global_ssl.async)
5607 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5608#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005609 break;
5610 }
Emeric Brun46591952012-05-18 15:47:34 +02005611 /* we need to poll to retry a write later */
Willy Tarreau585744b2017-08-24 14:31:19 +02005612 fd_cant_send(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005613 break;
5614 }
5615 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005616 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02005617 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01005618 __conn_sock_want_recv(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005619#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005620 /* Async mode can be re-enabled, because we're leaving data state.*/
5621 if (global_ssl.async)
5622 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5623#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005624 break;
5625 }
Emeric Brun46591952012-05-18 15:47:34 +02005626 goto out_error;
5627 }
5628 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005629 leave:
5630 conn_cond_update_sock_polling(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005631 return done;
5632
5633 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005634 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005635 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005636 ERR_clear_error();
5637
Emeric Brun46591952012-05-18 15:47:34 +02005638 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005639 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005640}
5641
Emeric Brun46591952012-05-18 15:47:34 +02005642static void ssl_sock_close(struct connection *conn) {
5643
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005644 if (conn->xprt_ctx) {
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005645#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02005646 if (global_ssl.async) {
5647 OSSL_ASYNC_FD all_fd[32], afd;
5648 size_t num_all_fds = 0;
5649 int i;
5650
5651 SSL_get_all_async_fds(conn->xprt_ctx, NULL, &num_all_fds);
5652 if (num_all_fds > 32) {
5653 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
5654 return;
5655 }
5656
5657 SSL_get_all_async_fds(conn->xprt_ctx, all_fd, &num_all_fds);
5658
5659 /* If an async job is pending, we must try to
5660 to catch the end using polling before calling
5661 SSL_free */
5662 if (num_all_fds && SSL_waiting_for_async(conn->xprt_ctx)) {
5663 for (i=0 ; i < num_all_fds ; i++) {
5664 /* switch on an handler designed to
5665 * handle the SSL_free
5666 */
5667 afd = all_fd[i];
5668 fdtab[afd].iocb = ssl_async_fd_free;
5669 fdtab[afd].owner = conn->xprt_ctx;
5670 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00005671 /* To ensure that the fd cache won't be used
5672 * and we'll catch a real RD event.
5673 */
5674 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02005675 }
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005676 conn->xprt_ctx = NULL;
Christopher Faulet8d8aa0d2017-05-30 15:36:50 +02005677 HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005678 return;
5679 }
Emeric Brun3854e012017-05-17 20:42:48 +02005680 /* Else we can remove the fds from the fdtab
5681 * and call SSL_free.
5682 * note: we do a fd_remove and not a delete
5683 * because the fd is owned by the engine.
5684 * the engine is responsible to close
5685 */
5686 for (i=0 ; i < num_all_fds ; i++)
5687 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005688 }
5689#endif
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005690 SSL_free(conn->xprt_ctx);
5691 conn->xprt_ctx = NULL;
Willy Tarreau403edff2012-09-06 11:58:37 +02005692 sslconns--;
Emeric Brun46591952012-05-18 15:47:34 +02005693 }
Emeric Brun46591952012-05-18 15:47:34 +02005694}
5695
5696/* This function tries to perform a clean shutdown on an SSL connection, and in
5697 * any case, flags the connection as reusable if no handshake was in progress.
5698 */
5699static void ssl_sock_shutw(struct connection *conn, int clean)
5700{
5701 if (conn->flags & CO_FL_HANDSHAKE)
5702 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01005703 if (!clean)
5704 /* don't sent notify on SSL_shutdown */
Willy Tarreaue3cc3a32017-02-13 11:12:29 +01005705 SSL_set_quiet_shutdown(conn->xprt_ctx, 1);
Emeric Brun46591952012-05-18 15:47:34 +02005706 /* no handshake was in progress, try a clean ssl shutdown */
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01005707 if (SSL_shutdown(conn->xprt_ctx) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01005708 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005709 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005710 ERR_clear_error();
5711 }
Emeric Brun46591952012-05-18 15:47:34 +02005712}
5713
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01005714/* used for ppv2 pkey alog (can be used for logging) */
Willy Tarreau83061a82018-07-13 11:56:34 +02005715int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01005716{
5717 struct pkey_info *pkinfo;
5718 int bits = 0;
5719 int sig = TLSEXT_signature_anonymous;
5720 int len = -1;
5721
5722 if (!ssl_sock_is_ssl(conn))
5723 return 0;
5724
Emmanuel Hocdet3448c492018-06-18 12:44:19 +02005725 pkinfo = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(conn->xprt_ctx), ssl_pkey_info_index);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01005726 if (pkinfo) {
5727 sig = pkinfo->sig;
5728 bits = pkinfo->bits;
5729 } else {
5730 /* multicert and generated cert have no pkey info */
5731 X509 *crt;
5732 EVP_PKEY *pkey;
5733 crt = SSL_get_certificate(conn->xprt_ctx);
5734 if (!crt)
5735 return 0;
5736 pkey = X509_get_pubkey(crt);
5737 if (pkey) {
5738 bits = EVP_PKEY_bits(pkey);
5739 switch(EVP_PKEY_base_id(pkey)) {
5740 case EVP_PKEY_RSA:
5741 sig = TLSEXT_signature_rsa;
5742 break;
5743 case EVP_PKEY_EC:
5744 sig = TLSEXT_signature_ecdsa;
5745 break;
5746 case EVP_PKEY_DSA:
5747 sig = TLSEXT_signature_dsa;
5748 break;
5749 }
5750 EVP_PKEY_free(pkey);
5751 }
5752 }
5753
5754 switch(sig) {
5755 case TLSEXT_signature_rsa:
5756 len = chunk_printf(out, "RSA%d", bits);
5757 break;
5758 case TLSEXT_signature_ecdsa:
5759 len = chunk_printf(out, "EC%d", bits);
5760 break;
5761 case TLSEXT_signature_dsa:
5762 len = chunk_printf(out, "DSA%d", bits);
5763 break;
5764 default:
5765 return 0;
5766 }
5767 if (len < 0)
5768 return 0;
5769 return 1;
5770}
5771
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01005772/* used for ppv2 cert signature (can be used for logging) */
5773const char *ssl_sock_get_cert_sig(struct connection *conn)
5774{
5775 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
5776 X509 *crt;
5777
5778 if (!ssl_sock_is_ssl(conn))
5779 return NULL;
5780 crt = SSL_get_certificate(conn->xprt_ctx);
5781 if (!crt)
5782 return NULL;
5783 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
5784 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
5785}
5786
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01005787/* used for ppv2 authority */
5788const char *ssl_sock_get_sni(struct connection *conn)
5789{
5790#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
5791 if (!ssl_sock_is_ssl(conn))
5792 return NULL;
5793 return SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
5794#else
5795 return 0;
5796#endif
5797}
5798
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005799/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005800const char *ssl_sock_get_cipher_name(struct connection *conn)
5801{
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005802 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005803 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005804
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005805 return SSL_get_cipher_name(conn->xprt_ctx);
5806}
5807
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005808/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005809const char *ssl_sock_get_proto_version(struct connection *conn)
5810{
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005811 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005812 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005813
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005814 return SSL_get_version(conn->xprt_ctx);
5815}
5816
Willy Tarreau8d598402012-10-22 17:58:39 +02005817/* Extract a serial from a cert, and copy it to a chunk.
5818 * Returns 1 if serial is found and copied, 0 if no serial found and
5819 * -1 if output is not large enough.
5820 */
5821static int
Willy Tarreau83061a82018-07-13 11:56:34 +02005822ssl_sock_get_serial(X509 *crt, struct buffer *out)
Willy Tarreau8d598402012-10-22 17:58:39 +02005823{
5824 ASN1_INTEGER *serial;
5825
5826 serial = X509_get_serialNumber(crt);
5827 if (!serial)
5828 return 0;
5829
5830 if (out->size < serial->length)
5831 return -1;
5832
Willy Tarreau843b7cb2018-07-13 10:54:26 +02005833 memcpy(out->area, serial->data, serial->length);
5834 out->data = serial->length;
Willy Tarreau8d598402012-10-22 17:58:39 +02005835 return 1;
5836}
5837
Emeric Brun43e79582014-10-29 19:03:26 +01005838/* Extract a cert to der, and copy it to a chunk.
5839 * Returns 1 if cert is found and copied, 0 on der convertion failure and
5840 * -1 if output is not large enough.
5841 */
5842static int
Willy Tarreau83061a82018-07-13 11:56:34 +02005843ssl_sock_crt2der(X509 *crt, struct buffer *out)
Emeric Brun43e79582014-10-29 19:03:26 +01005844{
5845 int len;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02005846 unsigned char *p = (unsigned char *) out->area;;
Emeric Brun43e79582014-10-29 19:03:26 +01005847
5848 len =i2d_X509(crt, NULL);
5849 if (len <= 0)
5850 return 1;
5851
5852 if (out->size < len)
5853 return -1;
5854
5855 i2d_X509(crt,&p);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02005856 out->data = len;
Emeric Brun43e79582014-10-29 19:03:26 +01005857 return 1;
5858}
5859
Emeric Brunce5ad802012-10-22 14:11:22 +02005860
Willy Tarreau83061a82018-07-13 11:56:34 +02005861/* Copy Date in ASN1_UTCTIME format in struct buffer out.
Emeric Brunce5ad802012-10-22 14:11:22 +02005862 * Returns 1 if serial is found and copied, 0 if no valid time found
5863 * and -1 if output is not large enough.
5864 */
5865static int
Willy Tarreau83061a82018-07-13 11:56:34 +02005866ssl_sock_get_time(ASN1_TIME *tm, struct buffer *out)
Emeric Brunce5ad802012-10-22 14:11:22 +02005867{
5868 if (tm->type == V_ASN1_GENERALIZEDTIME) {
5869 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
5870
5871 if (gentm->length < 12)
5872 return 0;
5873 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
5874 return 0;
5875 if (out->size < gentm->length-2)
5876 return -1;
5877
Willy Tarreau843b7cb2018-07-13 10:54:26 +02005878 memcpy(out->area, gentm->data+2, gentm->length-2);
5879 out->data = gentm->length-2;
Emeric Brunce5ad802012-10-22 14:11:22 +02005880 return 1;
5881 }
5882 else if (tm->type == V_ASN1_UTCTIME) {
5883 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
5884
5885 if (utctm->length < 10)
5886 return 0;
5887 if (utctm->data[0] >= 0x35)
5888 return 0;
5889 if (out->size < utctm->length)
5890 return -1;
5891
Willy Tarreau843b7cb2018-07-13 10:54:26 +02005892 memcpy(out->area, utctm->data, utctm->length);
5893 out->data = utctm->length;
Emeric Brunce5ad802012-10-22 14:11:22 +02005894 return 1;
5895 }
5896
5897 return 0;
5898}
5899
Emeric Brun87855892012-10-17 17:39:35 +02005900/* Extract an entry from a X509_NAME and copy its value to an output chunk.
5901 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
5902 */
5903static int
Willy Tarreau83061a82018-07-13 11:56:34 +02005904ssl_sock_get_dn_entry(X509_NAME *a, const struct buffer *entry, int pos,
5905 struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02005906{
5907 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005908 ASN1_OBJECT *obj;
5909 ASN1_STRING *data;
5910 const unsigned char *data_ptr;
5911 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005912 int i, j, n;
5913 int cur = 0;
5914 const char *s;
5915 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005916 int name_count;
5917
5918 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02005919
Willy Tarreau843b7cb2018-07-13 10:54:26 +02005920 out->data = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005921 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02005922 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005923 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02005924 else
5925 j = i;
5926
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005927 ne = X509_NAME_get_entry(a, j);
5928 obj = X509_NAME_ENTRY_get_object(ne);
5929 data = X509_NAME_ENTRY_get_data(ne);
5930 data_ptr = ASN1_STRING_get0_data(data);
5931 data_len = ASN1_STRING_length(data);
5932 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02005933 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005934 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02005935 s = tmp;
5936 }
5937
5938 if (chunk_strcasecmp(entry, s) != 0)
5939 continue;
5940
5941 if (pos < 0)
5942 cur--;
5943 else
5944 cur++;
5945
5946 if (cur != pos)
5947 continue;
5948
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005949 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02005950 return -1;
5951
Willy Tarreau843b7cb2018-07-13 10:54:26 +02005952 memcpy(out->area, data_ptr, data_len);
5953 out->data = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005954 return 1;
5955 }
5956
5957 return 0;
5958
5959}
5960
5961/* Extract and format full DN from a X509_NAME and copy result into a chunk
5962 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
5963 */
5964static int
Willy Tarreau83061a82018-07-13 11:56:34 +02005965ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02005966{
5967 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005968 ASN1_OBJECT *obj;
5969 ASN1_STRING *data;
5970 const unsigned char *data_ptr;
5971 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005972 int i, n, ln;
5973 int l = 0;
5974 const char *s;
5975 char *p;
5976 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005977 int name_count;
5978
5979
5980 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02005981
Willy Tarreau843b7cb2018-07-13 10:54:26 +02005982 out->data = 0;
5983 p = out->area;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005984 for (i = 0; i < name_count; i++) {
5985 ne = X509_NAME_get_entry(a, i);
5986 obj = X509_NAME_ENTRY_get_object(ne);
5987 data = X509_NAME_ENTRY_get_data(ne);
5988 data_ptr = ASN1_STRING_get0_data(data);
5989 data_len = ASN1_STRING_length(data);
5990 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02005991 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005992 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02005993 s = tmp;
5994 }
5995 ln = strlen(s);
5996
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005997 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005998 if (l > out->size)
5999 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006000 out->data = l;
Emeric Brun87855892012-10-17 17:39:35 +02006001
6002 *(p++)='/';
6003 memcpy(p, s, ln);
6004 p += ln;
6005 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006006 memcpy(p, data_ptr, data_len);
6007 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006008 }
6009
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006010 if (!out->data)
Emeric Brun87855892012-10-17 17:39:35 +02006011 return 0;
6012
6013 return 1;
6014}
6015
Willy Tarreau119a4082016-12-22 21:58:38 +01006016/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
6017 * to disable SNI.
6018 */
Willy Tarreau63076412015-07-10 11:33:32 +02006019void ssl_sock_set_servername(struct connection *conn, const char *hostname)
6020{
6021#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau119a4082016-12-22 21:58:38 +01006022 char *prev_name;
6023
Willy Tarreau63076412015-07-10 11:33:32 +02006024 if (!ssl_sock_is_ssl(conn))
6025 return;
6026
Willy Tarreau119a4082016-12-22 21:58:38 +01006027 /* if the SNI changes, we must destroy the reusable context so that a
6028 * new connection will present a new SNI. As an optimization we could
6029 * later imagine having a small cache of ssl_ctx to hold a few SNI per
6030 * server.
6031 */
6032 prev_name = (char *)SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
6033 if ((!prev_name && hostname) ||
6034 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
6035 SSL_set_session(conn->xprt_ctx, NULL);
6036
Willy Tarreau63076412015-07-10 11:33:32 +02006037 SSL_set_tlsext_host_name(conn->xprt_ctx, hostname);
6038#endif
6039}
6040
Emeric Brun0abf8362014-06-24 18:26:41 +02006041/* Extract peer certificate's common name into the chunk dest
6042 * Returns
6043 * the len of the extracted common name
6044 * or 0 if no CN found in DN
6045 * or -1 on error case (i.e. no peer certificate)
6046 */
Willy Tarreau83061a82018-07-13 11:56:34 +02006047int ssl_sock_get_remote_common_name(struct connection *conn,
6048 struct buffer *dest)
David Safb76832014-05-08 23:42:08 -04006049{
6050 X509 *crt = NULL;
6051 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04006052 const char find_cn[] = "CN";
Willy Tarreau83061a82018-07-13 11:56:34 +02006053 const struct buffer find_cn_chunk = {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006054 .area = (char *)&find_cn,
6055 .data = sizeof(find_cn)-1
David Safb76832014-05-08 23:42:08 -04006056 };
Emeric Brun0abf8362014-06-24 18:26:41 +02006057 int result = -1;
David Safb76832014-05-08 23:42:08 -04006058
6059 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02006060 goto out;
David Safb76832014-05-08 23:42:08 -04006061
6062 /* SSL_get_peer_certificate, it increase X509 * ref count */
6063 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6064 if (!crt)
6065 goto out;
6066
6067 name = X509_get_subject_name(crt);
6068 if (!name)
6069 goto out;
David Safb76832014-05-08 23:42:08 -04006070
Emeric Brun0abf8362014-06-24 18:26:41 +02006071 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
6072out:
David Safb76832014-05-08 23:42:08 -04006073 if (crt)
6074 X509_free(crt);
6075
6076 return result;
6077}
6078
Dave McCowan328fb582014-07-30 10:39:13 -04006079/* returns 1 if client passed a certificate for this session, 0 if not */
6080int ssl_sock_get_cert_used_sess(struct connection *conn)
6081{
6082 X509 *crt = NULL;
6083
6084 if (!ssl_sock_is_ssl(conn))
6085 return 0;
6086
6087 /* SSL_get_peer_certificate, it increase X509 * ref count */
6088 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6089 if (!crt)
6090 return 0;
6091
6092 X509_free(crt);
6093 return 1;
6094}
6095
6096/* returns 1 if client passed a certificate for this connection, 0 if not */
6097int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04006098{
6099 if (!ssl_sock_is_ssl(conn))
6100 return 0;
6101
6102 return SSL_SOCK_ST_FL_VERIFY_DONE & conn->xprt_st ? 1 : 0;
6103}
6104
6105/* returns result from SSL verify */
6106unsigned int ssl_sock_get_verify_result(struct connection *conn)
6107{
6108 if (!ssl_sock_is_ssl(conn))
6109 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
6110
6111 return (unsigned int)SSL_get_verify_result(conn->xprt_ctx);
6112}
6113
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006114/* Returns the application layer protocol name in <str> and <len> when known.
6115 * Zero is returned if the protocol name was not found, otherwise non-zero is
6116 * returned. The string is allocated in the SSL context and doesn't have to be
6117 * freed by the caller. NPN is also checked if available since older versions
6118 * of openssl (1.0.1) which are more common in field only support this one.
6119 */
6120static int ssl_sock_get_alpn(const struct connection *conn, const char **str, int *len)
6121{
6122 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6123 return 0;
6124
6125 *str = NULL;
6126
6127#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
6128 SSL_get0_alpn_selected(conn->xprt_ctx, (const unsigned char **)str, (unsigned *)len);
6129 if (*str)
6130 return 1;
6131#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01006132#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006133 SSL_get0_next_proto_negotiated(conn->xprt_ctx, (const unsigned char **)str, (unsigned *)len);
6134 if (*str)
6135 return 1;
6136#endif
6137 return 0;
6138}
6139
Willy Tarreau7875d092012-09-10 08:20:03 +02006140/***** Below are some sample fetching functions for ACL/patterns *****/
6141
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006142static int
6143smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
6144{
6145 struct connection *conn;
6146
6147 conn = objt_conn(smp->sess->origin);
6148 if (!conn || conn->xprt != &ssl_sock)
6149 return 0;
6150
6151 smp->flags = 0;
6152 smp->data.type = SMP_T_BOOL;
Olivier Houchard25ae45a2017-11-29 19:51:19 +01006153 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
6154 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_HANDSHAKE))) ? 1 : 0;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006155
6156 return 1;
6157}
6158
Emeric Brune64aef12012-09-21 13:15:06 +02006159/* boolean, returns true if client cert was present */
6160static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006161smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02006162{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006163 struct connection *conn;
6164
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006165 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006166 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02006167 return 0;
6168
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006169 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02006170 smp->flags |= SMP_F_MAY_CHANGE;
6171 return 0;
6172 }
6173
6174 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006175 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006176 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & conn->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02006177
6178 return 1;
6179}
6180
Emeric Brun43e79582014-10-29 19:03:26 +01006181/* binary, returns a certificate in a binary chunk (der/raw).
6182 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6183 * should be use.
6184 */
6185static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006186smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01006187{
6188 int cert_peer = (kw[4] == 'c') ? 1 : 0;
6189 X509 *crt = NULL;
6190 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006191 struct buffer *smp_trash;
Emeric Brun43e79582014-10-29 19:03:26 +01006192 struct connection *conn;
6193
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006194 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01006195 if (!conn || conn->xprt != &ssl_sock)
6196 return 0;
6197
6198 if (!(conn->flags & CO_FL_CONNECTED)) {
6199 smp->flags |= SMP_F_MAY_CHANGE;
6200 return 0;
6201 }
6202
6203 if (cert_peer)
6204 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6205 else
6206 crt = SSL_get_certificate(conn->xprt_ctx);
6207
6208 if (!crt)
6209 goto out;
6210
6211 smp_trash = get_trash_chunk();
6212 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
6213 goto out;
6214
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006215 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006216 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01006217 ret = 1;
6218out:
6219 /* SSL_get_peer_certificate, it increase X509 * ref count */
6220 if (cert_peer && crt)
6221 X509_free(crt);
6222 return ret;
6223}
6224
Emeric Brunba841a12014-04-30 17:05:08 +02006225/* binary, returns serial of certificate in a binary chunk.
6226 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6227 * should be use.
6228 */
Willy Tarreau8d598402012-10-22 17:58:39 +02006229static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006230smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02006231{
Emeric Brunba841a12014-04-30 17:05:08 +02006232 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02006233 X509 *crt = NULL;
6234 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006235 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006236 struct connection *conn;
6237
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006238 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006239 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02006240 return 0;
6241
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006242 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02006243 smp->flags |= SMP_F_MAY_CHANGE;
6244 return 0;
6245 }
6246
Emeric Brunba841a12014-04-30 17:05:08 +02006247 if (cert_peer)
6248 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6249 else
6250 crt = SSL_get_certificate(conn->xprt_ctx);
6251
Willy Tarreau8d598402012-10-22 17:58:39 +02006252 if (!crt)
6253 goto out;
6254
Willy Tarreau47ca5452012-12-23 20:22:19 +01006255 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02006256 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
6257 goto out;
6258
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006259 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006260 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02006261 ret = 1;
6262out:
Emeric Brunba841a12014-04-30 17:05:08 +02006263 /* SSL_get_peer_certificate, it increase X509 * ref count */
6264 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02006265 X509_free(crt);
6266 return ret;
6267}
Emeric Brune64aef12012-09-21 13:15:06 +02006268
Emeric Brunba841a12014-04-30 17:05:08 +02006269/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
6270 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6271 * should be use.
6272 */
James Votha051b4a2013-05-14 20:37:59 +02006273static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006274smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02006275{
Emeric Brunba841a12014-04-30 17:05:08 +02006276 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02006277 X509 *crt = NULL;
6278 const EVP_MD *digest;
6279 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006280 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006281 struct connection *conn;
James Votha051b4a2013-05-14 20:37:59 +02006282
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006283 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006284 if (!conn || conn->xprt != &ssl_sock)
6285 return 0;
6286
6287 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02006288 smp->flags |= SMP_F_MAY_CHANGE;
6289 return 0;
6290 }
6291
Emeric Brunba841a12014-04-30 17:05:08 +02006292 if (cert_peer)
6293 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6294 else
6295 crt = SSL_get_certificate(conn->xprt_ctx);
James Votha051b4a2013-05-14 20:37:59 +02006296 if (!crt)
6297 goto out;
6298
6299 smp_trash = get_trash_chunk();
6300 digest = EVP_sha1();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006301 X509_digest(crt, digest, (unsigned char *) smp_trash->area,
6302 (unsigned int *)&smp_trash->data);
James Votha051b4a2013-05-14 20:37:59 +02006303
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006304 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006305 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02006306 ret = 1;
6307out:
Emeric Brunba841a12014-04-30 17:05:08 +02006308 /* SSL_get_peer_certificate, it increase X509 * ref count */
6309 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02006310 X509_free(crt);
6311 return ret;
6312}
6313
Emeric Brunba841a12014-04-30 17:05:08 +02006314/* string, returns certificate's notafter date in ASN1_UTCTIME format.
6315 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6316 * should be use.
6317 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006318static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006319smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006320{
Emeric Brunba841a12014-04-30 17:05:08 +02006321 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006322 X509 *crt = NULL;
6323 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006324 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006325 struct connection *conn;
Emeric Brunce5ad802012-10-22 14:11:22 +02006326
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006327 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006328 if (!conn || conn->xprt != &ssl_sock)
6329 return 0;
6330
6331 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006332 smp->flags |= SMP_F_MAY_CHANGE;
6333 return 0;
6334 }
6335
Emeric Brunba841a12014-04-30 17:05:08 +02006336 if (cert_peer)
6337 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6338 else
6339 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brunce5ad802012-10-22 14:11:22 +02006340 if (!crt)
6341 goto out;
6342
Willy Tarreau47ca5452012-12-23 20:22:19 +01006343 smp_trash = get_trash_chunk();
Emeric Brunce5ad802012-10-22 14:11:22 +02006344 if (ssl_sock_get_time(X509_get_notAfter(crt), smp_trash) <= 0)
6345 goto out;
6346
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006347 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006348 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006349 ret = 1;
6350out:
Emeric Brunba841a12014-04-30 17:05:08 +02006351 /* SSL_get_peer_certificate, it increase X509 * ref count */
6352 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006353 X509_free(crt);
6354 return ret;
6355}
6356
Emeric Brunba841a12014-04-30 17:05:08 +02006357/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
6358 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6359 * should be use.
6360 */
Emeric Brun87855892012-10-17 17:39:35 +02006361static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006362smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006363{
Emeric Brunba841a12014-04-30 17:05:08 +02006364 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006365 X509 *crt = NULL;
6366 X509_NAME *name;
6367 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006368 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006369 struct connection *conn;
Emeric Brun87855892012-10-17 17:39:35 +02006370
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006371 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006372 if (!conn || conn->xprt != &ssl_sock)
6373 return 0;
6374
6375 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006376 smp->flags |= SMP_F_MAY_CHANGE;
6377 return 0;
6378 }
6379
Emeric Brunba841a12014-04-30 17:05:08 +02006380 if (cert_peer)
6381 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6382 else
6383 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun87855892012-10-17 17:39:35 +02006384 if (!crt)
6385 goto out;
6386
6387 name = X509_get_issuer_name(crt);
6388 if (!name)
6389 goto out;
6390
Willy Tarreau47ca5452012-12-23 20:22:19 +01006391 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006392 if (args && args[0].type == ARGT_STR) {
6393 int pos = 1;
6394
6395 if (args[1].type == ARGT_SINT)
6396 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006397
6398 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6399 goto out;
6400 }
6401 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6402 goto out;
6403
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006404 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006405 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006406 ret = 1;
6407out:
Emeric Brunba841a12014-04-30 17:05:08 +02006408 /* SSL_get_peer_certificate, it increase X509 * ref count */
6409 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006410 X509_free(crt);
6411 return ret;
6412}
6413
Emeric Brunba841a12014-04-30 17:05:08 +02006414/* string, returns notbefore date in ASN1_UTCTIME format.
6415 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6416 * should be use.
6417 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006418static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006419smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006420{
Emeric Brunba841a12014-04-30 17:05:08 +02006421 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006422 X509 *crt = NULL;
6423 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006424 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006425 struct connection *conn;
6426
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006427 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006428 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02006429 return 0;
6430
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006431 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006432 smp->flags |= SMP_F_MAY_CHANGE;
6433 return 0;
6434 }
6435
Emeric Brunba841a12014-04-30 17:05:08 +02006436 if (cert_peer)
6437 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6438 else
6439 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brunce5ad802012-10-22 14:11:22 +02006440 if (!crt)
6441 goto out;
6442
Willy Tarreau47ca5452012-12-23 20:22:19 +01006443 smp_trash = get_trash_chunk();
Emeric Brunce5ad802012-10-22 14:11:22 +02006444 if (ssl_sock_get_time(X509_get_notBefore(crt), smp_trash) <= 0)
6445 goto out;
6446
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006447 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006448 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006449 ret = 1;
6450out:
Emeric Brunba841a12014-04-30 17:05:08 +02006451 /* SSL_get_peer_certificate, it increase X509 * ref count */
6452 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006453 X509_free(crt);
6454 return ret;
6455}
6456
Emeric Brunba841a12014-04-30 17:05:08 +02006457/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
6458 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6459 * should be use.
6460 */
Emeric Brun87855892012-10-17 17:39:35 +02006461static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006462smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006463{
Emeric Brunba841a12014-04-30 17:05:08 +02006464 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006465 X509 *crt = NULL;
6466 X509_NAME *name;
6467 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006468 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006469 struct connection *conn;
Emeric Brun87855892012-10-17 17:39:35 +02006470
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006471 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006472 if (!conn || conn->xprt != &ssl_sock)
6473 return 0;
6474
6475 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006476 smp->flags |= SMP_F_MAY_CHANGE;
6477 return 0;
6478 }
6479
Emeric Brunba841a12014-04-30 17:05:08 +02006480 if (cert_peer)
6481 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6482 else
6483 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun87855892012-10-17 17:39:35 +02006484 if (!crt)
6485 goto out;
6486
6487 name = X509_get_subject_name(crt);
6488 if (!name)
6489 goto out;
6490
Willy Tarreau47ca5452012-12-23 20:22:19 +01006491 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006492 if (args && args[0].type == ARGT_STR) {
6493 int pos = 1;
6494
6495 if (args[1].type == ARGT_SINT)
6496 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006497
6498 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6499 goto out;
6500 }
6501 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6502 goto out;
6503
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006504 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006505 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006506 ret = 1;
6507out:
Emeric Brunba841a12014-04-30 17:05:08 +02006508 /* SSL_get_peer_certificate, it increase X509 * ref count */
6509 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006510 X509_free(crt);
6511 return ret;
6512}
Emeric Brun9143d372012-12-20 15:44:16 +01006513
6514/* integer, returns true if current session use a client certificate */
6515static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006516smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01006517{
6518 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006519 struct connection *conn;
Emeric Brun9143d372012-12-20 15:44:16 +01006520
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006521 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006522 if (!conn || conn->xprt != &ssl_sock)
6523 return 0;
6524
6525 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01006526 smp->flags |= SMP_F_MAY_CHANGE;
6527 return 0;
6528 }
6529
6530 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006531 crt = SSL_get_peer_certificate(conn->xprt_ctx);
Emeric Brun9143d372012-12-20 15:44:16 +01006532 if (crt) {
6533 X509_free(crt);
6534 }
6535
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006536 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006537 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01006538 return 1;
6539}
6540
Emeric Brunba841a12014-04-30 17:05:08 +02006541/* integer, returns the certificate version
6542 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6543 * should be use.
6544 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02006545static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006546smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006547{
Emeric Brunba841a12014-04-30 17:05:08 +02006548 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006549 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006550 struct connection *conn;
6551
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006552 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006553 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006554 return 0;
6555
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006556 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02006557 smp->flags |= SMP_F_MAY_CHANGE;
6558 return 0;
6559 }
6560
Emeric Brunba841a12014-04-30 17:05:08 +02006561 if (cert_peer)
6562 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6563 else
6564 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Bruna7359fd2012-10-17 15:03:11 +02006565 if (!crt)
6566 return 0;
6567
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006568 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02006569 /* SSL_get_peer_certificate increase X509 * ref count */
6570 if (cert_peer)
6571 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006572 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006573
6574 return 1;
6575}
6576
Emeric Brunba841a12014-04-30 17:05:08 +02006577/* string, returns the certificate's signature algorithm.
6578 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6579 * should be use.
6580 */
Emeric Brun7f56e742012-10-19 18:15:40 +02006581static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006582smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02006583{
Emeric Brunba841a12014-04-30 17:05:08 +02006584 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02006585 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006586 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02006587 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006588 struct connection *conn;
Emeric Brun7f56e742012-10-19 18:15:40 +02006589
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006590 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006591 if (!conn || conn->xprt != &ssl_sock)
6592 return 0;
6593
6594 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02006595 smp->flags |= SMP_F_MAY_CHANGE;
6596 return 0;
6597 }
6598
Emeric Brunba841a12014-04-30 17:05:08 +02006599 if (cert_peer)
6600 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6601 else
6602 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun7f56e742012-10-19 18:15:40 +02006603 if (!crt)
6604 return 0;
6605
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006606 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6607 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02006608
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006609 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
6610 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02006611 /* SSL_get_peer_certificate increase X509 * ref count */
6612 if (cert_peer)
6613 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02006614 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02006615 }
Emeric Brun7f56e742012-10-19 18:15:40 +02006616
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006617 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006618 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006619 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02006620 /* SSL_get_peer_certificate increase X509 * ref count */
6621 if (cert_peer)
6622 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02006623
6624 return 1;
6625}
6626
Emeric Brunba841a12014-04-30 17:05:08 +02006627/* string, returns the certificate's key algorithm.
6628 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6629 * should be use.
6630 */
Emeric Brun521a0112012-10-22 12:22:55 +02006631static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006632smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02006633{
Emeric Brunba841a12014-04-30 17:05:08 +02006634 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02006635 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006636 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02006637 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006638 struct connection *conn;
Emeric Brun521a0112012-10-22 12:22:55 +02006639
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006640 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006641 if (!conn || conn->xprt != &ssl_sock)
6642 return 0;
6643
6644 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02006645 smp->flags |= SMP_F_MAY_CHANGE;
6646 return 0;
6647 }
6648
Emeric Brunba841a12014-04-30 17:05:08 +02006649 if (cert_peer)
6650 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6651 else
6652 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun521a0112012-10-22 12:22:55 +02006653 if (!crt)
6654 return 0;
6655
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006656 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
6657 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02006658
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006659 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
6660 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02006661 /* SSL_get_peer_certificate increase X509 * ref count */
6662 if (cert_peer)
6663 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02006664 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02006665 }
Emeric Brun521a0112012-10-22 12:22:55 +02006666
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006667 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006668 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006669 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02006670 if (cert_peer)
6671 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02006672
6673 return 1;
6674}
6675
Emeric Brun645ae792014-04-30 14:21:06 +02006676/* boolean, returns true if front conn. transport layer is SSL.
6677 * This function is also usable on backend conn if the fetch keyword 5th
6678 * char is 'b'.
6679 */
Willy Tarreau7875d092012-09-10 08:20:03 +02006680static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006681smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006682{
Emeric Bruneb8def92018-02-19 15:59:48 +01006683 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6684 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006685
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006686 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006687 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02006688 return 1;
6689}
6690
Emeric Brun2525b6b2012-10-18 15:59:43 +02006691/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02006692static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006693smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006694{
6695#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006696 struct connection *conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006697
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006698 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006699 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006700 conn->xprt_ctx &&
6701 SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02006702 return 1;
6703#else
6704 return 0;
6705#endif
6706}
6707
Emeric Brun74f7ffa2018-02-19 16:14:12 +01006708/* boolean, returns true if client session has been resumed.
6709 * This function is also usable on backend conn if the fetch keyword 5th
6710 * char is 'b'.
6711 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006712static int
6713smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
6714{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01006715 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6716 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
6717
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006718
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006719 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006720 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006721 conn->xprt_ctx &&
6722 SSL_session_reused(conn->xprt_ctx);
6723 return 1;
6724}
6725
Emeric Brun645ae792014-04-30 14:21:06 +02006726/* string, returns the used cipher if front conn. transport layer is SSL.
6727 * This function is also usable on backend conn if the fetch keyword 5th
6728 * char is 'b'.
6729 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006730static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006731smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006732{
Emeric Bruneb8def92018-02-19 15:59:48 +01006733 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6734 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Emeric Brun589fcad2012-10-16 14:13:26 +02006735
Willy Tarreaube508f12016-03-10 11:47:01 +01006736 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006737 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02006738 return 0;
6739
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006740 smp->data.u.str.area = (char *)SSL_get_cipher_name(conn->xprt_ctx);
6741 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02006742 return 0;
6743
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006744 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006745 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006746 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02006747
6748 return 1;
6749}
6750
Emeric Brun645ae792014-04-30 14:21:06 +02006751/* integer, returns the algoritm's keysize if front conn. transport layer
6752 * is SSL.
6753 * This function is also usable on backend conn if the fetch keyword 5th
6754 * char is 'b'.
6755 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006756static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006757smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006758{
Emeric Bruneb8def92018-02-19 15:59:48 +01006759 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6760 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01006761 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01006762
Emeric Brun589fcad2012-10-16 14:13:26 +02006763 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006764 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02006765 return 0;
6766
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02006767 if (!SSL_get_cipher_bits(conn->xprt_ctx, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006768 return 0;
6769
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006770 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006771 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02006772
6773 return 1;
6774}
6775
Emeric Brun645ae792014-04-30 14:21:06 +02006776/* integer, returns the used keysize if front conn. transport layer is SSL.
6777 * This function is also usable on backend conn if the fetch keyword 5th
6778 * char is 'b'.
6779 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006780static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006781smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006782{
Emeric Bruneb8def92018-02-19 15:59:48 +01006783 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6784 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaube508f12016-03-10 11:47:01 +01006785
Emeric Brun589fcad2012-10-16 14:13:26 +02006786 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006787 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6788 return 0;
6789
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006790 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(conn->xprt_ctx, NULL);
6791 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02006792 return 0;
6793
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006794 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02006795
6796 return 1;
6797}
6798
Bernard Spil13c53f82018-02-15 13:34:58 +01006799#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau7875d092012-09-10 08:20:03 +02006800static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006801smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02006802{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006803 struct connection *conn;
6804
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006805 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006806 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02006807
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006808 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006809 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6810 return 0;
6811
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006812 smp->data.u.str.area = NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006813 SSL_get0_next_proto_negotiated(conn->xprt_ctx,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006814 (const unsigned char **)&smp->data.u.str.area,
6815 (unsigned *)&smp->data.u.str.data);
Willy Tarreaua33c6542012-10-15 13:19:06 +02006816
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006817 if (!smp->data.u.str.area)
Willy Tarreaua33c6542012-10-15 13:19:06 +02006818 return 0;
6819
6820 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02006821}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02006822#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02006823
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01006824#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02006825static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006826smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02006827{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006828 struct connection *conn;
6829
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006830 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006831 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02006832
Willy Tarreaue26bf052015-05-12 10:30:12 +02006833 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006834 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02006835 return 0;
6836
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006837 smp->data.u.str.area = NULL;
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01006838 SSL_get0_alpn_selected(conn->xprt_ctx,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006839 (const unsigned char **)&smp->data.u.str.area,
6840 (unsigned *)&smp->data.u.str.data);
Willy Tarreauab861d32013-04-02 02:30:41 +02006841
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006842 if (!smp->data.u.str.area)
Willy Tarreauab861d32013-04-02 02:30:41 +02006843 return 0;
6844
6845 return 1;
6846}
6847#endif
6848
Emeric Brun645ae792014-04-30 14:21:06 +02006849/* string, returns the used protocol if front conn. transport layer is SSL.
6850 * This function is also usable on backend conn if the fetch keyword 5th
6851 * char is 'b'.
6852 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02006853static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006854smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006855{
Emeric Bruneb8def92018-02-19 15:59:48 +01006856 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6857 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaube508f12016-03-10 11:47:01 +01006858
Emeric Brun589fcad2012-10-16 14:13:26 +02006859 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006860 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6861 return 0;
6862
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006863 smp->data.u.str.area = (char *)SSL_get_version(conn->xprt_ctx);
6864 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02006865 return 0;
6866
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006867 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006868 smp->flags = SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006869 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02006870
6871 return 1;
6872}
6873
Willy Tarreau87b09662015-04-03 00:22:06 +02006874/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02006875 * This function is also usable on backend conn if the fetch keyword 5th
6876 * char is 'b'.
6877 */
Patrick Hemmer41966772018-04-28 19:15:48 -04006878#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun589fcad2012-10-16 14:13:26 +02006879static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006880smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02006881{
Emeric Bruneb8def92018-02-19 15:59:48 +01006882 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6883 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01006884 SSL_SESSION *ssl_sess;
Willy Tarreaube508f12016-03-10 11:47:01 +01006885
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006886 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006887 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02006888
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006889 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6890 return 0;
6891
Willy Tarreau192252e2015-04-04 01:47:55 +02006892 ssl_sess = SSL_get_session(conn->xprt_ctx);
6893 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02006894 return 0;
6895
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006896 smp->data.u.str.area = (char *)SSL_SESSION_get_id(ssl_sess,
6897 (unsigned int *)&smp->data.u.str.data);
6898 if (!smp->data.u.str.area || !smp->data.u.str.data)
Emeric Brunfe68f682012-10-16 14:59:28 +02006899 return 0;
6900
6901 return 1;
Emeric Brunfe68f682012-10-16 14:59:28 +02006902}
Patrick Hemmer41966772018-04-28 19:15:48 -04006903#endif
6904
Emeric Brunfe68f682012-10-16 14:59:28 +02006905
Patrick Hemmere0275472018-04-28 19:15:51 -04006906#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
6907static int
6908smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
6909{
6910 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6911 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
6912 SSL_SESSION *ssl_sess;
Willy Tarreau83061a82018-07-13 11:56:34 +02006913 struct buffer *data;
Patrick Hemmere0275472018-04-28 19:15:51 -04006914
6915 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6916 return 0;
6917
6918 ssl_sess = SSL_get_session(conn->xprt_ctx);
6919 if (!ssl_sess)
6920 return 0;
6921
6922 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006923 data->data = SSL_SESSION_get_master_key(ssl_sess,
6924 (unsigned char *) data->area,
6925 data->size);
6926 if (!data->data)
Patrick Hemmere0275472018-04-28 19:15:51 -04006927 return 0;
6928
6929 smp->flags = 0;
6930 smp->data.type = SMP_T_BIN;
6931 smp->data.u.str = *data;
6932
6933 return 1;
6934}
6935#endif
6936
Patrick Hemmer41966772018-04-28 19:15:48 -04006937#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emeric Brunfe68f682012-10-16 14:59:28 +02006938static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006939smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006940{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006941 struct connection *conn;
6942
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006943 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006944 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02006945
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006946 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006947 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6948 return 0;
6949
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006950 smp->data.u.str.area = (char *)SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
6951 if (!smp->data.u.str.area)
Willy Tarreau3e394c92012-09-14 23:56:58 +02006952 return 0;
6953
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006954 smp->data.u.str.data = strlen(smp->data.u.str.area);
Willy Tarreau7875d092012-09-10 08:20:03 +02006955 return 1;
Willy Tarreau7875d092012-09-10 08:20:03 +02006956}
Patrick Hemmer41966772018-04-28 19:15:48 -04006957#endif
Willy Tarreau7875d092012-09-10 08:20:03 +02006958
David Sc1ad52e2014-04-08 18:48:47 -04006959static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006960smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
6961{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006962 struct connection *conn;
6963 struct ssl_capture *capture;
6964
6965 conn = objt_conn(smp->sess->origin);
6966 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6967 return 0;
6968
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01006969 capture = SSL_get_ex_data(conn->xprt_ctx, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006970 if (!capture)
6971 return 0;
6972
6973 smp->flags = SMP_F_CONST;
6974 smp->data.type = SMP_T_BIN;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006975 smp->data.u.str.area = capture->ciphersuite;
6976 smp->data.u.str.data = capture->ciphersuite_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006977 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006978}
6979
6980static int
6981smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
6982{
Willy Tarreau83061a82018-07-13 11:56:34 +02006983 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006984
6985 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
6986 return 0;
6987
6988 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006989 dump_binary(data, smp->data.u.str.area, smp->data.u.str.data);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006990 smp->data.type = SMP_T_BIN;
6991 smp->data.u.str = *data;
6992 return 1;
6993}
6994
6995static int
6996smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
6997{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006998 struct connection *conn;
6999 struct ssl_capture *capture;
7000
7001 conn = objt_conn(smp->sess->origin);
7002 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7003 return 0;
7004
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01007005 capture = SSL_get_ex_data(conn->xprt_ctx, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007006 if (!capture)
7007 return 0;
7008
7009 smp->data.type = SMP_T_SINT;
7010 smp->data.u.sint = capture->xxh64;
7011 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007012}
7013
7014static int
7015smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
7016{
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007017#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && !defined(LIBRESSL_VERSION_NUMBER)
Willy Tarreau83061a82018-07-13 11:56:34 +02007018 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007019 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007020
7021 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7022 return 0;
7023
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007024 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007025 for (i = 0; i + 1 < smp->data.u.str.data; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007026 const char *str;
7027 const SSL_CIPHER *cipher;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007028 const unsigned char *bin = (const unsigned char *) smp->data.u.str.area + i;
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007029 uint16_t id = (bin[0] << 8) | bin[1];
7030#if defined(OPENSSL_IS_BORINGSSL)
7031 cipher = SSL_get_cipher_by_value(id);
7032#else
7033 struct connection *conn = objt_conn(smp->sess->origin);
7034 cipher = SSL_CIPHER_find(conn->xprt_ctx, bin);
7035#endif
7036 str = SSL_CIPHER_get_name(cipher);
7037 if (!str || strcmp(str, "(NONE)") == 0)
7038 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007039 else
7040 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
7041 }
7042 smp->data.type = SMP_T_STR;
7043 smp->data.u.str = *data;
7044 return 1;
7045#else
7046 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
7047#endif
7048}
7049
Patrick Hemmer41966772018-04-28 19:15:48 -04007050#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007051static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007052smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04007053{
Emeric Bruneb8def92018-02-19 15:59:48 +01007054 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7055 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04007056 int finished_len;
Willy Tarreau83061a82018-07-13 11:56:34 +02007057 struct buffer *finished_trash;
David Sc1ad52e2014-04-08 18:48:47 -04007058
7059 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04007060 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7061 return 0;
7062
7063 if (!(conn->flags & CO_FL_CONNECTED)) {
7064 smp->flags |= SMP_F_MAY_CHANGE;
7065 return 0;
7066 }
7067
7068 finished_trash = get_trash_chunk();
7069 if (!SSL_session_reused(conn->xprt_ctx))
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007070 finished_len = SSL_get_peer_finished(conn->xprt_ctx,
7071 finished_trash->area,
7072 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007073 else
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007074 finished_len = SSL_get_finished(conn->xprt_ctx,
7075 finished_trash->area,
7076 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007077
7078 if (!finished_len)
7079 return 0;
7080
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007081 finished_trash->data = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007082 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007083 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04007084
7085 return 1;
David Sc1ad52e2014-04-08 18:48:47 -04007086}
Patrick Hemmer41966772018-04-28 19:15:48 -04007087#endif
David Sc1ad52e2014-04-08 18:48:47 -04007088
Emeric Brun2525b6b2012-10-18 15:59:43 +02007089/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007090static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007091smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007092{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007093 struct connection *conn;
7094
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007095 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007096 if (!conn || conn->xprt != &ssl_sock)
7097 return 0;
7098
7099 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007100 smp->flags = SMP_F_MAY_CHANGE;
7101 return 0;
7102 }
7103
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007104 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007105 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007106 smp->flags = 0;
7107
7108 return 1;
7109}
7110
Emeric Brun2525b6b2012-10-18 15:59:43 +02007111/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007112static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007113smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007114{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007115 struct connection *conn;
7116
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007117 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007118 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02007119 return 0;
7120
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007121 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007122 smp->flags = SMP_F_MAY_CHANGE;
7123 return 0;
7124 }
7125
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007126 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007127 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007128 smp->flags = 0;
7129
7130 return 1;
7131}
7132
Emeric Brun2525b6b2012-10-18 15:59:43 +02007133/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02007134static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007135smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007136{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007137 struct connection *conn;
7138
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007139 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007140 if (!conn || conn->xprt != &ssl_sock)
7141 return 0;
7142
7143 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007144 smp->flags = SMP_F_MAY_CHANGE;
7145 return 0;
7146 }
7147
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007148 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007149 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007150 smp->flags = 0;
7151
7152 return 1;
7153}
7154
Emeric Brun2525b6b2012-10-18 15:59:43 +02007155/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007156static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007157smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007158{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007159 struct connection *conn;
7160
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007161 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007162 if (!conn || conn->xprt != &ssl_sock)
7163 return 0;
7164
7165 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007166 smp->flags = SMP_F_MAY_CHANGE;
7167 return 0;
7168 }
7169
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007170 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007171 return 0;
7172
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007173 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007174 smp->data.u.sint = (long long int)SSL_get_verify_result(conn->xprt_ctx);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007175 smp->flags = 0;
7176
7177 return 1;
7178}
7179
Emeric Brunfb510ea2012-10-05 12:00:26 +02007180/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007181static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007182{
7183 if (!*args[cur_arg + 1]) {
7184 if (err)
7185 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7186 return ERR_ALERT | ERR_FATAL;
7187 }
7188
Willy Tarreauef934602016-12-22 23:12:01 +01007189 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7190 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007191 else
7192 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007193
Emeric Brund94b3fe2012-09-20 18:23:56 +02007194 return 0;
7195}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007196static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7197{
7198 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
7199}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007200
Christopher Faulet31af49d2015-06-09 17:29:50 +02007201/* parse the "ca-sign-file" bind keyword */
7202static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7203{
7204 if (!*args[cur_arg + 1]) {
7205 if (err)
7206 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7207 return ERR_ALERT | ERR_FATAL;
7208 }
7209
Willy Tarreauef934602016-12-22 23:12:01 +01007210 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7211 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02007212 else
7213 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
7214
7215 return 0;
7216}
7217
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007218/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02007219static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7220{
7221 if (!*args[cur_arg + 1]) {
7222 if (err)
7223 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
7224 return ERR_ALERT | ERR_FATAL;
7225 }
7226 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
7227 return 0;
7228}
7229
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007230/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007231static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007232{
7233 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007234 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007235 return ERR_ALERT | ERR_FATAL;
7236 }
7237
Emeric Brun76d88952012-10-05 15:47:31 +02007238 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02007239 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007240 return 0;
7241}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007242static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7243{
7244 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
7245}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007246/* parse the "crt" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007247static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007248{
Willy Tarreau38011032013-08-13 16:59:39 +02007249 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02007250
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007251 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007252 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007253 return ERR_ALERT | ERR_FATAL;
7254 }
7255
Willy Tarreauef934602016-12-22 23:12:01 +01007256 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
7257 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02007258 memprintf(err, "'%s' : path too long", args[cur_arg]);
7259 return ERR_ALERT | ERR_FATAL;
7260 }
Willy Tarreauef934602016-12-22 23:12:01 +01007261 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreau03209342016-12-22 17:08:28 +01007262 if (ssl_sock_load_cert(path, conf, err) > 0)
Emeric Brunc8e8d122012-10-02 18:42:10 +02007263 return ERR_ALERT | ERR_FATAL;
7264
7265 return 0;
7266 }
7267
Willy Tarreau03209342016-12-22 17:08:28 +01007268 if (ssl_sock_load_cert(args[cur_arg + 1], conf, err) > 0)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007269 return ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007270
7271 return 0;
7272}
7273
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007274/* parse the "crt-list" bind keyword */
7275static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7276{
7277 if (!*args[cur_arg + 1]) {
7278 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
7279 return ERR_ALERT | ERR_FATAL;
7280 }
7281
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007282 if (ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err) > 0) {
Willy Tarreauad1731d2013-04-02 17:35:58 +02007283 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007284 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02007285 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007286
7287 return 0;
7288}
7289
Emeric Brunfb510ea2012-10-05 12:00:26 +02007290/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007291static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007292{
Emeric Brun051cdab2012-10-02 19:25:50 +02007293#ifndef X509_V_FLAG_CRL_CHECK
7294 if (err)
7295 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
7296 return ERR_ALERT | ERR_FATAL;
7297#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02007298 if (!*args[cur_arg + 1]) {
7299 if (err)
7300 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
7301 return ERR_ALERT | ERR_FATAL;
7302 }
Emeric Brun2b58d042012-09-20 17:10:03 +02007303
Willy Tarreauef934602016-12-22 23:12:01 +01007304 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7305 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007306 else
7307 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007308
Emeric Brun2b58d042012-09-20 17:10:03 +02007309 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02007310#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02007311}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007312static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7313{
7314 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
7315}
Emeric Brun2b58d042012-09-20 17:10:03 +02007316
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007317/* parse the "curves" bind keyword keyword */
7318static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7319{
7320#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
7321 if (!*args[cur_arg + 1]) {
7322 if (err)
7323 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
7324 return ERR_ALERT | ERR_FATAL;
7325 }
7326 conf->curves = strdup(args[cur_arg + 1]);
7327 return 0;
7328#else
7329 if (err)
7330 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
7331 return ERR_ALERT | ERR_FATAL;
7332#endif
7333}
7334static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7335{
7336 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
7337}
7338
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007339/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007340static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02007341{
7342#if OPENSSL_VERSION_NUMBER < 0x0090800fL
7343 if (err)
7344 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
7345 return ERR_ALERT | ERR_FATAL;
7346#elif defined(OPENSSL_NO_ECDH)
7347 if (err)
7348 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
7349 return ERR_ALERT | ERR_FATAL;
7350#else
7351 if (!*args[cur_arg + 1]) {
7352 if (err)
7353 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
7354 return ERR_ALERT | ERR_FATAL;
7355 }
7356
7357 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007358
7359 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02007360#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007361}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007362static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7363{
7364 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
7365}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007366
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007367/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02007368static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7369{
7370 int code;
7371 char *p = args[cur_arg + 1];
7372 unsigned long long *ignerr = &conf->crt_ignerr;
7373
7374 if (!*p) {
7375 if (err)
7376 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
7377 return ERR_ALERT | ERR_FATAL;
7378 }
7379
7380 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
7381 ignerr = &conf->ca_ignerr;
7382
7383 if (strcmp(p, "all") == 0) {
7384 *ignerr = ~0ULL;
7385 return 0;
7386 }
7387
7388 while (p) {
7389 code = atoi(p);
7390 if ((code <= 0) || (code > 63)) {
7391 if (err)
7392 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
7393 args[cur_arg], code, args[cur_arg + 1]);
7394 return ERR_ALERT | ERR_FATAL;
7395 }
7396 *ignerr |= 1ULL << code;
7397 p = strchr(p, ',');
7398 if (p)
7399 p++;
7400 }
7401
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007402 return 0;
7403}
7404
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007405/* parse tls_method_options "no-xxx" and "force-xxx" */
7406static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007407{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007408 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007409 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007410 p = strchr(arg, '-');
7411 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007412 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007413 p++;
7414 if (!strcmp(p, "sslv3"))
7415 v = CONF_SSLV3;
7416 else if (!strcmp(p, "tlsv10"))
7417 v = CONF_TLSV10;
7418 else if (!strcmp(p, "tlsv11"))
7419 v = CONF_TLSV11;
7420 else if (!strcmp(p, "tlsv12"))
7421 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02007422 else if (!strcmp(p, "tlsv13"))
7423 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007424 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007425 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007426 if (!strncmp(arg, "no-", 3))
7427 methods->flags |= methodVersions[v].flag;
7428 else if (!strncmp(arg, "force-", 6))
7429 methods->min = methods->max = v;
7430 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007431 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007432 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007433 fail:
7434 if (err)
7435 memprintf(err, "'%s' : option not implemented", arg);
7436 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007437}
7438
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007439static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007440{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007441 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007442}
7443
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007444static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007445{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007446 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
7447}
7448
7449/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
7450static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
7451{
7452 uint16_t i, v = 0;
7453 char *argv = args[cur_arg + 1];
7454 if (!*argv) {
7455 if (err)
7456 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
7457 return ERR_ALERT | ERR_FATAL;
7458 }
7459 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
7460 if (!strcmp(argv, methodVersions[i].name))
7461 v = i;
7462 if (!v) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007463 if (err)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007464 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007465 return ERR_ALERT | ERR_FATAL;
7466 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007467 if (!strcmp("ssl-min-ver", args[cur_arg]))
7468 methods->min = v;
7469 else if (!strcmp("ssl-max-ver", args[cur_arg]))
7470 methods->max = v;
7471 else {
7472 if (err)
7473 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
7474 return ERR_ALERT | ERR_FATAL;
7475 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007476 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007477}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007478
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02007479static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7480{
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02007481#if (OPENSSL_VERSION_NUMBER < 0x10101000L) || !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01007482 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02007483#endif
7484 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
7485}
7486
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007487static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7488{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007489 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007490}
7491
7492static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7493{
7494 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
7495}
7496
Emeric Brun2d0c4822012-10-02 13:45:20 +02007497/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01007498static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02007499{
Emeric Brun89675492012-10-05 13:48:26 +02007500 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02007501 return 0;
7502}
Emeric Brun2d0c4822012-10-02 13:45:20 +02007503
Olivier Houchardc2aae742017-09-22 18:26:28 +02007504/* parse the "allow-0rtt" bind keyword */
7505static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7506{
7507 conf->early_data = 1;
7508 return 0;
7509}
7510
7511static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7512{
Olivier Houchard9679ac92017-10-27 14:58:08 +02007513 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02007514 return 0;
7515}
7516
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007517/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007518static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007519{
Bernard Spil13c53f82018-02-15 13:34:58 +01007520#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007521 char *p1, *p2;
7522
7523 if (!*args[cur_arg + 1]) {
7524 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
7525 return ERR_ALERT | ERR_FATAL;
7526 }
7527
7528 free(conf->npn_str);
7529
Willy Tarreau3724da12016-02-12 17:11:12 +01007530 /* the NPN string is built as a suite of (<len> <name>)*,
7531 * so we reuse each comma to store the next <len> and need
7532 * one more for the end of the string.
7533 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007534 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01007535 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007536 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
7537
7538 /* replace commas with the name length */
7539 p1 = conf->npn_str;
7540 p2 = p1 + 1;
7541 while (1) {
7542 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
7543 if (!p2)
7544 p2 = p1 + 1 + strlen(p1 + 1);
7545
7546 if (p2 - (p1 + 1) > 255) {
7547 *p2 = '\0';
7548 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
7549 return ERR_ALERT | ERR_FATAL;
7550 }
7551
7552 *p1 = p2 - (p1 + 1);
7553 p1 = p2;
7554
7555 if (!*p2)
7556 break;
7557
7558 *(p2++) = '\0';
7559 }
7560 return 0;
7561#else
7562 if (err)
7563 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
7564 return ERR_ALERT | ERR_FATAL;
7565#endif
7566}
7567
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007568static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7569{
7570 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
7571}
7572
Willy Tarreauab861d32013-04-02 02:30:41 +02007573/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007574static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02007575{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01007576#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02007577 char *p1, *p2;
7578
7579 if (!*args[cur_arg + 1]) {
7580 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
7581 return ERR_ALERT | ERR_FATAL;
7582 }
7583
7584 free(conf->alpn_str);
7585
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01007586 /* the ALPN string is built as a suite of (<len> <name>)*,
7587 * so we reuse each comma to store the next <len> and need
7588 * one more for the end of the string.
7589 */
Willy Tarreauab861d32013-04-02 02:30:41 +02007590 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01007591 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02007592 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
7593
7594 /* replace commas with the name length */
7595 p1 = conf->alpn_str;
7596 p2 = p1 + 1;
7597 while (1) {
7598 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
7599 if (!p2)
7600 p2 = p1 + 1 + strlen(p1 + 1);
7601
7602 if (p2 - (p1 + 1) > 255) {
7603 *p2 = '\0';
7604 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
7605 return ERR_ALERT | ERR_FATAL;
7606 }
7607
7608 *p1 = p2 - (p1 + 1);
7609 p1 = p2;
7610
7611 if (!*p2)
7612 break;
7613
7614 *(p2++) = '\0';
7615 }
7616 return 0;
7617#else
7618 if (err)
7619 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
7620 return ERR_ALERT | ERR_FATAL;
7621#endif
7622}
7623
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007624static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7625{
7626 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
7627}
7628
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007629/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007630static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007631{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01007632 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02007633 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02007634
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007635 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
7636 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01007637 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007638 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
7639 if (!conf->ssl_conf.ssl_methods.min)
7640 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
7641 if (!conf->ssl_conf.ssl_methods.max)
7642 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02007643
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007644 return 0;
7645}
7646
Lukas Tribus53ae85c2017-05-04 15:45:40 +00007647/* parse the "prefer-client-ciphers" bind keyword */
7648static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7649{
7650 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
7651 return 0;
7652}
7653
Christopher Faulet31af49d2015-06-09 17:29:50 +02007654/* parse the "generate-certificates" bind keyword */
7655static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7656{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01007657#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02007658 conf->generate_certs = 1;
7659#else
7660 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
7661 err && *err ? *err : "");
7662#endif
7663 return 0;
7664}
7665
Emmanuel Hocdet65623372013-01-24 17:17:15 +01007666/* parse the "strict-sni" bind keyword */
7667static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7668{
7669 conf->strict_sni = 1;
7670 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007671}
7672
7673/* parse the "tls-ticket-keys" bind keyword */
7674static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7675{
7676#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
7677 FILE *f;
7678 int i = 0;
7679 char thisline[LINESIZE];
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007680 struct tls_keys_ref *keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007681
7682 if (!*args[cur_arg + 1]) {
7683 if (err)
7684 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
7685 return ERR_ALERT | ERR_FATAL;
7686 }
7687
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007688 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02007689 if (keys_ref) {
7690 keys_ref->refcount++;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007691 conf->keys_ref = keys_ref;
7692 return 0;
7693 }
7694
Vincent Bernat02779b62016-04-03 13:48:43 +02007695 keys_ref = malloc(sizeof(*keys_ref));
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007696 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(struct tls_sess_key));
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007697
7698 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
7699 if (err)
7700 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
7701 return ERR_ALERT | ERR_FATAL;
7702 }
7703
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007704 keys_ref->filename = strdup(args[cur_arg + 1]);
7705
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007706 while (fgets(thisline, sizeof(thisline), f) != NULL) {
7707 int len = strlen(thisline);
7708 /* Strip newline characters from the end */
7709 if(thisline[len - 1] == '\n')
7710 thisline[--len] = 0;
7711
7712 if(thisline[len - 1] == '\r')
7713 thisline[--len] = 0;
7714
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007715 if (base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(struct tls_sess_key)) != sizeof(struct tls_sess_key)) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007716 if (err)
7717 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
mildis16aa0152016-06-22 17:46:29 +02007718 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007719 return ERR_ALERT | ERR_FATAL;
7720 }
7721 i++;
7722 }
7723
7724 if (i < TLS_TICKETS_NO) {
7725 if (err)
7726 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
mildis16aa0152016-06-22 17:46:29 +02007727 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007728 return ERR_ALERT | ERR_FATAL;
7729 }
7730
7731 fclose(f);
7732
7733 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01007734 i -= 2;
7735 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007736 keys_ref->unique_id = -1;
Willy Tarreau17b4aa12018-07-17 10:05:32 +02007737 keys_ref->refcount = 1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01007738 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007739 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007740
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007741 LIST_ADD(&tlskeys_reference, &keys_ref->list);
7742
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007743 return 0;
7744#else
7745 if (err)
7746 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
7747 return ERR_ALERT | ERR_FATAL;
7748#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01007749}
7750
Emeric Brund94b3fe2012-09-20 18:23:56 +02007751/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007752static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007753{
7754 if (!*args[cur_arg + 1]) {
7755 if (err)
7756 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
7757 return ERR_ALERT | ERR_FATAL;
7758 }
7759
7760 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007761 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007762 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007763 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007764 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007765 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007766 else {
7767 if (err)
7768 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
7769 args[cur_arg], args[cur_arg + 1]);
7770 return ERR_ALERT | ERR_FATAL;
7771 }
7772
7773 return 0;
7774}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007775static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7776{
7777 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
7778}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007779
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02007780/* parse the "no-ca-names" bind keyword */
7781static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7782{
7783 conf->no_ca_names = 1;
7784 return 0;
7785}
7786static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7787{
7788 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
7789}
7790
Willy Tarreau92faadf2012-10-10 23:04:25 +02007791/************** "server" keywords ****************/
7792
Emeric Brunef42d922012-10-11 16:11:36 +02007793/* parse the "ca-file" server keyword */
7794static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7795{
7796 if (!*args[*cur_arg + 1]) {
7797 if (err)
7798 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
7799 return ERR_ALERT | ERR_FATAL;
7800 }
7801
Willy Tarreauef934602016-12-22 23:12:01 +01007802 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
7803 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007804 else
7805 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
7806
7807 return 0;
7808}
7809
Olivier Houchard9130a962017-10-17 17:33:43 +02007810/* parse the "check-sni" server keyword */
7811static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7812{
7813 if (!*args[*cur_arg + 1]) {
7814 if (err)
7815 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
7816 return ERR_ALERT | ERR_FATAL;
7817 }
7818
7819 newsrv->check.sni = strdup(args[*cur_arg + 1]);
7820 if (!newsrv->check.sni) {
7821 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
7822 return ERR_ALERT | ERR_FATAL;
7823 }
7824 return 0;
7825
7826}
7827
Willy Tarreau92faadf2012-10-10 23:04:25 +02007828/* parse the "check-ssl" server keyword */
7829static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7830{
7831 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01007832 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
7833 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
7834 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007835 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
7836 if (!newsrv->ssl_ctx.methods.min)
7837 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
7838 if (!newsrv->ssl_ctx.methods.max)
7839 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
7840
Willy Tarreau92faadf2012-10-10 23:04:25 +02007841 return 0;
7842}
7843
7844/* parse the "ciphers" server keyword */
7845static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7846{
7847 if (!*args[*cur_arg + 1]) {
7848 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
7849 return ERR_ALERT | ERR_FATAL;
7850 }
7851
7852 free(newsrv->ssl_ctx.ciphers);
7853 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
7854 return 0;
7855}
7856
Emeric Brunef42d922012-10-11 16:11:36 +02007857/* parse the "crl-file" server keyword */
7858static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7859{
7860#ifndef X509_V_FLAG_CRL_CHECK
7861 if (err)
7862 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
7863 return ERR_ALERT | ERR_FATAL;
7864#else
7865 if (!*args[*cur_arg + 1]) {
7866 if (err)
7867 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
7868 return ERR_ALERT | ERR_FATAL;
7869 }
7870
Willy Tarreauef934602016-12-22 23:12:01 +01007871 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
7872 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007873 else
7874 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
7875
7876 return 0;
7877#endif
7878}
7879
Emeric Bruna7aa3092012-10-26 12:58:00 +02007880/* parse the "crt" server keyword */
7881static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7882{
7883 if (!*args[*cur_arg + 1]) {
7884 if (err)
7885 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
7886 return ERR_ALERT | ERR_FATAL;
7887 }
7888
Willy Tarreauef934602016-12-22 23:12:01 +01007889 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01007890 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02007891 else
7892 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
7893
7894 return 0;
7895}
Emeric Brunef42d922012-10-11 16:11:36 +02007896
Frédéric Lécaille340ae602017-03-13 10:38:04 +01007897/* parse the "no-check-ssl" server keyword */
7898static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7899{
7900 newsrv->check.use_ssl = 0;
7901 free(newsrv->ssl_ctx.ciphers);
7902 newsrv->ssl_ctx.ciphers = NULL;
7903 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
7904 return 0;
7905}
7906
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01007907/* parse the "no-send-proxy-v2-ssl" server keyword */
7908static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7909{
7910 newsrv->pp_opts &= ~SRV_PP_V2;
7911 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
7912 return 0;
7913}
7914
7915/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
7916static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7917{
7918 newsrv->pp_opts &= ~SRV_PP_V2;
7919 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
7920 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
7921 return 0;
7922}
7923
Frédéric Lécaillee381d762017-03-13 11:54:17 +01007924/* parse the "no-ssl" server keyword */
7925static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7926{
7927 newsrv->use_ssl = 0;
7928 free(newsrv->ssl_ctx.ciphers);
7929 newsrv->ssl_ctx.ciphers = NULL;
7930 return 0;
7931}
7932
Olivier Houchard522eea72017-11-03 16:27:47 +01007933/* parse the "allow-0rtt" server keyword */
7934static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7935{
7936 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
7937 return 0;
7938}
7939
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01007940/* parse the "no-ssl-reuse" server keyword */
7941static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7942{
7943 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
7944 return 0;
7945}
7946
Emeric Brunf9c5c472012-10-11 15:28:34 +02007947/* parse the "no-tls-tickets" server keyword */
7948static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7949{
7950 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
7951 return 0;
7952}
David Safb76832014-05-08 23:42:08 -04007953/* parse the "send-proxy-v2-ssl" server keyword */
7954static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7955{
7956 newsrv->pp_opts |= SRV_PP_V2;
7957 newsrv->pp_opts |= SRV_PP_V2_SSL;
7958 return 0;
7959}
7960
7961/* parse the "send-proxy-v2-ssl-cn" server keyword */
7962static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7963{
7964 newsrv->pp_opts |= SRV_PP_V2;
7965 newsrv->pp_opts |= SRV_PP_V2_SSL;
7966 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
7967 return 0;
7968}
Emeric Brunf9c5c472012-10-11 15:28:34 +02007969
Willy Tarreau732eac42015-07-09 11:40:25 +02007970/* parse the "sni" server keyword */
7971static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7972{
7973#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
7974 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
7975 return ERR_ALERT | ERR_FATAL;
7976#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01007977 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02007978
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01007979 arg = args[*cur_arg + 1];
7980 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02007981 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
7982 return ERR_ALERT | ERR_FATAL;
7983 }
7984
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01007985 free(newsrv->sni_expr);
7986 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02007987
Willy Tarreau732eac42015-07-09 11:40:25 +02007988 return 0;
7989#endif
7990}
7991
Willy Tarreau92faadf2012-10-10 23:04:25 +02007992/* parse the "ssl" server keyword */
7993static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7994{
7995 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01007996 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
7997 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Willy Tarreau92faadf2012-10-10 23:04:25 +02007998 return 0;
7999}
8000
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008001/* parse the "ssl-reuse" server keyword */
8002static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8003{
8004 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
8005 return 0;
8006}
8007
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008008/* parse the "tls-tickets" server keyword */
8009static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8010{
8011 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
8012 return 0;
8013}
8014
Emeric Brunef42d922012-10-11 16:11:36 +02008015/* parse the "verify" server keyword */
8016static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8017{
8018 if (!*args[*cur_arg + 1]) {
8019 if (err)
8020 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
8021 return ERR_ALERT | ERR_FATAL;
8022 }
8023
8024 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008025 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02008026 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008027 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02008028 else {
8029 if (err)
8030 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
8031 args[*cur_arg], args[*cur_arg + 1]);
8032 return ERR_ALERT | ERR_FATAL;
8033 }
8034
Evan Broderbe554312013-06-27 00:05:25 -07008035 return 0;
8036}
8037
8038/* parse the "verifyhost" server keyword */
8039static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8040{
8041 if (!*args[*cur_arg + 1]) {
8042 if (err)
8043 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
8044 return ERR_ALERT | ERR_FATAL;
8045 }
8046
Frédéric Lécaille273f3212017-03-13 15:52:01 +01008047 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07008048 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
8049
Emeric Brunef42d922012-10-11 16:11:36 +02008050 return 0;
8051}
8052
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008053/* parse the "ssl-default-bind-options" keyword in global section */
8054static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
8055 struct proxy *defpx, const char *file, int line,
8056 char **err) {
8057 int i = 1;
8058
8059 if (*(args[i]) == 0) {
8060 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8061 return -1;
8062 }
8063 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008064 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008065 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008066 else if (!strcmp(args[i], "prefer-client-ciphers"))
8067 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008068 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8069 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
8070 i++;
8071 else {
8072 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8073 return -1;
8074 }
8075 }
8076 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008077 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8078 return -1;
8079 }
8080 i++;
8081 }
8082 return 0;
8083}
8084
8085/* parse the "ssl-default-server-options" keyword in global section */
8086static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
8087 struct proxy *defpx, const char *file, int line,
8088 char **err) {
8089 int i = 1;
8090
8091 if (*(args[i]) == 0) {
8092 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8093 return -1;
8094 }
8095 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008096 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008097 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008098 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8099 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
8100 i++;
8101 else {
8102 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8103 return -1;
8104 }
8105 }
8106 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008107 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8108 return -1;
8109 }
8110 i++;
8111 }
8112 return 0;
8113}
8114
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008115/* parse the "ca-base" / "crt-base" keywords in global section.
8116 * Returns <0 on alert, >0 on warning, 0 on success.
8117 */
8118static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
8119 struct proxy *defpx, const char *file, int line,
8120 char **err)
8121{
8122 char **target;
8123
Willy Tarreauef934602016-12-22 23:12:01 +01008124 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008125
8126 if (too_many_args(1, args, err, NULL))
8127 return -1;
8128
8129 if (*target) {
8130 memprintf(err, "'%s' already specified.", args[0]);
8131 return -1;
8132 }
8133
8134 if (*(args[1]) == 0) {
8135 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
8136 return -1;
8137 }
8138 *target = strdup(args[1]);
8139 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008140}
8141
8142/* parse the "ssl-mode-async" keyword in global section.
8143 * Returns <0 on alert, >0 on warning, 0 on success.
8144 */
8145static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
8146 struct proxy *defpx, const char *file, int line,
8147 char **err)
8148{
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02008149#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008150 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01008151 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008152 return 0;
8153#else
8154 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
8155 return -1;
8156#endif
8157}
8158
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008159#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008160static int ssl_check_async_engine_count(void) {
8161 int err_code = 0;
8162
Emeric Brun3854e012017-05-17 20:42:48 +02008163 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01008164 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008165 err_code = ERR_ABORT;
8166 }
8167 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008168}
8169
Grant Zhang872f9c22017-01-21 01:10:18 +00008170/* parse the "ssl-engine" keyword in global section.
8171 * Returns <0 on alert, >0 on warning, 0 on success.
8172 */
8173static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
8174 struct proxy *defpx, const char *file, int line,
8175 char **err)
8176{
8177 char *algo;
8178 int ret = -1;
8179
8180 if (*(args[1]) == 0) {
8181 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
8182 return ret;
8183 }
8184
8185 if (*(args[2]) == 0) {
8186 /* if no list of algorithms is given, it defaults to ALL */
8187 algo = strdup("ALL");
8188 goto add_engine;
8189 }
8190
8191 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
8192 if (strcmp(args[2], "algo") != 0) {
8193 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
8194 return ret;
8195 }
8196
8197 if (*(args[3]) == 0) {
8198 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
8199 return ret;
8200 }
8201 algo = strdup(args[3]);
8202
8203add_engine:
8204 if (ssl_init_single_engine(args[1], algo)==0) {
8205 openssl_engines_initialized++;
8206 ret = 0;
8207 }
8208 free(algo);
8209 return ret;
8210}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008211#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00008212
Willy Tarreauf22e9682016-12-21 23:23:19 +01008213/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
8214 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
8215 */
8216static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
8217 struct proxy *defpx, const char *file, int line,
8218 char **err)
8219{
8220 char **target;
8221
Willy Tarreauef934602016-12-22 23:12:01 +01008222 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01008223
8224 if (too_many_args(1, args, err, NULL))
8225 return -1;
8226
8227 if (*(args[1]) == 0) {
8228 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
8229 return -1;
8230 }
8231
8232 free(*target);
8233 *target = strdup(args[1]);
8234 return 0;
8235}
8236
Willy Tarreau9ceda382016-12-21 23:13:03 +01008237/* parse various global tune.ssl settings consisting in positive integers.
8238 * Returns <0 on alert, >0 on warning, 0 on success.
8239 */
8240static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
8241 struct proxy *defpx, const char *file, int line,
8242 char **err)
8243{
8244 int *target;
8245
8246 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
8247 target = &global.tune.sslcachesize;
8248 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01008249 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008250 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01008251 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01008252 else if (strcmp(args[0], "maxsslconn") == 0)
8253 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008254 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
8255 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008256 else {
8257 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
8258 return -1;
8259 }
8260
8261 if (too_many_args(1, args, err, NULL))
8262 return -1;
8263
8264 if (*(args[1]) == 0) {
8265 memprintf(err, "'%s' expects an integer argument.", args[0]);
8266 return -1;
8267 }
8268
8269 *target = atoi(args[1]);
8270 if (*target < 0) {
8271 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
8272 return -1;
8273 }
8274 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008275}
8276
8277static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
8278 struct proxy *defpx, const char *file, int line,
8279 char **err)
8280{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008281 int ret;
8282
8283 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
8284 if (ret != 0)
8285 return ret;
8286
Willy Tarreaubafbe012017-11-24 17:34:44 +01008287 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008288 memprintf(err, "'%s' is already configured.", args[0]);
8289 return -1;
8290 }
8291
Willy Tarreaubafbe012017-11-24 17:34:44 +01008292 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
8293 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008294 memprintf(err, "Out of memory error.");
8295 return -1;
8296 }
8297 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008298}
8299
8300/* parse "ssl.force-private-cache".
8301 * Returns <0 on alert, >0 on warning, 0 on success.
8302 */
8303static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
8304 struct proxy *defpx, const char *file, int line,
8305 char **err)
8306{
8307 if (too_many_args(0, args, err, NULL))
8308 return -1;
8309
Willy Tarreauef934602016-12-22 23:12:01 +01008310 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008311 return 0;
8312}
8313
8314/* parse "ssl.lifetime".
8315 * Returns <0 on alert, >0 on warning, 0 on success.
8316 */
8317static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
8318 struct proxy *defpx, const char *file, int line,
8319 char **err)
8320{
8321 const char *res;
8322
8323 if (too_many_args(1, args, err, NULL))
8324 return -1;
8325
8326 if (*(args[1]) == 0) {
8327 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
8328 return -1;
8329 }
8330
Willy Tarreauef934602016-12-22 23:12:01 +01008331 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9ceda382016-12-21 23:13:03 +01008332 if (res) {
8333 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
8334 return -1;
8335 }
8336 return 0;
8337}
8338
8339#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01008340/* parse "ssl-dh-param-file".
8341 * Returns <0 on alert, >0 on warning, 0 on success.
8342 */
8343static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
8344 struct proxy *defpx, const char *file, int line,
8345 char **err)
8346{
8347 if (too_many_args(1, args, err, NULL))
8348 return -1;
8349
8350 if (*(args[1]) == 0) {
8351 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
8352 return -1;
8353 }
8354
8355 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
8356 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
8357 return -1;
8358 }
8359 return 0;
8360}
8361
Willy Tarreau9ceda382016-12-21 23:13:03 +01008362/* parse "ssl.default-dh-param".
8363 * Returns <0 on alert, >0 on warning, 0 on success.
8364 */
8365static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
8366 struct proxy *defpx, const char *file, int line,
8367 char **err)
8368{
8369 if (too_many_args(1, args, err, NULL))
8370 return -1;
8371
8372 if (*(args[1]) == 0) {
8373 memprintf(err, "'%s' expects an integer argument.", args[0]);
8374 return -1;
8375 }
8376
Willy Tarreauef934602016-12-22 23:12:01 +01008377 global_ssl.default_dh_param = atoi(args[1]);
8378 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01008379 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
8380 return -1;
8381 }
8382 return 0;
8383}
8384#endif
8385
8386
William Lallemand32af2032016-10-29 18:09:35 +02008387/* This function is used with TLS ticket keys management. It permits to browse
8388 * each reference. The variable <getnext> must contain the current node,
8389 * <end> point to the root node.
8390 */
8391#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8392static inline
8393struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
8394{
8395 struct tls_keys_ref *ref = getnext;
8396
8397 while (1) {
8398
8399 /* Get next list entry. */
8400 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
8401
8402 /* If the entry is the last of the list, return NULL. */
8403 if (&ref->list == end)
8404 return NULL;
8405
8406 return ref;
8407 }
8408}
8409
8410static inline
8411struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
8412{
8413 int id;
8414 char *error;
8415
8416 /* If the reference starts by a '#', this is numeric id. */
8417 if (reference[0] == '#') {
8418 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
8419 id = strtol(reference + 1, &error, 10);
8420 if (*error != '\0')
8421 return NULL;
8422
8423 /* Perform the unique id lookup. */
8424 return tlskeys_ref_lookupid(id);
8425 }
8426
8427 /* Perform the string lookup. */
8428 return tlskeys_ref_lookup(reference);
8429}
8430#endif
8431
8432
8433#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8434
8435static int cli_io_handler_tlskeys_files(struct appctx *appctx);
8436
8437static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
8438 return cli_io_handler_tlskeys_files(appctx);
8439}
8440
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008441/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
8442 * (next index to be dumped), and cli.p0 (next key reference).
8443 */
William Lallemand32af2032016-10-29 18:09:35 +02008444static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
8445
8446 struct stream_interface *si = appctx->owner;
8447
8448 switch (appctx->st2) {
8449 case STAT_ST_INIT:
8450 /* Display the column headers. If the message cannot be sent,
8451 * quit the fucntion with returning 0. The function is called
8452 * later and restart at the state "STAT_ST_INIT".
8453 */
8454 chunk_reset(&trash);
8455
8456 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
8457 chunk_appendf(&trash, "# id secret\n");
8458 else
8459 chunk_appendf(&trash, "# id (file)\n");
8460
Willy Tarreau06d80a92017-10-19 14:32:15 +02008461 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008462 si_applet_cant_put(si);
8463 return 0;
8464 }
8465
William Lallemand32af2032016-10-29 18:09:35 +02008466 /* Now, we start the browsing of the references lists.
8467 * Note that the following call to LIST_ELEM return bad pointer. The only
8468 * available field of this pointer is <list>. It is used with the function
8469 * tlskeys_list_get_next() for retruning the first available entry
8470 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008471 if (appctx->ctx.cli.p0 == NULL) {
8472 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
8473 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02008474 }
8475
8476 appctx->st2 = STAT_ST_LIST;
8477 /* fall through */
8478
8479 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008480 while (appctx->ctx.cli.p0) {
8481 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +02008482
8483 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008484 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +02008485 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008486
8487 if (appctx->ctx.cli.i1 == 0)
8488 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
8489
William Lallemand32af2032016-10-29 18:09:35 +02008490 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +01008491 int head;
8492
8493 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
8494 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008495 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
Willy Tarreau83061a82018-07-13 11:56:34 +02008496 struct buffer *t2 = get_trash_chunk();
William Lallemand32af2032016-10-29 18:09:35 +02008497
8498 chunk_reset(t2);
8499 /* should never fail here because we dump only a key in the t2 buffer */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008500 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
8501 sizeof(struct tls_sess_key),
8502 t2->area, t2->size);
8503 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
8504 t2->area);
William Lallemand32af2032016-10-29 18:09:35 +02008505
Willy Tarreau06d80a92017-10-19 14:32:15 +02008506 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008507 /* let's try again later from this stream. We add ourselves into
8508 * this stream's users so that it can remove us upon termination.
8509 */
Christopher Faulet16f45c82018-02-16 11:23:49 +01008510 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
William Lallemand32af2032016-10-29 18:09:35 +02008511 si_applet_cant_put(si);
8512 return 0;
8513 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008514 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +02008515 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01008516 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008517 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +02008518 }
Willy Tarreau06d80a92017-10-19 14:32:15 +02008519 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008520 /* let's try again later from this stream. We add ourselves into
8521 * this stream's users so that it can remove us upon termination.
8522 */
8523 si_applet_cant_put(si);
8524 return 0;
8525 }
8526
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008527 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +02008528 break;
8529
8530 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008531 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02008532 }
8533
8534 appctx->st2 = STAT_ST_FIN;
8535 /* fall through */
8536
8537 default:
8538 appctx->st2 = STAT_ST_FIN;
8539 return 1;
8540 }
8541 return 0;
8542}
8543
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008544/* sets cli.i0 to non-zero if only file lists should be dumped */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02008545static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02008546{
William Lallemand32af2032016-10-29 18:09:35 +02008547 /* no parameter, shows only file list */
8548 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008549 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02008550 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01008551 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02008552 }
8553
8554 if (args[2][0] == '*') {
8555 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008556 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02008557 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008558 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
8559 if (!appctx->ctx.cli.p0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008560 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008561 appctx->ctx.cli.msg = "'show tls-keys' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008562 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008563 return 1;
8564 }
8565 }
William Lallemand32af2032016-10-29 18:09:35 +02008566 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01008567 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02008568}
8569
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02008570static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02008571{
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008572 struct tls_keys_ref *ref;
8573
William Lallemand32af2032016-10-29 18:09:35 +02008574 /* Expect two parameters: the filename and the new new TLS key in encoding */
8575 if (!*args[3] || !*args[4]) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008576 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008577 appctx->ctx.cli.msg = "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008578 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008579 return 1;
8580 }
8581
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008582 ref = tlskeys_ref_lookup_ref(args[3]);
8583 if (!ref) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008584 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008585 appctx->ctx.cli.msg = "'set ssl tls-key' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008586 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008587 return 1;
8588 }
8589
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008590 trash.data = base64dec(args[4], strlen(args[4]), trash.area,
8591 trash.size);
8592 if (trash.data != sizeof(struct tls_sess_key)) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008593 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008594 appctx->ctx.cli.msg = "'set ssl tls-key' received invalid base64 encoded TLS key.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008595 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008596 return 1;
8597 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01008598 ssl_sock_update_tlskey_ref(ref, &trash);
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008599 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01008600 appctx->ctx.cli.msg = "TLS ticket key updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008601 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008602 return 1;
8603
8604}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008605#endif
William Lallemand32af2032016-10-29 18:09:35 +02008606
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02008607static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02008608{
8609#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
8610 char *err = NULL;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02008611 int i, j;
8612
8613 if (!payload)
8614 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +02008615
8616 /* Expect one parameter: the new response in base64 encoding */
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02008617 if (!*payload) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008618 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008619 appctx->ctx.cli.msg = "'set ssl ocsp-response' expects response in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008620 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008621 return 1;
8622 }
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02008623
8624 /* remove \r and \n from the payload */
8625 for (i = 0, j = 0; payload[i]; i++) {
8626 if (payload[i] == '\r' || payload[i] == '\n')
8627 continue;
8628 payload[j++] = payload[i];
8629 }
8630 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +02008631
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008632 trash.data = base64dec(payload, j, trash.area, trash.size);
8633 if (trash.data < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008634 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008635 appctx->ctx.cli.msg = "'set ssl ocsp-response' received invalid base64 encoded response.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008636 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008637 return 1;
8638 }
8639
8640 if (ssl_sock_update_ocsp_response(&trash, &err)) {
8641 if (err) {
8642 memprintf(&err, "%s.\n", err);
8643 appctx->ctx.cli.err = err;
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008644 appctx->st0 = CLI_ST_PRINT_FREE;
William Lallemand32af2032016-10-29 18:09:35 +02008645 }
Aurélien Nephtali9a4da682018-04-16 19:02:42 +02008646 else {
8647 appctx->ctx.cli.severity = LOG_ERR;
8648 appctx->ctx.cli.msg = "Failed to update OCSP response.\n";
8649 appctx->st0 = CLI_ST_PRINT;
8650 }
William Lallemand32af2032016-10-29 18:09:35 +02008651 return 1;
8652 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008653 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01008654 appctx->ctx.cli.msg = "OCSP Response updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008655 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008656 return 1;
8657#else
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008658 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008659 appctx->ctx.cli.msg = "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008660 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008661 return 1;
8662#endif
8663
8664}
8665
8666/* register cli keywords */
8667static struct cli_kw_list cli_kws = {{ },{
8668#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8669 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +02008670 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02008671#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008672 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02008673 { { NULL }, NULL, NULL, NULL }
8674}};
8675
8676
Willy Tarreau7875d092012-09-10 08:20:03 +02008677/* Note: must not be declared <const> as its list will be overwritten.
8678 * Please take care of keeping this list alphabetically sorted.
8679 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02008680static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +02008681 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008682 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02008683 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brun74f7ffa2018-02-19 16:14:12 +01008684 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02008685 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +02008686 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008687 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04008688#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +02008689 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04008690#endif
Patrick Hemmere0275472018-04-28 19:15:51 -04008691#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
8692 { "ssl_bc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
8693#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008694 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
8695 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01008696 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008697 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02008698 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8699 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8700 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8701 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8702 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8703 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8704 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
8705 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008706 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008707 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
8708 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01008709 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02008710 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8711 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8712 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8713 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8714 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8715 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8716 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +02008717 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008718 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008719 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008720 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008721 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008722 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008723 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008724 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02008725 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Bernard Spil13c53f82018-02-15 13:34:58 +01008726#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008727 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +02008728#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008729#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008730 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +02008731#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008732 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04008733#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brunb73a9b02014-04-30 18:49:19 +02008734 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04008735#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008736 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04008737#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008738 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04008739#endif
Patrick Hemmere0275472018-04-28 19:15:51 -04008740#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
8741 { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
8742#endif
Patrick Hemmer41966772018-04-28 19:15:48 -04008743#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008744 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04008745#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008746 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8747 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
8748 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8749 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +02008750 { NULL, NULL, 0, 0, 0 },
8751}};
8752
8753/* Note: must not be declared <const> as its list will be overwritten.
8754 * Please take care of keeping this list alphabetically sorted.
8755 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02008756static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +01008757 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
8758 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +01008759 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +02008760}};
8761
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008762/* Note: must not be declared <const> as its list will be overwritten.
8763 * Please take care of keeping this list alphabetically sorted, doing so helps
8764 * all code contributors.
8765 * Optional keywords are also declared with a NULL ->parse() function so that
8766 * the config parser can report an appropriate error when a known keyword was
8767 * not enabled.
8768 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008769static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +02008770 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008771 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
8772 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
8773 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
8774 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008775 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008776 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008777 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008778 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008779 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
8780 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008781 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
8782 { NULL, NULL, 0 },
8783};
8784
Willy Tarreau51fb7652012-09-18 18:24:39 +02008785static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +02008786 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008787 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
8788 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
8789 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
8790 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
8791 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
8792 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
8793 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
8794 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
8795 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
8796 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
8797 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
8798 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
8799 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
8800 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
8801 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
8802 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008803 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008804 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008805 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008806 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
8807 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
8808 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
8809 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008810 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008811 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
8812 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008813 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
8814 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008815 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
8816 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
8817 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
8818 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
8819 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008820 { NULL, NULL, 0 },
8821}};
Emeric Brun46591952012-05-18 15:47:34 +02008822
Willy Tarreau92faadf2012-10-10 23:04:25 +02008823/* Note: must not be declared <const> as its list will be overwritten.
8824 * Please take care of keeping this list alphabetically sorted, doing so helps
8825 * all code contributors.
8826 * Optional keywords are also declared with a NULL ->parse() function so that
8827 * the config parser can report an appropriate error when a known keyword was
8828 * not enabled.
8829 */
8830static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +01008831 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008832 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard9130a962017-10-17 17:33:43 +02008833 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008834 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
8835 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
8836 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
8837 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
8838 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
8839 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
8840 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
8841 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
8842 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
8843 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
8844 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
8845 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
8846 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
8847 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
8848 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
8849 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
8850 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
8851 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
8852 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
8853 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
8854 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
8855 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
8856 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
8857 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
8858 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
8859 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
8860 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
8861 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
8862 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
8863 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +02008864 { NULL, NULL, 0, 0 },
8865}};
8866
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008867static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008868 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
8869 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +01008870 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008871 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
8872 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +01008873#ifndef OPENSSL_NO_DH
8874 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
8875#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008876 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008877#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00008878 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008879#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +01008880 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
8881#ifndef OPENSSL_NO_DH
8882 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
8883#endif
8884 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
8885 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
8886 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
8887 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008888 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +01008889 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
8890 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008891 { 0, NULL, NULL },
8892}};
8893
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02008894/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +01008895static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +02008896 .snd_buf = ssl_sock_from_buf,
8897 .rcv_buf = ssl_sock_to_buf,
Olivier Houchard6ff20392018-07-17 18:46:31 +02008898 .subscribe = conn_subscribe,
Emeric Brun46591952012-05-18 15:47:34 +02008899 .rcv_pipe = NULL,
8900 .snd_pipe = NULL,
8901 .shutr = NULL,
8902 .shutw = ssl_sock_shutw,
8903 .close = ssl_sock_close,
8904 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +01008905 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +01008906 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +01008907 .prepare_srv = ssl_sock_prepare_srv_ctx,
8908 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +01008909 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +01008910 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +02008911};
8912
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008913enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
8914 struct session *sess, struct stream *s, int flags)
8915{
8916 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +01008917 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008918
8919 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +01008920 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008921
Olivier Houchard6fa63d92017-11-27 18:41:32 +01008922 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008923 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +01008924 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008925 s->req.flags |= CF_READ_NULL;
8926 return ACT_RET_YIELD;
8927 }
8928 }
8929 return (ACT_RET_CONT);
8930}
8931
8932static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
8933{
8934 rule->action_ptr = ssl_action_wait_for_hs;
8935
8936 return ACT_RET_PRS_OK;
8937}
8938
8939static struct action_kw_list http_req_actions = {ILH, {
8940 { "wait-for-handshake", ssl_parse_wait_for_hs },
8941 { /* END */ }
8942}};
8943
Daniel Jakots54ffb912015-11-06 20:02:41 +01008944#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01008945
8946static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
8947{
8948 if (ptr) {
8949 chunk_destroy(ptr);
8950 free(ptr);
8951 }
8952}
8953
8954#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01008955static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
8956{
Willy Tarreaubafbe012017-11-24 17:34:44 +01008957 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01008958}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01008959
Emeric Brun46591952012-05-18 15:47:34 +02008960__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +02008961static void __ssl_sock_init(void)
8962{
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008963 char *ptr;
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +02008964 int i;
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008965
Emeric Brun46591952012-05-18 15:47:34 +02008966 STACK_OF(SSL_COMP)* cm;
8967
Willy Tarreauef934602016-12-22 23:12:01 +01008968 if (global_ssl.listen_default_ciphers)
8969 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
8970 if (global_ssl.connect_default_ciphers)
8971 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Willy Tarreau610f04b2014-02-13 11:36:41 +01008972
Willy Tarreau13e14102016-12-22 20:25:26 +01008973 xprt_register(XPRT_SSL, &ssl_sock);
Emeric Brun46591952012-05-18 15:47:34 +02008974 SSL_library_init();
8975 cm = SSL_COMP_get_compression_methods();
8976 sk_SSL_COMP_zero(cm);
Emeric Brun821bb9b2017-06-15 16:37:39 +02008977#ifdef USE_THREAD
8978 ssl_locking_init();
8979#endif
Daniel Jakots54ffb912015-11-06 20:02:41 +01008980#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01008981 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
8982#endif
Thierry FOURNIER28962c92018-06-17 21:37:05 +02008983 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +02008984 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01008985 ssl_pkey_info_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Willy Tarreau7875d092012-09-10 08:20:03 +02008986 sample_register_fetches(&sample_fetch_keywords);
8987 acl_register_keywords(&acl_kws);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008988 bind_register_keywords(&bind_kws);
Willy Tarreau92faadf2012-10-10 23:04:25 +02008989 srv_register_keywords(&srv_kws);
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008990 cfg_register_keywords(&cfg_kws);
William Lallemand32af2032016-10-29 18:09:35 +02008991 cli_register_kw(&cli_kws);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008992#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00008993 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008994 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008995#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +01008996#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8997 hap_register_post_check(tlskeys_finalize_config);
8998#endif
Willy Tarreaud92aa5c2015-01-15 21:34:39 +01008999
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009000 ptr = NULL;
9001 memprintf(&ptr, "Built with OpenSSL version : "
9002#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01009003 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009004#else /* OPENSSL_IS_BORINGSSL */
9005 OPENSSL_VERSION_TEXT
9006 "\nRunning on OpenSSL version : %s%s",
9007 SSLeay_version(SSLEAY_VERSION),
9008 ((OPENSSL_VERSION_NUMBER ^ SSLeay()) >> 8) ? " (VERSIONS DIFFER!)" : "");
9009#endif
9010 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
9011#if OPENSSL_VERSION_NUMBER < 0x00907000L
9012 "no (library version too old)"
9013#elif defined(OPENSSL_NO_TLSEXT)
9014 "no (disabled via OPENSSL_NO_TLSEXT)"
9015#else
9016 "yes"
9017#endif
9018 "", ptr);
9019
9020 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
9021#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
9022 "yes"
9023#else
9024#ifdef OPENSSL_NO_TLSEXT
9025 "no (because of OPENSSL_NO_TLSEXT)"
9026#else
9027 "no (version might be too old, 0.9.8f min needed)"
9028#endif
9029#endif
9030 "", ptr);
9031
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +02009032 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
9033 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
9034 if (methodVersions[i].option)
9035 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01009036
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009037 hap_register_build_opts(ptr, 1);
9038
Willy Tarreaud92aa5c2015-01-15 21:34:39 +01009039 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
9040 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
Remi Gacogne4f902b82015-05-28 16:23:00 +02009041
9042#ifndef OPENSSL_NO_DH
9043 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Grant Zhang872f9c22017-01-21 01:10:18 +00009044 hap_register_post_deinit(ssl_free_dh);
Remi Gacogne4f902b82015-05-28 16:23:00 +02009045#endif
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009046#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009047 hap_register_post_deinit(ssl_free_engines);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009048#endif
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02009049 /* Load SSL string for the verbose & debug mode. */
9050 ERR_load_SSL_strings();
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009051
9052 http_req_keywords_register(&http_req_actions);
Emeric Brun46591952012-05-18 15:47:34 +02009053}
9054
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009055#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009056void ssl_free_engines(void) {
9057 struct ssl_engine_list *wl, *wlb;
9058 /* free up engine list */
9059 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
9060 ENGINE_finish(wl->e);
9061 ENGINE_free(wl->e);
9062 LIST_DEL(&wl->list);
9063 free(wl);
9064 }
9065}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009066#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +02009067
Remi Gacogned3a23c32015-05-28 16:39:47 +02009068#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +00009069void ssl_free_dh(void) {
9070 if (local_dh_1024) {
9071 DH_free(local_dh_1024);
9072 local_dh_1024 = NULL;
9073 }
9074 if (local_dh_2048) {
9075 DH_free(local_dh_2048);
9076 local_dh_2048 = NULL;
9077 }
9078 if (local_dh_4096) {
9079 DH_free(local_dh_4096);
9080 local_dh_4096 = NULL;
9081 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02009082 if (global_dh) {
9083 DH_free(global_dh);
9084 global_dh = NULL;
9085 }
Grant Zhang872f9c22017-01-21 01:10:18 +00009086}
9087#endif
9088
9089__attribute__((destructor))
9090static void __ssl_sock_deinit(void)
9091{
9092#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02009093 if (ssl_ctx_lru_tree) {
9094 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01009095 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +02009096 }
Remi Gacogned3a23c32015-05-28 16:39:47 +02009097#endif
9098
9099 ERR_remove_state(0);
9100 ERR_free_strings();
9101
9102 EVP_cleanup();
9103
9104#if OPENSSL_VERSION_NUMBER >= 0x00907000L
9105 CRYPTO_cleanup_all_ex_data();
9106#endif
9107}
9108
9109
Emeric Brun46591952012-05-18 15:47:34 +02009110/*
9111 * Local variables:
9112 * c-indent-level: 8
9113 * c-basic-offset: 8
9114 * End:
9115 */