blob: 124b2c602aacf7d21ff9999d0be23b1c3e87418c [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
Willy Tarreau8d164dc2019-05-10 09:35:00 +020026/* Note: do NOT include openssl/xxx.h here, do it in openssl-compat.h */
Emeric Brun46591952012-05-18 15:47:34 +020027#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020028#include <ctype.h>
29#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020030#include <errno.h>
31#include <fcntl.h>
32#include <stdio.h>
33#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020034#include <string.h>
35#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020036
37#include <sys/socket.h>
38#include <sys/stat.h>
39#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020040#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020041#include <netinet/tcp.h>
42
Christopher Faulet31af49d2015-06-09 17:29:50 +020043#include <import/lru.h>
44#include <import/xxhash.h>
45
Emeric Brun46591952012-05-18 15:47:34 +020046#include <common/buffer.h>
Willy Tarreau843b7cb2018-07-13 10:54:26 +020047#include <common/chunk.h>
Emeric Brun46591952012-05-18 15:47:34 +020048#include <common/compat.h>
49#include <common/config.h>
50#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020051#include <common/errors.h>
Willy Tarreau0108d902018-11-25 19:14:37 +010052#include <common/initcall.h>
Willy Tarreau55994562019-05-09 14:52:44 +020053#include <common/openssl-compat.h>
Emeric Brun46591952012-05-18 15:47:34 +020054#include <common/standard.h>
55#include <common/ticks.h>
56#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010057#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010058#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020059
Emeric Brunfc0421f2012-09-07 17:30:07 +020060#include <ebsttree.h>
61
William Lallemand32af2032016-10-29 18:09:35 +020062#include <types/applet.h>
63#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020064#include <types/global.h>
65#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +020066#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020067
Willy Tarreau7875d092012-09-10 08:20:03 +020068#include <proto/acl.h>
69#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +020070#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +020071#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +020072#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +020073#include <proto/fd.h>
74#include <proto/freq_ctr.h>
75#include <proto/frontend.h>
Willy Tarreau61c112a2018-10-02 16:43:32 +020076#include <proto/http_rules.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020077#include <proto/listener.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010078#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020079#include <proto/proto_tcp.h>
Christopher Fauletfc9cfe42019-07-16 14:54:53 +020080#include <proto/http_ana.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +020081#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +020082#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +020083#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +020084#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020085#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +020086#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +020087#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +020088#include <proto/task.h>
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010089#include <proto/vars.h>
Emeric Brun46591952012-05-18 15:47:34 +020090
Willy Tarreau9356dac2019-05-10 09:22:53 +020091/* ***** READ THIS before adding code here! *****
92 *
93 * Due to API incompatibilities between multiple OpenSSL versions and their
94 * derivatives, it's often tempting to add macros to (re-)define certain
95 * symbols. Please do not do this here, and do it in common/openssl-compat.h
96 * exclusively so that the whole code consistently uses the same macros.
97 *
98 * Whenever possible if a macro is missing in certain versions, it's better
99 * to conditionally define it in openssl-compat.h than using lots of ifdefs.
100 */
101
Willy Tarreau518cedd2014-02-17 15:43:01 +0100102/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200103#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100104#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100105#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200106#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
107
Emeric Brunf282a812012-09-21 15:27:54 +0200108/* bits 0xFFFF0000 are reserved to store verify errors */
109
110/* Verify errors macros */
111#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
112#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
113#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
114
115#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
116#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
117#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200118
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200119/* ssl_methods flags for ssl options */
120#define MC_SSL_O_ALL 0x0000
121#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
122#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
123#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
124#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200125#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200126
127/* ssl_methods versions */
128enum {
129 CONF_TLSV_NONE = 0,
130 CONF_TLSV_MIN = 1,
131 CONF_SSLV3 = 1,
132 CONF_TLSV10 = 2,
133 CONF_TLSV11 = 3,
134 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200135 CONF_TLSV13 = 5,
136 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200137};
138
Emeric Brun850efd52014-01-29 12:24:34 +0100139/* server and bind verify method, it uses a global value as default */
140enum {
141 SSL_SOCK_VERIFY_DEFAULT = 0,
142 SSL_SOCK_VERIFY_REQUIRED = 1,
143 SSL_SOCK_VERIFY_OPTIONAL = 2,
144 SSL_SOCK_VERIFY_NONE = 3,
145};
146
William Lallemand3f85c9a2017-10-09 16:30:50 +0200147
Willy Tarreau71b734c2014-01-28 15:19:44 +0100148int sslconns = 0;
149int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100150static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100151int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200152
Willy Tarreauef934602016-12-22 23:12:01 +0100153static struct {
154 char *crt_base; /* base directory path for certificates */
155 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000156 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100157
158 char *listen_default_ciphers;
159 char *connect_default_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200160#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200161 char *listen_default_ciphersuites;
162 char *connect_default_ciphersuites;
163#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100164 int listen_default_ssloptions;
165 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200166 struct tls_version_filter listen_default_sslmethods;
167 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100168
169 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
170 unsigned int life_time; /* SSL session lifetime in seconds */
171 unsigned int max_record; /* SSL max record size */
172 unsigned int default_dh_param; /* SSL maximum DH parameter size */
173 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100174 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100175} global_ssl = {
176#ifdef LISTEN_DEFAULT_CIPHERS
177 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
178#endif
179#ifdef CONNECT_DEFAULT_CIPHERS
180 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
181#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200182#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200183#ifdef LISTEN_DEFAULT_CIPHERSUITES
184 .listen_default_ciphersuites = LISTEN_DEFAULT_CIPHERSUITES,
185#endif
186#ifdef CONNECT_DEFAULT_CIPHERSUITES
187 .connect_default_ciphersuites = CONNECT_DEFAULT_CIPHERSUITES,
188#endif
189#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100190 .listen_default_ssloptions = BC_SSL_O_NONE,
191 .connect_default_ssloptions = SRV_SSL_O_NONE,
192
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200193 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
194 .listen_default_sslmethods.min = CONF_TLSV_NONE,
195 .listen_default_sslmethods.max = CONF_TLSV_NONE,
196 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
197 .connect_default_sslmethods.min = CONF_TLSV_NONE,
198 .connect_default_sslmethods.max = CONF_TLSV_NONE,
199
Willy Tarreauef934602016-12-22 23:12:01 +0100200#ifdef DEFAULT_SSL_MAX_RECORD
201 .max_record = DEFAULT_SSL_MAX_RECORD,
202#endif
203 .default_dh_param = SSL_DEFAULT_DH_PARAM,
204 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100205 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100206};
207
Olivier Houcharda8955d52019-04-07 22:00:38 +0200208static BIO_METHOD *ha_meth;
209
Olivier Houchard66ab4982019-02-26 18:37:15 +0100210struct ssl_sock_ctx {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200211 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100212 SSL *ssl;
Olivier Houcharda8955d52019-04-07 22:00:38 +0200213 BIO *bio;
Olivier Houchard5149b592019-05-23 17:47:36 +0200214 const struct xprt_ops *xprt;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100215 void *xprt_ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +0200216 struct wait_event wait_event;
217 struct wait_event *recv_wait;
218 struct wait_event *send_wait;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +0100219 int xprt_st; /* transport layer state, initialized to zero */
Olivier Houchard54907bb2019-12-19 15:02:39 +0100220 struct buffer early_buf; /* buffer to store the early data received */
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +0100221 int sent_early_data; /* Amount of early data we sent so far */
222
Olivier Houchard66ab4982019-02-26 18:37:15 +0100223};
224
225DECLARE_STATIC_POOL(ssl_sock_ctx_pool, "ssl_sock_ctx_pool", sizeof(struct ssl_sock_ctx));
226
Olivier Houchardea8dd942019-05-20 14:02:16 +0200227static struct task *ssl_sock_io_cb(struct task *, void *, unsigned short);
Olivier Houchard000694c2019-05-23 14:45:12 +0200228static int ssl_sock_handshake(struct connection *conn, unsigned int flag);
Olivier Houchardea8dd942019-05-20 14:02:16 +0200229
Olivier Houcharda8955d52019-04-07 22:00:38 +0200230/* Methods to implement OpenSSL BIO */
231static int ha_ssl_write(BIO *h, const char *buf, int num)
232{
233 struct buffer tmpbuf;
234 struct ssl_sock_ctx *ctx;
235 int ret;
236
237 ctx = BIO_get_data(h);
238 tmpbuf.size = num;
239 tmpbuf.area = (void *)(uintptr_t)buf;
240 tmpbuf.data = num;
241 tmpbuf.head = 0;
242 ret = ctx->xprt->snd_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, num, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200243 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_WR_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200244 BIO_set_retry_write(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200245 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200246 } else if (ret == 0)
247 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200248 return ret;
249}
250
251static int ha_ssl_gets(BIO *h, char *buf, int size)
252{
253
254 return 0;
255}
256
257static int ha_ssl_puts(BIO *h, const char *str)
258{
259
260 return ha_ssl_write(h, str, strlen(str));
261}
262
263static int ha_ssl_read(BIO *h, char *buf, int size)
264{
265 struct buffer tmpbuf;
266 struct ssl_sock_ctx *ctx;
267 int ret;
268
269 ctx = BIO_get_data(h);
270 tmpbuf.size = size;
271 tmpbuf.area = buf;
272 tmpbuf.data = 0;
273 tmpbuf.head = 0;
274 ret = ctx->xprt->rcv_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, size, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200275 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_RD_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200276 BIO_set_retry_read(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200277 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200278 } else if (ret == 0)
279 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200280
281 return ret;
282}
283
284static long ha_ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2)
285{
286 int ret = 0;
287 switch (cmd) {
288 case BIO_CTRL_DUP:
289 case BIO_CTRL_FLUSH:
290 ret = 1;
291 break;
292 }
293 return ret;
294}
295
296static int ha_ssl_new(BIO *h)
297{
298 BIO_set_init(h, 1);
299 BIO_set_data(h, NULL);
300 BIO_clear_flags(h, ~0);
301 return 1;
302}
303
304static int ha_ssl_free(BIO *data)
305{
306
307 return 1;
308}
309
310
Willy Tarreau5db847a2019-05-09 14:13:35 +0200311#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100312
Emeric Brun821bb9b2017-06-15 16:37:39 +0200313static HA_RWLOCK_T *ssl_rwlocks;
314
315
316unsigned long ssl_id_function(void)
317{
318 return (unsigned long)tid;
319}
320
321void ssl_locking_function(int mode, int n, const char * file, int line)
322{
323 if (mode & CRYPTO_LOCK) {
324 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100325 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200326 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100327 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200328 }
329 else {
330 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100331 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200332 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100333 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200334 }
335}
336
337static int ssl_locking_init(void)
338{
339 int i;
340
341 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
342 if (!ssl_rwlocks)
343 return -1;
344
345 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100346 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200347
348 CRYPTO_set_id_callback(ssl_id_function);
349 CRYPTO_set_locking_callback(ssl_locking_function);
350
351 return 0;
352}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100353
Emeric Brun821bb9b2017-06-15 16:37:39 +0200354#endif
355
William Lallemand150bfa82019-09-19 17:12:49 +0200356__decl_hathreads(HA_SPINLOCK_T ckch_lock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200357
William Lallemandbc6ca7c2019-10-29 23:48:19 +0100358/* Uncommitted CKCH transaction */
359
360static struct {
361 struct ckch_store *new_ckchs;
362 struct ckch_store *old_ckchs;
363 char *path;
364} ckchs_transaction;
365
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +0200366/*
Emmanuel Hocdetb270e812019-11-21 19:09:31 +0100367 * deduplicate cafile (and crlfile)
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +0200368 */
369struct cafile_entry {
370 X509_STORE *ca_store;
Emmanuel Hocdet129d3282019-10-24 18:08:51 +0200371 STACK_OF(X509_NAME) *ca_list;
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +0200372 struct ebmb_node node;
373 char path[0];
374};
375
376static struct eb_root cafile_tree = EB_ROOT_UNIQUE;
377
378static X509_STORE* ssl_store_get0_locations_file(char *path)
379{
380 struct ebmb_node *eb;
381
382 eb = ebst_lookup(&cafile_tree, path);
383 if (eb) {
384 struct cafile_entry *ca_e;
385 ca_e = ebmb_entry(eb, struct cafile_entry, node);
386 return ca_e->ca_store;
387 }
388 return NULL;
389}
390
391static int ssl_store_load_locations_file(char *path)
392{
393 if (ssl_store_get0_locations_file(path) == NULL) {
394 struct cafile_entry *ca_e;
395 X509_STORE *store = X509_STORE_new();
396 if (X509_STORE_load_locations(store, path, NULL)) {
397 int pathlen;
398 pathlen = strlen(path);
399 ca_e = calloc(1, sizeof(*ca_e) + pathlen + 1);
400 if (ca_e) {
401 memcpy(ca_e->path, path, pathlen + 1);
402 ca_e->ca_store = store;
403 ebst_insert(&cafile_tree, &ca_e->node);
404 return 1;
405 }
406 }
407 X509_STORE_free(store);
408 return 0;
409 }
410 return 1;
411}
412
413/* mimic what X509_STORE_load_locations do with store_ctx */
414static int ssl_set_cert_crl_file(X509_STORE *store_ctx, char *path)
415{
416 X509_STORE *store;
417 store = ssl_store_get0_locations_file(path);
418 if (store_ctx && store) {
419 int i;
420 X509_OBJECT *obj;
421 STACK_OF(X509_OBJECT) *objs = X509_STORE_get0_objects(store);
422 for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
423 obj = sk_X509_OBJECT_value(objs, i);
424 switch (X509_OBJECT_get_type(obj)) {
425 case X509_LU_X509:
426 X509_STORE_add_cert(store_ctx, X509_OBJECT_get0_X509(obj));
427 break;
428 case X509_LU_CRL:
429 X509_STORE_add_crl(store_ctx, X509_OBJECT_get0_X509_CRL(obj));
430 break;
431 default:
432 break;
433 }
434 }
435 return 1;
436 }
437 return 0;
438}
439
440/* SSL_CTX_load_verify_locations substitute, internaly call X509_STORE_load_locations */
441static int ssl_set_verify_locations_file(SSL_CTX *ctx, char *path)
442{
443 X509_STORE *store_ctx = SSL_CTX_get_cert_store(ctx);
444 return ssl_set_cert_crl_file(store_ctx, path);
445}
446
Emmanuel Hocdet129d3282019-10-24 18:08:51 +0200447/*
448 Extract CA_list from CA_file already in tree.
449 Duplicate ca_name is tracking with ebtree. It's simplify openssl compatibility.
450 Return a shared ca_list: SSL_dup_CA_list must be used before set it on SSL_CTX.
451*/
452static STACK_OF(X509_NAME)* ssl_get_client_ca_file(char *path)
453{
454 struct ebmb_node *eb;
455 struct cafile_entry *ca_e;
456
457 eb = ebst_lookup(&cafile_tree, path);
458 if (!eb)
459 return NULL;
460 ca_e = ebmb_entry(eb, struct cafile_entry, node);
461
462 if (ca_e->ca_list == NULL) {
463 int i;
464 unsigned long key;
465 struct eb_root ca_name_tree = EB_ROOT;
466 struct eb64_node *node, *back;
467 struct {
468 struct eb64_node node;
469 X509_NAME *xname;
470 } *ca_name;
471 STACK_OF(X509_OBJECT) *objs;
472 STACK_OF(X509_NAME) *skn;
473 X509 *x;
474 X509_NAME *xn;
475
476 skn = sk_X509_NAME_new_null();
477 /* take x509 from cafile_tree */
478 objs = X509_STORE_get0_objects(ca_e->ca_store);
479 for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
480 x = X509_OBJECT_get0_X509(sk_X509_OBJECT_value(objs, i));
481 if (!x)
482 continue;
483 xn = X509_get_subject_name(x);
484 if (!xn)
485 continue;
486 /* Check for duplicates. */
487 key = X509_NAME_hash(xn);
488 for (node = eb64_lookup(&ca_name_tree, key), ca_name = NULL;
489 node && ca_name == NULL;
490 node = eb64_next(node)) {
491 ca_name = container_of(node, typeof(*ca_name), node);
492 if (X509_NAME_cmp(xn, ca_name->xname) != 0)
493 ca_name = NULL;
494 }
495 /* find a duplicate */
496 if (ca_name)
497 continue;
498 ca_name = calloc(1, sizeof *ca_name);
499 xn = X509_NAME_dup(xn);
500 if (!ca_name ||
501 !xn ||
502 !sk_X509_NAME_push(skn, xn)) {
503 free(ca_name);
504 X509_NAME_free(xn);
505 sk_X509_NAME_pop_free(skn, X509_NAME_free);
506 sk_X509_NAME_free(skn);
507 skn = NULL;
508 break;
509 }
510 ca_name->node.key = key;
511 ca_name->xname = xn;
512 eb64_insert(&ca_name_tree, &ca_name->node);
513 }
514 ca_e->ca_list = skn;
515 /* remove temporary ca_name tree */
516 node = eb64_first(&ca_name_tree);
517 while (node) {
518 ca_name = container_of(node, typeof(*ca_name), node);
519 back = eb64_next(node);
520 eb64_delete(node);
521 free(ca_name);
522 node = back;
523 }
524 }
525 return ca_e->ca_list;
526}
527
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100528/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100529struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100530 unsigned long long int xxh64;
531 unsigned char ciphersuite_len;
532 char ciphersuite[0];
533};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100534struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100535static int ssl_capture_ptr_index = -1;
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200536static int ssl_app_data_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100537
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200538#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
539struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
540#endif
541
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200542#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000543static unsigned int openssl_engines_initialized;
544struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
545struct ssl_engine_list {
546 struct list list;
547 ENGINE *e;
548};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200549#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000550
Remi Gacogne8de54152014-07-15 11:36:40 +0200551#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200552static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200553static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200554static DH *local_dh_1024 = NULL;
555static DH *local_dh_2048 = NULL;
556static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100557static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200558#endif /* OPENSSL_NO_DH */
559
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100560#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200561/* X509V3 Extensions that will be added on generated certificates */
562#define X509V3_EXT_SIZE 5
563static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
564 "basicConstraints",
565 "nsComment",
566 "subjectKeyIdentifier",
567 "authorityKeyIdentifier",
568 "keyUsage",
569};
570static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
571 "CA:FALSE",
572 "\"OpenSSL Generated Certificate\"",
573 "hash",
574 "keyid,issuer:always",
575 "nonRepudiation,digitalSignature,keyEncipherment"
576};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200577/* LRU cache to store generated certificate */
578static struct lru64_head *ssl_ctx_lru_tree = NULL;
579static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200580static unsigned int ssl_ctx_serial;
Willy Tarreau86abe442018-11-25 20:12:18 +0100581__decl_rwlock(ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200582
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200583#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
584
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100585static struct ssl_bind_kw ssl_bind_kws[];
586
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200587#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhube2774d2015-12-10 15:07:30 -0500588/* The order here matters for picking a default context,
589 * keep the most common keytype at the bottom of the list
590 */
591const char *SSL_SOCK_KEYTYPE_NAMES[] = {
592 "dsa",
593 "ecdsa",
594 "rsa"
595};
596#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100597#else
598#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500599#endif
600
William Lallemandc3cd35f2017-11-28 11:04:43 +0100601static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100602static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
603
604#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
605
606#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
607 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
608
609#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
610 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200611
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100612/*
613 * This function gives the detail of the SSL error. It is used only
614 * if the debug mode and the verbose mode are activated. It dump all
615 * the SSL error until the stack was empty.
616 */
617static forceinline void ssl_sock_dump_errors(struct connection *conn)
618{
619 unsigned long ret;
620
621 if (unlikely(global.mode & MODE_DEBUG)) {
622 while(1) {
623 ret = ERR_get_error();
624 if (ret == 0)
625 return;
626 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200627 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100628 ERR_func_error_string(ret), ERR_reason_error_string(ret));
629 }
630 }
631}
632
yanbzhube2774d2015-12-10 15:07:30 -0500633
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200634#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000635static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
636{
637 int err_code = ERR_ABORT;
638 ENGINE *engine;
639 struct ssl_engine_list *el;
640
641 /* grab the structural reference to the engine */
642 engine = ENGINE_by_id(engine_id);
643 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100644 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000645 goto fail_get;
646 }
647
648 if (!ENGINE_init(engine)) {
649 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100650 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000651 goto fail_init;
652 }
653
654 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100655 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000656 goto fail_set_method;
657 }
658
659 el = calloc(1, sizeof(*el));
660 el->e = engine;
661 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100662 nb_engines++;
663 if (global_ssl.async)
664 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000665 return 0;
666
667fail_set_method:
668 /* release the functional reference from ENGINE_init() */
669 ENGINE_finish(engine);
670
671fail_init:
672 /* release the structural reference from ENGINE_by_id() */
673 ENGINE_free(engine);
674
675fail_get:
676 return err_code;
677}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200678#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000679
Willy Tarreau5db847a2019-05-09 14:13:35 +0200680#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200681/*
682 * openssl async fd handler
683 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200684void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000685{
Olivier Houchardea8dd942019-05-20 14:02:16 +0200686 struct ssl_sock_ctx *ctx = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000687
Emeric Brun3854e012017-05-17 20:42:48 +0200688 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000689 * to poll this fd until it is requested
690 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000691 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000692 fd_cant_recv(fd);
693
694 /* crypto engine is available, let's notify the associated
695 * connection that it can pursue its processing.
696 */
Olivier Houchard03abf2d2019-05-28 10:12:02 +0200697 ssl_sock_io_cb(NULL, ctx, 0);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000698}
699
Emeric Brun3854e012017-05-17 20:42:48 +0200700/*
701 * openssl async delayed SSL_free handler
702 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200703void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000704{
705 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200706 OSSL_ASYNC_FD all_fd[32];
707 size_t num_all_fds = 0;
708 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000709
Emeric Brun3854e012017-05-17 20:42:48 +0200710 /* We suppose that the async job for a same SSL *
711 * are serialized. So if we are awake it is
712 * because the running job has just finished
713 * and we can remove all async fds safely
714 */
715 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
716 if (num_all_fds > 32) {
717 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
718 return;
719 }
720
721 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
722 for (i=0 ; i < num_all_fds ; i++)
723 fd_remove(all_fd[i]);
724
725 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000726 SSL_free(ssl);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +0100727 _HA_ATOMIC_SUB(&sslconns, 1);
728 _HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000729}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000730/*
Emeric Brun3854e012017-05-17 20:42:48 +0200731 * function used to manage a returned SSL_ERROR_WANT_ASYNC
732 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000733 */
Olivier Houchardea8dd942019-05-20 14:02:16 +0200734static inline void ssl_async_process_fds(struct ssl_sock_ctx *ctx)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000735{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100736 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200737 OSSL_ASYNC_FD del_fd[32];
Olivier Houchardea8dd942019-05-20 14:02:16 +0200738 SSL *ssl = ctx->ssl;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000739 size_t num_add_fds = 0;
740 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200741 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000742
743 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
744 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200745 if (num_add_fds > 32 || num_del_fds > 32) {
746 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000747 return;
748 }
749
Emeric Brun3854e012017-05-17 20:42:48 +0200750 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000751
Emeric Brun3854e012017-05-17 20:42:48 +0200752 /* We remove unused fds from the fdtab */
753 for (i=0 ; i < num_del_fds ; i++)
754 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000755
Emeric Brun3854e012017-05-17 20:42:48 +0200756 /* We add new fds to the fdtab */
757 for (i=0 ; i < num_add_fds ; i++) {
Olivier Houchardea8dd942019-05-20 14:02:16 +0200758 fd_insert(add_fd[i], ctx, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000759 }
760
Emeric Brun3854e012017-05-17 20:42:48 +0200761 num_add_fds = 0;
762 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
763 if (num_add_fds > 32) {
764 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
765 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000766 }
Emeric Brun3854e012017-05-17 20:42:48 +0200767
768 /* We activate the polling for all known async fds */
769 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000770 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200771 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000772 /* To ensure that the fd cache won't be used
773 * We'll prefer to catch a real RD event
774 * because handling an EAGAIN on this fd will
775 * result in a context switch and also
776 * some engines uses a fd in blocking mode.
777 */
778 fd_cant_recv(add_fd[i]);
779 }
Emeric Brun3854e012017-05-17 20:42:48 +0200780
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000781}
782#endif
783
William Lallemand104a7a62019-10-14 14:14:59 +0200784#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200785/*
786 * This function returns the number of seconds elapsed
787 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
788 * date presented un ASN1_GENERALIZEDTIME.
789 *
790 * In parsing error case, it returns -1.
791 */
792static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
793{
794 long epoch;
795 char *p, *end;
796 const unsigned short month_offset[12] = {
797 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
798 };
799 int year, month;
800
801 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
802
803 p = (char *)d->data;
804 end = p + d->length;
805
806 if (end - p < 4) return -1;
807 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
808 p += 4;
809 if (end - p < 2) return -1;
810 month = 10 * (p[0] - '0') + p[1] - '0';
811 if (month < 1 || month > 12) return -1;
812 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
813 We consider leap years and the current month (<marsh or not) */
814 epoch = ( ((year - 1970) * 365)
815 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
816 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
817 + month_offset[month-1]
818 ) * 24 * 60 * 60;
819 p += 2;
820 if (end - p < 2) return -1;
821 /* Add the number of seconds of completed days of current month */
822 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
823 p += 2;
824 if (end - p < 2) return -1;
825 /* Add the completed hours of the current day */
826 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
827 p += 2;
828 if (end - p < 2) return -1;
829 /* Add the completed minutes of the current hour */
830 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
831 p += 2;
832 if (p == end) return -1;
833 /* Test if there is available seconds */
834 if (p[0] < '0' || p[0] > '9')
835 goto nosec;
836 if (end - p < 2) return -1;
837 /* Add the seconds of the current minute */
838 epoch += 10 * (p[0] - '0') + p[1] - '0';
839 p += 2;
840 if (p == end) return -1;
841 /* Ignore seconds float part if present */
842 if (p[0] == '.') {
843 do {
844 if (++p == end) return -1;
845 } while (p[0] >= '0' && p[0] <= '9');
846 }
847
848nosec:
849 if (p[0] == 'Z') {
850 if (end - p != 1) return -1;
851 return epoch;
852 }
853 else if (p[0] == '+') {
854 if (end - p != 5) return -1;
855 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700856 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200857 }
858 else if (p[0] == '-') {
859 if (end - p != 5) return -1;
860 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700861 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200862 }
863
864 return -1;
865}
866
William Lallemand104a7a62019-10-14 14:14:59 +0200867/*
868 * struct alignment works here such that the key.key is the same as key_data
869 * Do not change the placement of key_data
870 */
871struct certificate_ocsp {
872 struct ebmb_node key;
873 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
874 struct buffer response;
875 long expire;
876};
877
878struct ocsp_cbk_arg {
879 int is_single;
880 int single_kt;
881 union {
882 struct certificate_ocsp *s_ocsp;
883 /*
884 * m_ocsp will have multiple entries dependent on key type
885 * Entry 0 - DSA
886 * Entry 1 - ECDSA
887 * Entry 2 - RSA
888 */
889 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
890 };
891};
892
Emeric Brun1d3865b2014-06-20 15:37:32 +0200893static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200894
895/* This function starts to check if the OCSP response (in DER format) contained
896 * in chunk 'ocsp_response' is valid (else exits on error).
897 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
898 * contained in the OCSP Response and exits on error if no match.
899 * If it's a valid OCSP Response:
900 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
901 * pointed by 'ocsp'.
902 * If 'ocsp' is NULL, the function looks up into the OCSP response's
903 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
904 * from the response) and exits on error if not found. Finally, If an OCSP response is
905 * already present in the container, it will be overwritten.
906 *
907 * Note: OCSP response containing more than one OCSP Single response is not
908 * considered valid.
909 *
910 * Returns 0 on success, 1 in error case.
911 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200912static int ssl_sock_load_ocsp_response(struct buffer *ocsp_response,
913 struct certificate_ocsp *ocsp,
914 OCSP_CERTID *cid, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200915{
916 OCSP_RESPONSE *resp;
917 OCSP_BASICRESP *bs = NULL;
918 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200919 OCSP_CERTID *id;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200920 unsigned char *p = (unsigned char *) ocsp_response->area;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200921 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200922 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200923 int reason;
924 int ret = 1;
925
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200926 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p,
927 ocsp_response->data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200928 if (!resp) {
929 memprintf(err, "Unable to parse OCSP response");
930 goto out;
931 }
932
933 rc = OCSP_response_status(resp);
934 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
935 memprintf(err, "OCSP response status not successful");
936 goto out;
937 }
938
939 bs = OCSP_response_get1_basic(resp);
940 if (!bs) {
941 memprintf(err, "Failed to get basic response from OCSP Response");
942 goto out;
943 }
944
945 count_sr = OCSP_resp_count(bs);
946 if (count_sr > 1) {
947 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
948 goto out;
949 }
950
951 sr = OCSP_resp_get0(bs, 0);
952 if (!sr) {
953 memprintf(err, "Failed to get OCSP single response");
954 goto out;
955 }
956
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200957 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
958
Emeric Brun4147b2e2014-06-16 18:36:30 +0200959 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200960 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200961 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200962 goto out;
963 }
964
Emeric Brun13a6b482014-06-20 15:44:34 +0200965 if (!nextupd) {
966 memprintf(err, "OCSP single response: missing nextupdate");
967 goto out;
968 }
969
Emeric Brunc8b27b62014-06-19 14:16:17 +0200970 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200971 if (!rc) {
972 memprintf(err, "OCSP single response: no longer valid.");
973 goto out;
974 }
975
976 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200977 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200978 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
979 goto out;
980 }
981 }
982
983 if (!ocsp) {
984 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
985 unsigned char *p;
986
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200987 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200988 if (!rc) {
989 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
990 goto out;
991 }
992
993 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
994 memprintf(err, "OCSP single response: Certificate ID too long");
995 goto out;
996 }
997
998 p = key;
999 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001000 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001001 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
1002 if (!ocsp) {
1003 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
1004 goto out;
1005 }
1006 }
1007
1008 /* According to comments on "chunk_dup", the
1009 previous chunk buffer will be freed */
1010 if (!chunk_dup(&ocsp->response, ocsp_response)) {
1011 memprintf(err, "OCSP response: Memory allocation error");
1012 goto out;
1013 }
1014
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001015 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
1016
Emeric Brun4147b2e2014-06-16 18:36:30 +02001017 ret = 0;
1018out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +01001019 ERR_clear_error();
1020
Emeric Brun4147b2e2014-06-16 18:36:30 +02001021 if (bs)
1022 OCSP_BASICRESP_free(bs);
1023
1024 if (resp)
1025 OCSP_RESPONSE_free(resp);
1026
1027 return ret;
1028}
1029/*
1030 * External function use to update the OCSP response in the OCSP response's
1031 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
1032 * to update in DER format.
1033 *
1034 * Returns 0 on success, 1 in error case.
1035 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001036int ssl_sock_update_ocsp_response(struct buffer *ocsp_response, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001037{
1038 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
1039}
1040
William Lallemand4a660132019-10-14 14:51:41 +02001041#endif
1042
1043#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001044/*
1045 * This function load the OCSP Resonse in DER format contained in file at
William Lallemand3b5f3602019-10-16 18:05:05 +02001046 * path 'ocsp_path' or base64 in a buffer <buf>
Emeric Brun4147b2e2014-06-16 18:36:30 +02001047 *
1048 * Returns 0 on success, 1 in error case.
1049 */
William Lallemand3b5f3602019-10-16 18:05:05 +02001050static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, char *buf, struct cert_key_and_chain *ckch, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001051{
1052 int fd = -1;
1053 int r = 0;
1054 int ret = 1;
William Lallemand3b5f3602019-10-16 18:05:05 +02001055 struct buffer *ocsp_response;
1056 struct buffer *src = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001057
William Lallemand3b5f3602019-10-16 18:05:05 +02001058 if (buf) {
1059 int i, j;
1060 /* if it's from a buffer it will be base64 */
Emeric Brun4147b2e2014-06-16 18:36:30 +02001061
William Lallemand3b5f3602019-10-16 18:05:05 +02001062 /* remove \r and \n from the payload */
1063 for (i = 0, j = 0; buf[i]; i++) {
1064 if (buf[i] == '\r' || buf[i] == '\n')
Emeric Brun4147b2e2014-06-16 18:36:30 +02001065 continue;
William Lallemand3b5f3602019-10-16 18:05:05 +02001066 buf[j++] = buf[i];
1067 }
1068 buf[j] = 0;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001069
William Lallemand3b5f3602019-10-16 18:05:05 +02001070 ret = base64dec(buf, j, trash.area, trash.size);
1071 if (ret < 0) {
1072 memprintf(err, "Error reading OCSP response in base64 format");
Emeric Brun4147b2e2014-06-16 18:36:30 +02001073 goto end;
1074 }
William Lallemand3b5f3602019-10-16 18:05:05 +02001075 trash.data = ret;
1076 src = &trash;
1077 } else {
1078 fd = open(ocsp_path, O_RDONLY);
1079 if (fd == -1) {
1080 memprintf(err, "Error opening OCSP response file");
1081 goto end;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001082 }
William Lallemand3b5f3602019-10-16 18:05:05 +02001083
1084 trash.data = 0;
1085 while (trash.data < trash.size) {
1086 r = read(fd, trash.area + trash.data, trash.size - trash.data);
1087 if (r < 0) {
1088 if (errno == EINTR)
1089 continue;
1090
1091 memprintf(err, "Error reading OCSP response from file");
1092 goto end;
1093 }
1094 else if (r == 0) {
1095 break;
1096 }
1097 trash.data += r;
1098 }
1099 close(fd);
1100 fd = -1;
1101 src = &trash;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001102 }
1103
William Lallemand3b5f3602019-10-16 18:05:05 +02001104 ocsp_response = calloc(1, sizeof(*ocsp_response));
1105 if (!chunk_dup(ocsp_response, src)) {
1106 free(ocsp_response);
1107 ocsp_response = NULL;
William Lallemand246c0242019-10-11 08:59:13 +02001108 goto end;
1109 }
1110
William Lallemand3b5f3602019-10-16 18:05:05 +02001111 ckch->ocsp_response = ocsp_response;
William Lallemande0f48ae2019-10-15 13:44:57 +02001112 ret = 0;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001113end:
1114 if (fd != -1)
1115 close(fd);
1116
1117 return ret;
1118}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001119#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +02001120
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001121#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
1122static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
1123{
Christopher Faulet16f45c82018-02-16 11:23:49 +01001124 struct tls_keys_ref *ref;
Emeric Brun9e754772019-01-10 17:51:55 +01001125 union tls_sess_key *keys;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001126 struct connection *conn;
1127 int head;
1128 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001129 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001130
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001131 conn = SSL_get_ex_data(s, ssl_app_data_index);
Willy Tarreau07d94e42018-09-20 10:57:52 +02001132 ref = __objt_listener(conn->target)->bind_conf->keys_ref;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001133 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
1134
1135 keys = ref->tlskeys;
1136 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001137
1138 if (enc) {
1139 memcpy(key_name, keys[head].name, 16);
1140
1141 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +01001142 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001143
Emeric Brun9e754772019-01-10 17:51:55 +01001144 if (ref->key_size_bits == 128) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001145
Emeric Brun9e754772019-01-10 17:51:55 +01001146 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].key_128.aes_key, iv))
1147 goto end;
1148
Willy Tarreau9356dac2019-05-10 09:22:53 +02001149 HMAC_Init_ex(hctx, keys[head].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +01001150 ret = 1;
1151 }
1152 else if (ref->key_size_bits == 256 ) {
1153
1154 if(!EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[head].key_256.aes_key, iv))
1155 goto end;
1156
Willy Tarreau9356dac2019-05-10 09:22:53 +02001157 HMAC_Init_ex(hctx, keys[head].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +01001158 ret = 1;
1159 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001160 } else {
1161 for (i = 0; i < TLS_TICKETS_NO; i++) {
1162 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
1163 goto found;
1164 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01001165 ret = 0;
1166 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001167
Christopher Faulet16f45c82018-02-16 11:23:49 +01001168 found:
Emeric Brun9e754772019-01-10 17:51:55 +01001169 if (ref->key_size_bits == 128) {
Willy Tarreau9356dac2019-05-10 09:22:53 +02001170 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +01001171 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_128.aes_key, iv))
1172 goto end;
1173 /* 2 for key renewal, 1 if current key is still valid */
1174 ret = i ? 2 : 1;
1175 }
1176 else if (ref->key_size_bits == 256) {
Willy Tarreau9356dac2019-05-10 09:22:53 +02001177 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +01001178 if(!EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_256.aes_key, iv))
1179 goto end;
1180 /* 2 for key renewal, 1 if current key is still valid */
1181 ret = i ? 2 : 1;
1182 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001183 }
Emeric Brun9e754772019-01-10 17:51:55 +01001184
Christopher Faulet16f45c82018-02-16 11:23:49 +01001185 end:
1186 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
1187 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001188}
1189
1190struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
1191{
1192 struct tls_keys_ref *ref;
1193
1194 list_for_each_entry(ref, &tlskeys_reference, list)
1195 if (ref->filename && strcmp(filename, ref->filename) == 0)
1196 return ref;
1197 return NULL;
1198}
1199
1200struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
1201{
1202 struct tls_keys_ref *ref;
1203
1204 list_for_each_entry(ref, &tlskeys_reference, list)
1205 if (ref->unique_id == unique_id)
1206 return ref;
1207 return NULL;
1208}
1209
Emeric Brun9e754772019-01-10 17:51:55 +01001210/* Update the key into ref: if keysize doesnt
1211 * match existing ones, this function returns -1
1212 * else it returns 0 on success.
1213 */
1214int ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref,
Willy Tarreau83061a82018-07-13 11:56:34 +02001215 struct buffer *tlskey)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001216{
Emeric Brun9e754772019-01-10 17:51:55 +01001217 if (ref->key_size_bits == 128) {
1218 if (tlskey->data != sizeof(struct tls_sess_key_128))
1219 return -1;
1220 }
1221 else if (ref->key_size_bits == 256) {
1222 if (tlskey->data != sizeof(struct tls_sess_key_256))
1223 return -1;
1224 }
1225 else
1226 return -1;
1227
Christopher Faulet16f45c82018-02-16 11:23:49 +01001228 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001229 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)),
1230 tlskey->area, tlskey->data);
Christopher Faulet16f45c82018-02-16 11:23:49 +01001231 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
1232 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Emeric Brun9e754772019-01-10 17:51:55 +01001233
1234 return 0;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001235}
1236
Willy Tarreau83061a82018-07-13 11:56:34 +02001237int ssl_sock_update_tlskey(char *filename, struct buffer *tlskey, char **err)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001238{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001239 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
1240
1241 if(!ref) {
1242 memprintf(err, "Unable to locate the referenced filename: %s", filename);
1243 return 1;
1244 }
Emeric Brun9e754772019-01-10 17:51:55 +01001245 if (ssl_sock_update_tlskey_ref(ref, tlskey) < 0) {
1246 memprintf(err, "Invalid key size");
1247 return 1;
1248 }
1249
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001250 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001251}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001252
1253/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +01001254 * automatic ids. It's called just after the basic checks. It returns
1255 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001256 */
Willy Tarreaud1c57502016-12-22 22:46:15 +01001257static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001258{
1259 int i = 0;
1260 struct tls_keys_ref *ref, *ref2, *ref3;
1261 struct list tkr = LIST_HEAD_INIT(tkr);
1262
1263 list_for_each_entry(ref, &tlskeys_reference, list) {
1264 if (ref->unique_id == -1) {
1265 /* Look for the first free id. */
1266 while (1) {
1267 list_for_each_entry(ref2, &tlskeys_reference, list) {
1268 if (ref2->unique_id == i) {
1269 i++;
1270 break;
1271 }
1272 }
1273 if (&ref2->list == &tlskeys_reference)
1274 break;
1275 }
1276
1277 /* Uses the unique id and increment it for the next entry. */
1278 ref->unique_id = i;
1279 i++;
1280 }
1281 }
1282
1283 /* This sort the reference list by id. */
1284 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
1285 LIST_DEL(&ref->list);
1286 list_for_each_entry(ref3, &tkr, list) {
1287 if (ref->unique_id < ref3->unique_id) {
1288 LIST_ADDQ(&ref3->list, &ref->list);
1289 break;
1290 }
1291 }
1292 if (&ref3->list == &tkr)
1293 LIST_ADDQ(&tkr, &ref->list);
1294 }
1295
1296 /* swap root */
1297 LIST_ADD(&tkr, &tlskeys_reference);
1298 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +01001299 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001300}
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001301#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
1302
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001303#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -05001304int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
1305{
1306 switch (evp_keytype) {
1307 case EVP_PKEY_RSA:
1308 return 2;
1309 case EVP_PKEY_DSA:
1310 return 0;
1311 case EVP_PKEY_EC:
1312 return 1;
1313 }
1314
1315 return -1;
1316}
1317
Emeric Brun4147b2e2014-06-16 18:36:30 +02001318/*
1319 * Callback used to set OCSP status extension content in server hello.
1320 */
1321int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
1322{
yanbzhube2774d2015-12-10 15:07:30 -05001323 struct certificate_ocsp *ocsp;
1324 struct ocsp_cbk_arg *ocsp_arg;
1325 char *ssl_buf;
1326 EVP_PKEY *ssl_pkey;
1327 int key_type;
1328 int index;
1329
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001330 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -05001331
1332 ssl_pkey = SSL_get_privatekey(ssl);
1333 if (!ssl_pkey)
1334 return SSL_TLSEXT_ERR_NOACK;
1335
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001336 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001337
1338 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
1339 ocsp = ocsp_arg->s_ocsp;
1340 else {
1341 /* For multiple certs per context, we have to find the correct OCSP response based on
1342 * the certificate type
1343 */
1344 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
1345
1346 if (index < 0)
1347 return SSL_TLSEXT_ERR_NOACK;
1348
1349 ocsp = ocsp_arg->m_ocsp[index];
1350
1351 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001352
1353 if (!ocsp ||
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001354 !ocsp->response.area ||
1355 !ocsp->response.data ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001356 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001357 return SSL_TLSEXT_ERR_NOACK;
1358
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001359 ssl_buf = OPENSSL_malloc(ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001360 if (!ssl_buf)
1361 return SSL_TLSEXT_ERR_NOACK;
1362
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001363 memcpy(ssl_buf, ocsp->response.area, ocsp->response.data);
1364 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001365
1366 return SSL_TLSEXT_ERR_OK;
1367}
1368
William Lallemand4a660132019-10-14 14:51:41 +02001369#endif
1370
1371#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001372/*
1373 * This function enables the handling of OCSP status extension on 'ctx' if a
William Lallemand246c0242019-10-11 08:59:13 +02001374 * ocsp_response buffer was found in the cert_key_and_chain. To enable OCSP
1375 * status extension, the issuer's certificate is mandatory. It should be
1376 * present in ckch->ocsp_issuer.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001377 *
William Lallemand246c0242019-10-11 08:59:13 +02001378 * In addition, the ckch->ocsp_reponse buffer is loaded as a DER format of an
1379 * OCSP response. If file is empty or content is not a valid OCSP response,
1380 * OCSP status extension is enabled but OCSP response is ignored (a warning is
1381 * displayed).
Emeric Brun4147b2e2014-06-16 18:36:30 +02001382 *
1383 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
Joseph Herlant017b3da2018-11-15 09:07:59 -08001384 * successfully enabled, or -1 in other error case.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001385 */
William Lallemand4a660132019-10-14 14:51:41 +02001386#ifndef OPENSSL_IS_BORINGSSL
William Lallemand246c0242019-10-11 08:59:13 +02001387static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckch)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001388{
William Lallemand246c0242019-10-11 08:59:13 +02001389 X509 *x = NULL, *issuer = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001390 OCSP_CERTID *cid = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001391 int i, ret = -1;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001392 struct certificate_ocsp *ocsp = NULL, *iocsp;
1393 char *warn = NULL;
1394 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001395 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001396
Emeric Brun4147b2e2014-06-16 18:36:30 +02001397
William Lallemand246c0242019-10-11 08:59:13 +02001398 x = ckch->cert;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001399 if (!x)
1400 goto out;
1401
William Lallemand246c0242019-10-11 08:59:13 +02001402 issuer = ckch->ocsp_issuer;
1403 if (!issuer)
1404 goto out;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001405
1406 cid = OCSP_cert_to_id(0, x, issuer);
1407 if (!cid)
1408 goto out;
1409
1410 i = i2d_OCSP_CERTID(cid, NULL);
1411 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1412 goto out;
1413
Vincent Bernat02779b62016-04-03 13:48:43 +02001414 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001415 if (!ocsp)
1416 goto out;
1417
1418 p = ocsp->key_data;
1419 i2d_OCSP_CERTID(cid, &p);
1420
1421 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1422 if (iocsp == ocsp)
1423 ocsp = NULL;
1424
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001425#ifndef SSL_CTX_get_tlsext_status_cb
1426# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1427 *cb = (void (*) (void))ctx->tlsext_status_cb;
1428#endif
1429 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1430
1431 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001432 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001433 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001434
1435 cb_arg->is_single = 1;
1436 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001437
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001438 pkey = X509_get_pubkey(x);
1439 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1440 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001441
1442 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1443 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1444 } else {
1445 /*
1446 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1447 * Update that cb_arg with the new cert's staple
1448 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001449 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001450 struct certificate_ocsp *tmp_ocsp;
1451 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001452 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001453 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001454
1455#ifdef SSL_CTX_get_tlsext_status_arg
1456 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1457#else
1458 cb_arg = ctx->tlsext_status_arg;
1459#endif
yanbzhube2774d2015-12-10 15:07:30 -05001460
1461 /*
1462 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1463 * the order of operations below matter, take care when changing it
1464 */
1465 tmp_ocsp = cb_arg->s_ocsp;
1466 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1467 cb_arg->s_ocsp = NULL;
1468 cb_arg->m_ocsp[index] = tmp_ocsp;
1469 cb_arg->is_single = 0;
1470 cb_arg->single_kt = 0;
1471
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001472 pkey = X509_get_pubkey(x);
1473 key_type = EVP_PKEY_base_id(pkey);
1474 EVP_PKEY_free(pkey);
1475
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001476 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001477 if (index >= 0 && !cb_arg->m_ocsp[index])
1478 cb_arg->m_ocsp[index] = iocsp;
1479
1480 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001481
1482 ret = 0;
1483
1484 warn = NULL;
William Lallemand246c0242019-10-11 08:59:13 +02001485 if (ssl_sock_load_ocsp_response(ckch->ocsp_response, ocsp, cid, &warn)) {
William Lallemand3b5f3602019-10-16 18:05:05 +02001486 memprintf(&warn, "Loading: %s. Content will be ignored", warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001487 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001488 }
1489
1490out:
Emeric Brun4147b2e2014-06-16 18:36:30 +02001491 if (cid)
1492 OCSP_CERTID_free(cid);
1493
1494 if (ocsp)
1495 free(ocsp);
1496
1497 if (warn)
1498 free(warn);
1499
Emeric Brun4147b2e2014-06-16 18:36:30 +02001500 return ret;
1501}
William Lallemand4a660132019-10-14 14:51:41 +02001502#else /* OPENSSL_IS_BORINGSSL */
1503static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckch)
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001504{
William Lallemand4a660132019-10-14 14:51:41 +02001505 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *)ckch->ocsp_response->area, ckch->ocsp_response->data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001506}
1507#endif
1508
William Lallemand4a660132019-10-14 14:51:41 +02001509#endif
1510
1511
Willy Tarreau5db847a2019-05-09 14:13:35 +02001512#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001513
1514#define CT_EXTENSION_TYPE 18
1515
1516static int sctl_ex_index = -1;
1517
1518/*
1519 * Try to parse Signed Certificate Timestamp List structure. This function
1520 * makes only basic test if the data seems like SCTL. No signature validation
1521 * is performed.
1522 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001523static int ssl_sock_parse_sctl(struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001524{
1525 int ret = 1;
1526 int len, pos, sct_len;
1527 unsigned char *data;
1528
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001529 if (sctl->data < 2)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001530 goto out;
1531
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001532 data = (unsigned char *) sctl->area;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001533 len = (data[0] << 8) | data[1];
1534
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001535 if (len + 2 != sctl->data)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001536 goto out;
1537
1538 data = data + 2;
1539 pos = 0;
1540 while (pos < len) {
1541 if (len - pos < 2)
1542 goto out;
1543
1544 sct_len = (data[pos] << 8) | data[pos + 1];
1545 if (pos + sct_len + 2 > len)
1546 goto out;
1547
1548 pos += sct_len + 2;
1549 }
1550
1551 ret = 0;
1552
1553out:
1554 return ret;
1555}
1556
William Lallemand0dfae6c2019-10-16 18:06:58 +02001557/* Try to load a sctl from a buffer <buf> if not NULL, or read the file <sctl_path>
1558 * It fills the ckch->sctl buffer
1559 * return 0 on success or != 0 on failure */
1560static int ssl_sock_load_sctl_from_file(const char *sctl_path, char *buf, struct cert_key_and_chain *ckch, char **err)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001561{
1562 int fd = -1;
1563 int r = 0;
1564 int ret = 1;
William Lallemand0dfae6c2019-10-16 18:06:58 +02001565 struct buffer tmp;
1566 struct buffer *src;
1567 struct buffer *sctl;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001568
William Lallemand0dfae6c2019-10-16 18:06:58 +02001569 if (buf) {
1570 tmp.area = buf;
1571 tmp.data = strlen(buf);
1572 tmp.size = tmp.data + 1;
1573 src = &tmp;
1574 } else {
1575 fd = open(sctl_path, O_RDONLY);
1576 if (fd == -1)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001577 goto end;
William Lallemand0dfae6c2019-10-16 18:06:58 +02001578
1579 trash.data = 0;
1580 while (trash.data < trash.size) {
1581 r = read(fd, trash.area + trash.data, trash.size - trash.data);
1582 if (r < 0) {
1583 if (errno == EINTR)
1584 continue;
1585 goto end;
1586 }
1587 else if (r == 0) {
1588 break;
1589 }
1590 trash.data += r;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001591 }
William Lallemand0dfae6c2019-10-16 18:06:58 +02001592 src = &trash;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001593 }
1594
William Lallemand0dfae6c2019-10-16 18:06:58 +02001595 ret = ssl_sock_parse_sctl(src);
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001596 if (ret)
1597 goto end;
1598
William Lallemand0dfae6c2019-10-16 18:06:58 +02001599 sctl = calloc(1, sizeof(*sctl));
1600 if (!chunk_dup(sctl, src)) {
1601 free(sctl);
1602 sctl = NULL;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001603 goto end;
1604 }
William Lallemand0dfae6c2019-10-16 18:06:58 +02001605 ret = 0;
1606 /* TODO: free the previous SCTL in the ckch */
1607 ckch->sctl = sctl;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001608
1609end:
1610 if (fd != -1)
1611 close(fd);
1612
1613 return ret;
1614}
1615
1616int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1617{
Willy Tarreau83061a82018-07-13 11:56:34 +02001618 struct buffer *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001619
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001620 *out = (unsigned char *) sctl->area;
1621 *outlen = sctl->data;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001622
1623 return 1;
1624}
1625
1626int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1627{
1628 return 1;
1629}
1630
William Lallemanda17f4112019-10-10 15:16:44 +02001631static int ssl_sock_load_sctl(SSL_CTX *ctx, struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001632{
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001633 int ret = -1;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001634
William Lallemanda17f4112019-10-10 15:16:44 +02001635 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL))
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001636 goto out;
1637
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001638 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1639
1640 ret = 0;
1641
1642out:
1643 return ret;
1644}
1645
1646#endif
1647
Emeric Brune1f38db2012-09-03 20:36:47 +02001648void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1649{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001650 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001651 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001652 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001653 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001654
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001655#ifndef SSL_OP_NO_RENEGOTIATION
1656 /* Please note that BoringSSL defines this macro to zero so don't
1657 * change this to #if and do not assign a default value to this macro!
1658 */
Emeric Brune1f38db2012-09-03 20:36:47 +02001659 if (where & SSL_CB_HANDSHAKE_START) {
1660 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001661 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001662 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001663 conn->err_code = CO_ER_SSL_RENEG;
1664 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001665 }
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001666#endif
Emeric Brund8b2bb52014-01-28 15:43:53 +01001667
1668 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001669 if (!(ctx->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
Emeric Brund8b2bb52014-01-28 15:43:53 +01001670 /* Long certificate chains optimz
1671 If write and read bios are differents, we
1672 consider that the buffering was activated,
1673 so we rise the output buffer size from 4k
1674 to 16k */
1675 write_bio = SSL_get_wbio(ssl);
1676 if (write_bio != SSL_get_rbio(ssl)) {
1677 BIO_set_write_buffer_size(write_bio, 16384);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001678 ctx->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001679 }
1680 }
1681 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001682}
1683
Emeric Brune64aef12012-09-21 13:15:06 +02001684/* Callback is called for each certificate of the chain during a verify
1685 ok is set to 1 if preverify detect no error on current certificate.
1686 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001687int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001688{
1689 SSL *ssl;
1690 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001691 struct ssl_sock_ctx *ctx;
Emeric Brun81c00f02012-09-21 14:31:21 +02001692 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001693
1694 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001695 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001696
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001697 ctx = conn->xprt_ctx;
1698
1699 ctx->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001700
Emeric Brun81c00f02012-09-21 14:31:21 +02001701 if (ok) /* no errors */
1702 return ok;
1703
1704 depth = X509_STORE_CTX_get_error_depth(x_store);
1705 err = X509_STORE_CTX_get_error(x_store);
1706
1707 /* check if CA error needs to be ignored */
1708 if (depth > 0) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001709 if (!SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st)) {
1710 ctx->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1711 ctx->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001712 }
1713
Willy Tarreau07d94e42018-09-20 10:57:52 +02001714 if (__objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001715 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001716 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001717 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001718 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001719
Willy Tarreau20879a02012-12-03 16:32:10 +01001720 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001721 return 0;
1722 }
1723
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001724 if (!SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st))
1725 ctx->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001726
Emeric Brun81c00f02012-09-21 14:31:21 +02001727 /* check if certificate error needs to be ignored */
Willy Tarreau07d94e42018-09-20 10:57:52 +02001728 if (__objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001729 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001730 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001731 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001732 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001733
Willy Tarreau20879a02012-12-03 16:32:10 +01001734 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001735 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001736}
1737
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001738static inline
1739void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001740 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001741{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001742 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001743 unsigned char *msg;
1744 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001745 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001746
1747 /* This function is called for "from client" and "to server"
1748 * connections. The combination of write_p == 0 and content_type == 22
Joseph Herlant017b3da2018-11-15 09:07:59 -08001749 * is only available during "from client" connection.
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001750 */
1751
1752 /* "write_p" is set to 0 is the bytes are received messages,
1753 * otherwise it is set to 1.
1754 */
1755 if (write_p != 0)
1756 return;
1757
1758 /* content_type contains the type of message received or sent
1759 * according with the SSL/TLS protocol spec. This message is
1760 * encoded with one byte. The value 256 (two bytes) is used
1761 * for designing the SSL/TLS record layer. According with the
1762 * rfc6101, the expected message (other than 256) are:
1763 * - change_cipher_spec(20)
1764 * - alert(21)
1765 * - handshake(22)
1766 * - application_data(23)
1767 * - (255)
1768 * We are interessed by the handshake and specially the client
1769 * hello.
1770 */
1771 if (content_type != 22)
1772 return;
1773
1774 /* The message length is at least 4 bytes, containing the
1775 * message type and the message length.
1776 */
1777 if (len < 4)
1778 return;
1779
1780 /* First byte of the handshake message id the type of
1781 * message. The konwn types are:
1782 * - hello_request(0)
1783 * - client_hello(1)
1784 * - server_hello(2)
1785 * - certificate(11)
1786 * - server_key_exchange (12)
1787 * - certificate_request(13)
1788 * - server_hello_done(14)
1789 * We are interested by the client hello.
1790 */
1791 msg = (unsigned char *)buf;
1792 if (msg[0] != 1)
1793 return;
1794
1795 /* Next three bytes are the length of the message. The total length
1796 * must be this decoded length + 4. If the length given as argument
1797 * is not the same, we abort the protocol dissector.
1798 */
1799 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1800 if (len < rec_len + 4)
1801 return;
1802 msg += 4;
1803 end = msg + rec_len;
1804 if (end < msg)
1805 return;
1806
1807 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1808 * for minor, the random, composed by 4 bytes for the unix time and
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001809 * 28 bytes for unix payload. So we jump 1 + 1 + 4 + 28.
1810 */
1811 msg += 1 + 1 + 4 + 28;
1812 if (msg > end)
1813 return;
1814
1815 /* Next, is session id:
1816 * if present, we have to jump by length + 1 for the size information
1817 * if not present, we have to jump by 1 only
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001818 */
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001819 if (msg[0] > 0)
1820 msg += msg[0];
1821 msg += 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001822 if (msg > end)
1823 return;
1824
1825 /* Next two bytes are the ciphersuite length. */
1826 if (msg + 2 > end)
1827 return;
1828 rec_len = (msg[0] << 8) + msg[1];
1829 msg += 2;
1830 if (msg + rec_len > end || msg + rec_len < msg)
1831 return;
1832
Willy Tarreaubafbe012017-11-24 17:34:44 +01001833 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001834 if (!capture)
1835 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001836 /* Compute the xxh64 of the ciphersuite. */
1837 capture->xxh64 = XXH64(msg, rec_len, 0);
1838
1839 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001840 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1841 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001842 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001843
1844 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001845}
1846
Emeric Brun29f037d2014-04-25 19:05:36 +02001847/* Callback is called for ssl protocol analyse */
1848void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1849{
Emeric Brun29f037d2014-04-25 19:05:36 +02001850#ifdef TLS1_RT_HEARTBEAT
1851 /* test heartbeat received (write_p is set to 0
1852 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001853 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001854 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
William Lallemand7e1770b2019-05-13 14:31:34 +02001855 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001856 const unsigned char *p = buf;
1857 unsigned int payload;
1858
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001859 ctx->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001860
1861 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1862 if (*p != TLS1_HB_REQUEST)
1863 return;
1864
Willy Tarreauaeed6722014-04-25 23:59:58 +02001865 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001866 goto kill_it;
1867
1868 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001869 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001870 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001871 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001872 /* We have a clear heartbleed attack (CVE-2014-0160), the
1873 * advertised payload is larger than the advertised packet
1874 * length, so we have garbage in the buffer between the
1875 * payload and the end of the buffer (p+len). We can't know
1876 * if the SSL stack is patched, and we don't know if we can
1877 * safely wipe out the area between p+3+len and payload.
1878 * So instead, we prevent the response from being sent by
1879 * setting the max_send_fragment to 0 and we report an SSL
1880 * error, which will kill this connection. It will be reported
1881 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001882 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1883 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001884 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001885 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1886 return;
1887 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001888#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001889 if (global_ssl.capture_cipherlist > 0)
1890 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001891}
1892
Bernard Spil13c53f82018-02-15 13:34:58 +01001893#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchardc7566002018-11-20 23:33:50 +01001894static int ssl_sock_srv_select_protos(SSL *s, unsigned char **out, unsigned char *outlen,
1895 const unsigned char *in, unsigned int inlen,
1896 void *arg)
1897{
1898 struct server *srv = arg;
1899
1900 if (SSL_select_next_proto(out, outlen, in, inlen, (unsigned char *)srv->ssl_ctx.npn_str,
1901 srv->ssl_ctx.npn_len) == OPENSSL_NPN_NEGOTIATED)
1902 return SSL_TLSEXT_ERR_OK;
1903 return SSL_TLSEXT_ERR_NOACK;
1904}
1905#endif
1906
1907#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001908/* This callback is used so that the server advertises the list of
1909 * negociable protocols for NPN.
1910 */
1911static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1912 unsigned int *len, void *arg)
1913{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001914 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001915
1916 *data = (const unsigned char *)conf->npn_str;
1917 *len = conf->npn_len;
1918 return SSL_TLSEXT_ERR_OK;
1919}
1920#endif
1921
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001922#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001923/* This callback is used so that the server advertises the list of
1924 * negociable protocols for ALPN.
1925 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001926static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1927 unsigned char *outlen,
1928 const unsigned char *server,
1929 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001930{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001931 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001932
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001933 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1934 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1935 return SSL_TLSEXT_ERR_NOACK;
1936 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001937 return SSL_TLSEXT_ERR_OK;
1938}
1939#endif
1940
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001941#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001942#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001943
Christopher Faulet30548802015-06-11 13:39:32 +02001944/* Create a X509 certificate with the specified servername and serial. This
1945 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001946static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001947ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001948{
Christopher Faulet7969a332015-10-09 11:15:03 +02001949 X509 *cacert = bind_conf->ca_sign_cert;
1950 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001951 SSL_CTX *ssl_ctx = NULL;
1952 X509 *newcrt = NULL;
1953 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001954 SSL *tmp_ssl = NULL;
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001955 CONF *ctmp = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001956 X509_NAME *name;
1957 const EVP_MD *digest;
1958 X509V3_CTX ctx;
1959 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001960 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001961
Christopher Faulet48a83322017-07-28 16:56:09 +02001962 /* Get the private key of the default certificate and use it */
Willy Tarreau5db847a2019-05-09 14:13:35 +02001963#if (HA_OPENSSL_VERSION_NUMBER >= 0x10002000L)
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001964 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1965#else
1966 tmp_ssl = SSL_new(bind_conf->default_ctx);
1967 if (tmp_ssl)
1968 pkey = SSL_get_privatekey(tmp_ssl);
1969#endif
1970 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001971 goto mkcert_error;
1972
1973 /* Create the certificate */
1974 if (!(newcrt = X509_new()))
1975 goto mkcert_error;
1976
1977 /* Set version number for the certificate (X509v3) and the serial
1978 * number */
1979 if (X509_set_version(newcrt, 2L) != 1)
1980 goto mkcert_error;
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01001981 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), _HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001982
1983 /* Set duration for the certificate */
Rosen Penev68185952018-12-14 08:47:02 -08001984 if (!X509_gmtime_adj(X509_getm_notBefore(newcrt), (long)-60*60*24) ||
1985 !X509_gmtime_adj(X509_getm_notAfter(newcrt),(long)60*60*24*365))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001986 goto mkcert_error;
1987
1988 /* set public key in the certificate */
1989 if (X509_set_pubkey(newcrt, pkey) != 1)
1990 goto mkcert_error;
1991
1992 /* Set issuer name from the CA */
1993 if (!(name = X509_get_subject_name(cacert)))
1994 goto mkcert_error;
1995 if (X509_set_issuer_name(newcrt, name) != 1)
1996 goto mkcert_error;
1997
1998 /* Set the subject name using the same, but the CN */
1999 name = X509_NAME_dup(name);
2000 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
2001 (const unsigned char *)servername,
2002 -1, -1, 0) != 1) {
2003 X509_NAME_free(name);
2004 goto mkcert_error;
2005 }
2006 if (X509_set_subject_name(newcrt, name) != 1) {
2007 X509_NAME_free(name);
2008 goto mkcert_error;
2009 }
2010 X509_NAME_free(name);
2011
2012 /* Add x509v3 extensions as specified */
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02002013 ctmp = NCONF_new(NULL);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002014 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
2015 for (i = 0; i < X509V3_EXT_SIZE; i++) {
2016 X509_EXTENSION *ext;
2017
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02002018 if (!(ext = X509V3_EXT_nconf(ctmp, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
Christopher Faulet31af49d2015-06-09 17:29:50 +02002019 goto mkcert_error;
2020 if (!X509_add_ext(newcrt, ext, -1)) {
2021 X509_EXTENSION_free(ext);
2022 goto mkcert_error;
2023 }
2024 X509_EXTENSION_free(ext);
2025 }
2026
2027 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002028
2029 key_type = EVP_PKEY_base_id(capkey);
2030
2031 if (key_type == EVP_PKEY_DSA)
2032 digest = EVP_sha1();
2033 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02002034 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002035 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02002036 digest = EVP_sha256();
2037 else {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02002038#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000000fL) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet7969a332015-10-09 11:15:03 +02002039 int nid;
2040
2041 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
2042 goto mkcert_error;
2043 if (!(digest = EVP_get_digestbynid(nid)))
2044 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02002045#else
2046 goto mkcert_error;
2047#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02002048 }
2049
Christopher Faulet31af49d2015-06-09 17:29:50 +02002050 if (!(X509_sign(newcrt, capkey, digest)))
2051 goto mkcert_error;
2052
2053 /* Create and set the new SSL_CTX */
2054 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
2055 goto mkcert_error;
2056 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
2057 goto mkcert_error;
2058 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
2059 goto mkcert_error;
2060 if (!SSL_CTX_check_private_key(ssl_ctx))
2061 goto mkcert_error;
2062
2063 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02002064
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01002065#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02002066 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01002067#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02002068#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
2069 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002070 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02002071 EC_KEY *ecc;
2072 int nid;
2073
2074 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
2075 goto end;
2076 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
2077 goto end;
2078 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
2079 EC_KEY_free(ecc);
2080 }
2081#endif
2082 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02002083 return ssl_ctx;
2084
2085 mkcert_error:
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02002086 if (ctmp) NCONF_free(ctmp);
Emmanuel Hocdet15969292017-08-11 10:56:00 +02002087 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002088 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
2089 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002090 return NULL;
2091}
2092
Christopher Faulet7969a332015-10-09 11:15:03 +02002093SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002094ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02002095{
Willy Tarreau07d94e42018-09-20 10:57:52 +02002096 struct bind_conf *bind_conf = __objt_listener(conn->target)->bind_conf;
Olivier Houchard66ab4982019-02-26 18:37:15 +01002097 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002098
Olivier Houchard66ab4982019-02-26 18:37:15 +01002099 return ssl_sock_do_create_cert(servername, bind_conf, ctx->ssl);
Christopher Faulet7969a332015-10-09 11:15:03 +02002100}
2101
Christopher Faulet30548802015-06-11 13:39:32 +02002102/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02002103 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02002104SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02002105ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02002106{
2107 struct lru64 *lru = NULL;
2108
2109 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002110 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002111 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02002112 if (lru && lru->domain) {
2113 if (ssl)
2114 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002115 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002116 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002117 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002118 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002119 }
2120 return NULL;
2121}
2122
Emeric Brun821bb9b2017-06-15 16:37:39 +02002123/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
2124 * function is not thread-safe, it should only be used to check if a certificate
2125 * exists in the lru cache (with no warranty it will not be removed by another
2126 * thread). It is kept for backward compatibility. */
2127SSL_CTX *
2128ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
2129{
2130 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
2131}
2132
Christopher Fauletd2cab922015-07-28 16:03:47 +02002133/* Set a certificate int the LRU cache used to store generated
2134 * certificate. Return 0 on success, otherwise -1 */
2135int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002136ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02002137{
2138 struct lru64 *lru = NULL;
2139
2140 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002141 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002142 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02002143 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002144 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002145 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002146 }
Christopher Faulet30548802015-06-11 13:39:32 +02002147 if (lru->domain && lru->data)
2148 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02002149 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002150 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002151 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02002152 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02002153 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02002154}
2155
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002156/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02002157unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002158ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02002159{
2160 return XXH32(data, len, ssl_ctx_lru_seed);
2161}
2162
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002163/* Generate a cert and immediately assign it to the SSL session so that the cert's
2164 * refcount is maintained regardless of the cert's presence in the LRU cache.
2165 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002166static int
Christopher Faulet7969a332015-10-09 11:15:03 +02002167ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02002168{
2169 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002170 SSL_CTX *ssl_ctx = NULL;
2171 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002172 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002173
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002174 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02002175 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002176 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002177 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002178 if (lru && lru->domain)
2179 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02002180 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002181 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002182 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002183 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002184 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002185 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002186 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002187 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002188 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002189 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002190 SSL_set_SSL_CTX(ssl, ssl_ctx);
2191 /* No LRU cache, this CTX will be released as soon as the session dies */
2192 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002193 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002194 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002195 return 0;
2196}
2197static int
2198ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
2199{
2200 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002201 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002202
Willy Tarreauf5bdb642019-07-17 11:29:32 +02002203 if (conn_get_dst(conn)) {
Willy Tarreau085a1512019-07-17 14:47:35 +02002204 key = ssl_sock_generated_cert_key(conn->dst, get_addr_len(conn->dst));
Emeric Brun821bb9b2017-06-15 16:37:39 +02002205 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002206 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002207 }
2208 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002209}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002210#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002211
Willy Tarreau9a1ab082019-05-09 13:26:41 +02002212#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002213typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
2214
2215static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002216{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002217#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002218 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002219 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
2220#endif
2221}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002222static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2223 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002224 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
2225}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002226static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002227#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002228 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002229 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
2230#endif
2231}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002232static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002233#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002234 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002235 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
2236#endif
2237}
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002238/* TLSv1.2 is the last supported version in this context. */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002239static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
2240/* Unusable in this context. */
2241static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
2242static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
2243static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
2244static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
2245static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002246#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002247typedef enum { SET_MIN, SET_MAX } set_context_func;
2248
2249static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2250 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002251 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2252}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002253static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2254 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2255 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2256}
2257static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2258 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002259 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2260}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002261static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2262 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2263 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2264}
2265static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2266 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002267 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2268}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002269static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2270 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2271 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2272}
2273static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2274 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002275 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2276}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002277static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2278 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2279 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2280}
2281static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002282#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002283 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002284 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2285#endif
2286}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002287static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2288#if SSL_OP_NO_TLSv1_3
2289 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2290 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002291#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002292}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002293#endif
2294static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2295static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002296
2297static struct {
2298 int option;
2299 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002300 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2301 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002302 const char *name;
2303} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002304 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2305 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2306 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2307 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2308 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2309 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002310};
2311
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002312static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2313{
2314 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2315 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2316 SSL_set_SSL_CTX(ssl, ctx);
2317}
2318
Willy Tarreau5db847a2019-05-09 14:13:35 +02002319#if ((HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL))
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002320
2321static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2322{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002323 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002324 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002325
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002326 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2327 return SSL_TLSEXT_ERR_OK;
2328 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002329}
2330
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002331#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002332static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2333{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002334 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002335#else
2336static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2337{
2338#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002339 struct connection *conn;
2340 struct bind_conf *s;
2341 const uint8_t *extension_data;
2342 size_t extension_len;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002343 int has_rsa_sig = 0, has_ecdsa_sig = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002344
2345 char *wildp = NULL;
2346 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002347 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002348 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002349 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002350 int i;
2351
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002352 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreaua8825522018-10-15 13:20:07 +02002353 s = __objt_listener(conn->target)->bind_conf;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002354
Olivier Houchard9679ac92017-10-27 14:58:08 +02002355 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002356 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002357#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002358 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2359 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002360#else
2361 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2362#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002363 /*
2364 * The server_name extension was given too much extensibility when it
2365 * was written, so parsing the normal case is a bit complex.
2366 */
2367 size_t len;
2368 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002369 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002370 /* Extract the length of the supplied list of names. */
2371 len = (*extension_data++) << 8;
2372 len |= *extension_data++;
2373 if (len + 2 != extension_len)
2374 goto abort;
2375 /*
2376 * The list in practice only has a single element, so we only consider
2377 * the first one.
2378 */
2379 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2380 goto abort;
2381 extension_len = len - 1;
2382 /* Now we can finally pull out the byte array with the actual hostname. */
2383 if (extension_len <= 2)
2384 goto abort;
2385 len = (*extension_data++) << 8;
2386 len |= *extension_data++;
2387 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2388 || memchr(extension_data, 0, len) != NULL)
2389 goto abort;
2390 servername = extension_data;
2391 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002392 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002393#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2394 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002395 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002396 }
2397#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002398 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002399 if (!s->strict_sni) {
William Lallemand21724f02019-11-04 17:56:13 +01002400 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002401 ssl_sock_switchctx_set(ssl, s->default_ctx);
William Lallemand21724f02019-11-04 17:56:13 +01002402 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002403 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002404 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002405 goto abort;
2406 }
2407
2408 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002409#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002410 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002411#else
2412 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2413#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002414 uint8_t sign;
2415 size_t len;
2416 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002417 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002418 len = (*extension_data++) << 8;
2419 len |= *extension_data++;
2420 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002421 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002422 if (len % 2 != 0)
2423 goto abort;
2424 for (; len > 0; len -= 2) {
2425 extension_data++; /* hash */
2426 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002427 switch (sign) {
2428 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002429 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002430 break;
2431 case TLSEXT_signature_ecdsa:
2432 has_ecdsa_sig = 1;
2433 break;
2434 default:
2435 continue;
2436 }
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002437 if (has_ecdsa_sig && has_rsa_sig)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002438 break;
2439 }
2440 } else {
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002441 /* without TLSEXT_TYPE_signature_algorithms extension (< TLSv1.2) */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002442 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002443 }
2444 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002445 const SSL_CIPHER *cipher;
2446 size_t len;
2447 const uint8_t *cipher_suites;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002448 has_ecdsa_sig = 0;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002449#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002450 len = ctx->cipher_suites_len;
2451 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002452#else
2453 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2454#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002455 if (len % 2 != 0)
2456 goto abort;
2457 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002458#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002459 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002460 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002461#else
2462 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2463#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002464 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002465 has_ecdsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002466 break;
2467 }
2468 }
2469 }
2470
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002471 for (i = 0; i < trash.size && i < servername_len; i++) {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002472 trash.area[i] = tolower(servername[i]);
2473 if (!wildp && (trash.area[i] == '.'))
2474 wildp = &trash.area[i];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002475 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002476 trash.area[i] = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002477
William Lallemand150bfa82019-09-19 17:12:49 +02002478 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002479
Emmanuel Hocdet3777e3a2019-11-06 16:05:34 +01002480 for (i = 0; i < 2; i++) {
2481 if (i == 0) /* lookup in full qualified names */
2482 node = ebst_lookup(&s->sni_ctx, trash.area);
2483 else if (i == 1 && wildp) /* lookup in wildcards names */
2484 node = ebst_lookup(&s->sni_w_ctx, wildp);
2485 else
2486 break;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002487 for (n = node; n; n = ebmb_next_dup(n)) {
Emmanuel Hocdet3777e3a2019-11-06 16:05:34 +01002488 /* lookup a not neg filter */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002489 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002490 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002491 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002492 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002493 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002494 break;
2495 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002496 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002497 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002498 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002499 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002500 if (!node_anonymous)
2501 node_anonymous = n;
2502 break;
2503 }
2504 }
2505 }
Emmanuel Hocdet3777e3a2019-11-06 16:05:34 +01002506 /* select by key_signature priority order */
2507 node = (has_ecdsa_sig && node_ecdsa) ? node_ecdsa
2508 : ((has_rsa_sig && node_rsa) ? node_rsa
2509 : (node_anonymous ? node_anonymous
2510 : (node_ecdsa ? node_ecdsa /* no ecdsa signature case (< TLSv1.2) */
2511 : node_rsa /* no rsa signature case (far far away) */
2512 )));
2513 if (node) {
2514 /* switch ctx */
2515 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
2516 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002517 if (conf) {
2518 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2519 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2520 if (conf->early_data)
2521 allow_early = 1;
2522 }
William Lallemand02010472019-10-18 11:02:19 +02002523 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002524 goto allow_early;
Emmanuel Hocdet3777e3a2019-11-06 16:05:34 +01002525 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002526 }
William Lallemand150bfa82019-09-19 17:12:49 +02002527
William Lallemand02010472019-10-18 11:02:19 +02002528 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002529#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002530 if (s->generate_certs && ssl_sock_generate_certificate(trash.area, s, ssl)) {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002531 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002532 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002533 }
2534#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002535 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002536 /* no certificate match, is the default_ctx */
William Lallemand21724f02019-11-04 17:56:13 +01002537 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002538 ssl_sock_switchctx_set(ssl, s->default_ctx);
William Lallemand21724f02019-11-04 17:56:13 +01002539 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002540 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002541allow_early:
2542#ifdef OPENSSL_IS_BORINGSSL
2543 if (allow_early)
2544 SSL_set_early_data_enabled(ssl, 1);
2545#else
2546 if (!allow_early)
2547 SSL_set_max_early_data(ssl, 0);
2548#endif
2549 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002550 abort:
2551 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2552 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002553#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002554 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002555#else
2556 *al = SSL_AD_UNRECOGNIZED_NAME;
2557 return 0;
2558#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002559}
2560
2561#else /* OPENSSL_IS_BORINGSSL */
2562
Emeric Brunfc0421f2012-09-07 17:30:07 +02002563/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2564 * warning when no match is found, which implies the default (first) cert
2565 * will keep being used.
2566 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002567static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002568{
2569 const char *servername;
2570 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002571 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002572 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002573 int i;
2574 (void)al; /* shut gcc stupid warning */
2575
2576 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002577 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002578#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002579 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2580 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002581#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002582 if (s->strict_sni)
2583 return SSL_TLSEXT_ERR_ALERT_FATAL;
William Lallemand21724f02019-11-04 17:56:13 +01002584 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002585 ssl_sock_switchctx_set(ssl, s->default_ctx);
William Lallemand21724f02019-11-04 17:56:13 +01002586 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002587 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002588 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002589
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002590 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002591 if (!servername[i])
2592 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002593 trash.area[i] = tolower(servername[i]);
2594 if (!wildp && (trash.area[i] == '.'))
2595 wildp = &trash.area[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002596 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002597 trash.area[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002598
William Lallemand150bfa82019-09-19 17:12:49 +02002599 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetc5fdf0f2019-11-04 15:49:46 +01002600 node = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002601 /* lookup in full qualified names */
Emmanuel Hocdetc5fdf0f2019-11-04 15:49:46 +01002602 for (n = ebst_lookup(&s->sni_ctx, trash.area); n; n = ebmb_next_dup(n)) {
2603 /* lookup a not neg filter */
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002604 if (!container_of(n, struct sni_ctx, name)->neg) {
2605 node = n;
2606 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002607 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002608 }
2609 if (!node && wildp) {
2610 /* lookup in wildcards names */
Emmanuel Hocdetc5fdf0f2019-11-04 15:49:46 +01002611 for (n = ebst_lookup(&s->sni_w_ctx, wildp); n; n = ebmb_next_dup(n)) {
2612 /* lookup a not neg filter */
2613 if (!container_of(n, struct sni_ctx, name)->neg) {
2614 node = n;
2615 break;
2616 }
2617 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002618 }
Emmanuel Hocdetc5fdf0f2019-11-04 15:49:46 +01002619 if (!node) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002620#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002621 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2622 /* switch ctx done in ssl_sock_generate_certificate */
William Lallemand150bfa82019-09-19 17:12:49 +02002623 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002624 return SSL_TLSEXT_ERR_OK;
2625 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002626#endif
William Lallemand21724f02019-11-04 17:56:13 +01002627 if (s->strict_sni) {
2628 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002629 return SSL_TLSEXT_ERR_ALERT_FATAL;
William Lallemand21724f02019-11-04 17:56:13 +01002630 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002631 ssl_sock_switchctx_set(ssl, s->default_ctx);
William Lallemand21724f02019-11-04 17:56:13 +01002632 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002633 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002634 }
2635
2636 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002637 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
William Lallemand150bfa82019-09-19 17:12:49 +02002638 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002639 return SSL_TLSEXT_ERR_OK;
2640}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002641#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002642#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2643
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002644#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002645
2646static DH * ssl_get_dh_1024(void)
2647{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002648 static unsigned char dh1024_p[]={
2649 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2650 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2651 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2652 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2653 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2654 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2655 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2656 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2657 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2658 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2659 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2660 };
2661 static unsigned char dh1024_g[]={
2662 0x02,
2663 };
2664
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002665 BIGNUM *p;
2666 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002667 DH *dh = DH_new();
2668 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002669 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2670 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002671
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002672 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002673 DH_free(dh);
2674 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002675 } else {
2676 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002677 }
2678 }
2679 return dh;
2680}
2681
2682static DH *ssl_get_dh_2048(void)
2683{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002684 static unsigned char dh2048_p[]={
2685 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2686 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2687 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2688 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2689 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2690 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2691 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2692 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2693 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2694 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2695 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2696 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2697 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2698 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2699 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2700 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2701 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2702 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2703 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2704 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2705 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2706 0xB7,0x1F,0x77,0xF3,
2707 };
2708 static unsigned char dh2048_g[]={
2709 0x02,
2710 };
2711
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002712 BIGNUM *p;
2713 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002714 DH *dh = DH_new();
2715 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002716 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2717 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002718
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002719 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002720 DH_free(dh);
2721 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002722 } else {
2723 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002724 }
2725 }
2726 return dh;
2727}
2728
2729static DH *ssl_get_dh_4096(void)
2730{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002731 static unsigned char dh4096_p[]={
2732 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2733 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2734 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2735 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2736 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2737 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2738 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2739 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2740 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2741 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2742 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2743 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2744 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2745 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2746 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2747 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2748 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2749 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2750 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2751 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2752 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2753 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2754 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2755 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2756 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2757 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2758 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2759 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2760 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2761 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2762 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2763 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2764 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2765 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2766 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2767 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2768 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2769 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2770 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2771 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2772 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2773 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2774 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002775 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002776 static unsigned char dh4096_g[]={
2777 0x02,
2778 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002779
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002780 BIGNUM *p;
2781 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002782 DH *dh = DH_new();
2783 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002784 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2785 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002786
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002787 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002788 DH_free(dh);
2789 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002790 } else {
2791 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002792 }
2793 }
2794 return dh;
2795}
2796
2797/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002798 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002799static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2800{
2801 DH *dh = NULL;
2802 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002803 int type;
2804
2805 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002806
2807 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2808 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2809 */
2810 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2811 keylen = EVP_PKEY_bits(pkey);
2812 }
2813
Willy Tarreauef934602016-12-22 23:12:01 +01002814 if (keylen > global_ssl.default_dh_param) {
2815 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002816 }
2817
Remi Gacogned3a341a2015-05-29 16:26:17 +02002818 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002819 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002820 }
2821 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002822 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002823 }
2824 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002825 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002826 }
2827
2828 return dh;
2829}
2830
Remi Gacogne47783ef2015-05-29 15:53:22 +02002831static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002832{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002833 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002834 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002835
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002836 if (in == NULL)
2837 goto end;
2838
Remi Gacogne47783ef2015-05-29 15:53:22 +02002839 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002840 goto end;
2841
Remi Gacogne47783ef2015-05-29 15:53:22 +02002842 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2843
2844end:
2845 if (in)
2846 BIO_free(in);
2847
Emeric Brune1b4ed42018-08-16 15:14:12 +02002848 ERR_clear_error();
2849
Remi Gacogne47783ef2015-05-29 15:53:22 +02002850 return dh;
2851}
2852
2853int ssl_sock_load_global_dh_param_from_file(const char *filename)
2854{
2855 global_dh = ssl_sock_get_dh_from_file(filename);
2856
2857 if (global_dh) {
2858 return 0;
2859 }
2860
2861 return -1;
2862}
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002863#endif
2864
William Lallemand9117de92019-10-04 00:29:42 +02002865/* Alloc and init a ckch_inst */
2866static struct ckch_inst *ckch_inst_new()
2867{
2868 struct ckch_inst *ckch_inst;
2869
2870 ckch_inst = calloc(1, sizeof *ckch_inst);
2871 if (ckch_inst)
2872 LIST_INIT(&ckch_inst->sni_ctx);
2873
2874 return ckch_inst;
2875}
2876
2877
2878/* This function allocates a sni_ctx and adds it to the ckch_inst */
William Lallemand1d29c742019-10-04 00:53:29 +02002879static int ckch_inst_add_cert_sni(SSL_CTX *ctx, struct ckch_inst *ckch_inst,
William Lallemand9117de92019-10-04 00:29:42 +02002880 struct bind_conf *s, struct ssl_bind_conf *conf,
2881 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002882{
2883 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002884 int wild = 0, neg = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002885
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002886 if (*name == '!') {
2887 neg = 1;
2888 name++;
2889 }
2890 if (*name == '*') {
2891 wild = 1;
2892 name++;
2893 }
2894 /* !* filter is a nop */
2895 if (neg && wild)
2896 return order;
2897 if (*name) {
2898 int j, len;
2899 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002900 for (j = 0; j < len && j < trash.size; j++)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002901 trash.area[j] = tolower(name[j]);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002902 if (j >= trash.size)
William Lallemandfe49bb32019-10-03 23:46:33 +02002903 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002904 trash.area[j] = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002905
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002906 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002907 if (!sc)
William Lallemandfe49bb32019-10-03 23:46:33 +02002908 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002909 memcpy(sc->name.key, trash.area, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002910 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002911 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002912 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002913 sc->order = order++;
2914 sc->neg = neg;
William Lallemand1d29c742019-10-04 00:53:29 +02002915 sc->wild = wild;
2916 sc->name.node.leaf_p = NULL;
William Lallemand1d29c742019-10-04 00:53:29 +02002917 LIST_ADDQ(&ckch_inst->sni_ctx, &sc->by_ckch_inst);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002918 }
2919 return order;
2920}
2921
William Lallemand6af03992019-07-23 15:00:54 +02002922/*
William Lallemand1d29c742019-10-04 00:53:29 +02002923 * Insert the sni_ctxs that are listed in the ckch_inst, in the bind_conf's sni_ctx tree
2924 * This function can't return an error.
2925 *
2926 * *CAUTION*: The caller must lock the sni tree if called in multithreading mode
2927 */
2928static void ssl_sock_load_cert_sni(struct ckch_inst *ckch_inst, struct bind_conf *bind_conf)
2929{
2930
2931 struct sni_ctx *sc0, *sc0b, *sc1;
2932 struct ebmb_node *node;
William Lallemand21724f02019-11-04 17:56:13 +01002933 int def = 0;
William Lallemand1d29c742019-10-04 00:53:29 +02002934
2935 list_for_each_entry_safe(sc0, sc0b, &ckch_inst->sni_ctx, by_ckch_inst) {
2936
2937 /* ignore if sc0 was already inserted in a tree */
2938 if (sc0->name.node.leaf_p)
2939 continue;
2940
2941 /* Check for duplicates. */
2942 if (sc0->wild)
2943 node = ebst_lookup(&bind_conf->sni_w_ctx, (char *)sc0->name.key);
2944 else
2945 node = ebst_lookup(&bind_conf->sni_ctx, (char *)sc0->name.key);
2946
2947 for (; node; node = ebmb_next_dup(node)) {
2948 sc1 = ebmb_entry(node, struct sni_ctx, name);
2949 if (sc1->ctx == sc0->ctx && sc1->conf == sc0->conf
2950 && sc1->neg == sc0->neg && sc1->wild == sc0->wild) {
2951 /* it's a duplicate, we should remove and free it */
2952 LIST_DEL(&sc0->by_ckch_inst);
2953 free(sc0);
2954 sc0 = NULL;
William Lallemande15029b2019-10-14 10:46:58 +02002955 break;
William Lallemand1d29c742019-10-04 00:53:29 +02002956 }
2957 }
2958
2959 /* if duplicate, ignore the insertion */
2960 if (!sc0)
2961 continue;
2962
2963 if (sc0->wild)
2964 ebst_insert(&bind_conf->sni_w_ctx, &sc0->name);
2965 else
2966 ebst_insert(&bind_conf->sni_ctx, &sc0->name);
William Lallemand21724f02019-11-04 17:56:13 +01002967
2968 /* replace the default_ctx if required with the first ctx */
2969 if (ckch_inst->is_default && !def) {
2970 /* we don't need to free the default_ctx because the refcount was not incremented */
2971 bind_conf->default_ctx = sc0->ctx;
2972 def = 1;
2973 }
William Lallemand1d29c742019-10-04 00:53:29 +02002974 }
2975}
2976
2977/*
William Lallemande3af8fb2019-10-08 11:36:53 +02002978 * tree used to store the ckchs ordered by filename/bundle name
William Lallemand6af03992019-07-23 15:00:54 +02002979 */
William Lallemande3af8fb2019-10-08 11:36:53 +02002980struct eb_root ckchs_tree = EB_ROOT_UNIQUE;
William Lallemand6af03992019-07-23 15:00:54 +02002981
William Lallemandfa892222019-07-23 16:06:08 +02002982
Emeric Brun7a883362019-10-17 13:27:40 +02002983/* Loads Diffie-Hellman parameter from a ckchs to an SSL_CTX.
2984 * If there is no DH paramater availaible in the ckchs, the global
2985 * DH parameter is loaded into the SSL_CTX and if there is no
2986 * DH parameter available in ckchs nor in global, the default
2987 * DH parameters are applied on the SSL_CTX.
2988 * Returns a bitfield containing the flags:
2989 * ERR_FATAL in any fatal error case
2990 * ERR_ALERT if a reason of the error is availabine in err
2991 * ERR_WARN if a warning is available into err
2992 * The value 0 means there is no error nor warning and
2993 * the operation succeed.
2994 */
William Lallemandfa892222019-07-23 16:06:08 +02002995#ifndef OPENSSL_NO_DH
Emeric Brun7a883362019-10-17 13:27:40 +02002996static int ssl_sock_load_dh_params(SSL_CTX *ctx, const struct cert_key_and_chain *ckch,
2997 const char *path, char **err)
William Lallemandfa892222019-07-23 16:06:08 +02002998{
Emeric Brun7a883362019-10-17 13:27:40 +02002999 int ret = 0;
William Lallemandfa892222019-07-23 16:06:08 +02003000 DH *dh = NULL;
3001
William Lallemanda8c73742019-07-31 18:31:34 +02003002 if (ckch && ckch->dh) {
William Lallemandfa892222019-07-23 16:06:08 +02003003 dh = ckch->dh;
Emeric Bruna9363eb2019-10-17 14:53:03 +02003004 if (!SSL_CTX_set_tmp_dh(ctx, dh)) {
3005 memprintf(err, "%sunable to load the DH parameter specified in '%s'",
3006 err && *err ? *err : "", path);
3007#if defined(SSL_CTX_set_dh_auto)
3008 SSL_CTX_set_dh_auto(ctx, 1);
3009 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
3010 err && *err ? *err : "");
3011#else
3012 memprintf(err, "%s, DH ciphers won't be available.\n",
3013 err && *err ? *err : "");
3014#endif
3015 ret |= ERR_WARN;
3016 goto end;
3017 }
William Lallemandfa892222019-07-23 16:06:08 +02003018
3019 if (ssl_dh_ptr_index >= 0) {
3020 /* store a pointer to the DH params to avoid complaining about
3021 ssl-default-dh-param not being set for this SSL_CTX */
3022 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
3023 }
3024 }
3025 else if (global_dh) {
Emeric Bruna9363eb2019-10-17 14:53:03 +02003026 if (!SSL_CTX_set_tmp_dh(ctx, global_dh)) {
3027 memprintf(err, "%sunable to use the global DH parameter for certificate '%s'",
3028 err && *err ? *err : "", path);
3029#if defined(SSL_CTX_set_dh_auto)
3030 SSL_CTX_set_dh_auto(ctx, 1);
3031 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
3032 err && *err ? *err : "");
3033#else
3034 memprintf(err, "%s, DH ciphers won't be available.\n",
3035 err && *err ? *err : "");
3036#endif
3037 ret |= ERR_WARN;
3038 goto end;
3039 }
William Lallemandfa892222019-07-23 16:06:08 +02003040 }
3041 else {
3042 /* Clear openssl global errors stack */
3043 ERR_clear_error();
3044
3045 if (global_ssl.default_dh_param <= 1024) {
3046 /* we are limited to DH parameter of 1024 bits anyway */
3047 if (local_dh_1024 == NULL)
3048 local_dh_1024 = ssl_get_dh_1024();
3049
Emeric Brun7a883362019-10-17 13:27:40 +02003050 if (local_dh_1024 == NULL) {
3051 memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
3052 err && *err ? *err : "", path);
3053 ret |= ERR_ALERT | ERR_FATAL;
William Lallemandfa892222019-07-23 16:06:08 +02003054 goto end;
Emeric Brun7a883362019-10-17 13:27:40 +02003055 }
William Lallemandfa892222019-07-23 16:06:08 +02003056
Emeric Bruna9363eb2019-10-17 14:53:03 +02003057 if (!SSL_CTX_set_tmp_dh(ctx, local_dh_1024)) {
3058 memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
3059 err && *err ? *err : "", path);
3060#if defined(SSL_CTX_set_dh_auto)
3061 SSL_CTX_set_dh_auto(ctx, 1);
3062 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
3063 err && *err ? *err : "");
3064#else
3065 memprintf(err, "%s, DH ciphers won't be available.\n",
3066 err && *err ? *err : "");
3067#endif
3068 ret |= ERR_WARN;
3069 goto end;
3070 }
William Lallemandfa892222019-07-23 16:06:08 +02003071 }
3072 else {
3073 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
3074 }
William Lallemandfa892222019-07-23 16:06:08 +02003075 }
3076
3077end:
William Lallemandfa892222019-07-23 16:06:08 +02003078 return ret;
3079}
3080#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05003081
yanbzhu488a4d22015-12-01 15:16:07 -05003082/* Frees the contents of a cert_key_and_chain
3083 */
3084static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
3085{
yanbzhu488a4d22015-12-01 15:16:07 -05003086 if (!ckch)
3087 return;
3088
3089 /* Free the certificate and set pointer to NULL */
3090 if (ckch->cert)
3091 X509_free(ckch->cert);
3092 ckch->cert = NULL;
3093
3094 /* Free the key and set pointer to NULL */
3095 if (ckch->key)
3096 EVP_PKEY_free(ckch->key);
3097 ckch->key = NULL;
3098
3099 /* Free each certificate in the chain */
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01003100 if (ckch->chain)
3101 sk_X509_pop_free(ckch->chain, X509_free);
3102 ckch->chain = NULL;
yanbzhu488a4d22015-12-01 15:16:07 -05003103
William Lallemand455af502019-10-17 18:04:45 +02003104 if (ckch->dh)
3105 DH_free(ckch->dh);
3106 ckch->dh = NULL;
3107
3108 if (ckch->sctl) {
3109 free(ckch->sctl->area);
3110 ckch->sctl->area = NULL;
3111 free(ckch->sctl);
3112 ckch->sctl = NULL;
3113 }
3114
3115 if (ckch->ocsp_response) {
3116 free(ckch->ocsp_response->area);
3117 ckch->ocsp_response->area = NULL;
3118 free(ckch->ocsp_response);
3119 ckch->ocsp_response = NULL;
3120 }
yanbzhu488a4d22015-12-01 15:16:07 -05003121}
3122
William Lallemand8d0f8932019-10-17 18:03:58 +02003123/*
3124 *
3125 * This function copy a cert_key_and_chain in memory
3126 *
3127 * It's used to try to apply changes on a ckch before committing them, because
3128 * most of the time it's not possible to revert those changes
3129 *
3130 * Return a the dst or NULL
3131 */
3132static struct cert_key_and_chain *ssl_sock_copy_cert_key_and_chain(struct cert_key_and_chain *src,
3133 struct cert_key_and_chain *dst)
3134{
3135 if (src->cert) {
3136 dst->cert = src->cert;
3137 X509_up_ref(src->cert);
3138 }
3139
3140 if (src->key) {
3141 dst->key = src->key;
3142 EVP_PKEY_up_ref(src->key);
3143 }
3144
3145 if (src->chain) {
3146 dst->chain = X509_chain_up_ref(src->chain);
3147 }
3148
3149 if (src->dh) {
3150 DH_up_ref(src->dh);
3151 dst->dh = src->dh;
3152 }
3153
3154 if (src->sctl) {
3155 struct buffer *sctl;
3156
3157 sctl = calloc(1, sizeof(*sctl));
3158 if (!chunk_dup(sctl, src->sctl)) {
3159 free(sctl);
3160 sctl = NULL;
3161 goto error;
3162 }
3163 dst->sctl = sctl;
3164 }
3165
3166 if (src->ocsp_response) {
3167 struct buffer *ocsp_response;
3168
3169 ocsp_response = calloc(1, sizeof(*ocsp_response));
3170 if (!chunk_dup(ocsp_response, src->ocsp_response)) {
3171 free(ocsp_response);
3172 ocsp_response = NULL;
3173 goto error;
3174 }
3175 dst->ocsp_response = ocsp_response;
3176 }
3177
3178 if (src->ocsp_issuer) {
3179 X509_up_ref(src->ocsp_issuer);
3180 dst->ocsp_issuer = src->ocsp_issuer;
3181 }
3182
3183 return dst;
3184
3185error:
3186
3187 /* free everything */
3188 ssl_sock_free_cert_key_and_chain_contents(dst);
3189
3190 return NULL;
3191}
3192
3193
yanbzhu488a4d22015-12-01 15:16:07 -05003194/* checks if a key and cert exists in the ckch
3195 */
William Lallemand1633e392019-09-30 12:58:13 +02003196#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu488a4d22015-12-01 15:16:07 -05003197static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
3198{
3199 return (ckch->cert != NULL && ckch->key != NULL);
3200}
William Lallemand1633e392019-09-30 12:58:13 +02003201#endif
yanbzhu488a4d22015-12-01 15:16:07 -05003202
William Lallemandf9568fc2019-10-16 18:27:58 +02003203/*
3204 * return 0 on success or != 0 on failure
3205 */
3206static int ssl_sock_load_issuer_file_into_ckch(const char *path, char *buf, struct cert_key_and_chain *ckch, char **err)
3207{
3208 int ret = 1;
3209 BIO *in = NULL;
3210 X509 *issuer;
3211
3212 if (buf) {
3213 /* reading from a buffer */
3214 in = BIO_new_mem_buf(buf, -1);
3215 if (in == NULL) {
3216 memprintf(err, "%sCan't allocate memory\n", err && *err ? *err : "");
3217 goto end;
3218 }
3219
3220 } else {
3221 /* reading from a file */
3222 in = BIO_new(BIO_s_file());
3223 if (in == NULL)
3224 goto end;
3225
3226 if (BIO_read_filename(in, path) <= 0)
3227 goto end;
3228 }
3229
3230 issuer = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
3231 if (!issuer) {
3232 memprintf(err, "%s'%s' cannot be read or parsed'.\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01003233 err && *err ? *err : "", path);
William Lallemandf9568fc2019-10-16 18:27:58 +02003234 goto end;
3235 }
3236 ret = 0;
3237 ckch->ocsp_issuer = issuer;
3238
3239end:
3240
3241 ERR_clear_error();
3242 if (in)
3243 BIO_free(in);
3244
3245 return ret;
3246}
3247
William Lallemand96a9c972019-10-17 11:56:17 +02003248
3249/*
3250 * Try to load a PEM file from a <path> or a buffer <buf>
3251 * The PEM must contain at least a Private Key and a Certificate,
3252 * It could contain a DH and a certificate chain.
yanbzhu488a4d22015-12-01 15:16:07 -05003253 *
William Lallemand96a9c972019-10-17 11:56:17 +02003254 * If it failed you should not attempt to use the ckch but free it.
3255 *
3256 * Return 0 on success or != 0 on failure
yanbzhu488a4d22015-12-01 15:16:07 -05003257 */
William Lallemand96a9c972019-10-17 11:56:17 +02003258static int ssl_sock_load_pem_into_ckch(const char *path, char *buf, struct cert_key_and_chain *ckch , char **err)
yanbzhu488a4d22015-12-01 15:16:07 -05003259{
William Lallemandf11365b2019-09-19 14:25:58 +02003260 BIO *in = NULL;
yanbzhu488a4d22015-12-01 15:16:07 -05003261 int ret = 1;
Emmanuel Hocdet83cbd3c2019-10-25 11:55:03 +02003262 X509 *ca;
William Lallemand96a9c972019-10-17 11:56:17 +02003263 X509 *cert = NULL;
3264 EVP_PKEY *key = NULL;
3265 DH *dh;
3266
3267 if (buf) {
3268 /* reading from a buffer */
3269 in = BIO_new_mem_buf(buf, -1);
3270 if (in == NULL) {
3271 memprintf(err, "%sCan't allocate memory\n", err && *err ? *err : "");
3272 goto end;
3273 }
yanbzhu488a4d22015-12-01 15:16:07 -05003274
William Lallemand96a9c972019-10-17 11:56:17 +02003275 } else {
3276 /* reading from a file */
William Lallemandf11365b2019-09-19 14:25:58 +02003277 in = BIO_new(BIO_s_file());
3278 if (in == NULL)
3279 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003280
William Lallemandf11365b2019-09-19 14:25:58 +02003281 if (BIO_read_filename(in, path) <= 0)
3282 goto end;
William Lallemandf11365b2019-09-19 14:25:58 +02003283 }
yanbzhu488a4d22015-12-01 15:16:07 -05003284
yanbzhu488a4d22015-12-01 15:16:07 -05003285 /* Read Private Key */
William Lallemand96a9c972019-10-17 11:56:17 +02003286 key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
3287 if (key == NULL) {
yanbzhu488a4d22015-12-01 15:16:07 -05003288 memprintf(err, "%sunable to load private key from file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003289 err && *err ? *err : "", path);
yanbzhu488a4d22015-12-01 15:16:07 -05003290 goto end;
3291 }
3292
Emmanuel Hocdet54227d82019-07-30 17:04:01 +02003293#ifndef OPENSSL_NO_DH
William Lallemandfa892222019-07-23 16:06:08 +02003294 /* Seek back to beginning of file */
3295 if (BIO_reset(in) == -1) {
3296 memprintf(err, "%san error occurred while reading the file '%s'.\n",
3297 err && *err ? *err : "", path);
3298 goto end;
3299 }
3300
William Lallemand96a9c972019-10-17 11:56:17 +02003301 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
3302 /* no need to return an error there, dh is not mandatory */
3303
3304 if (dh) {
3305 if (ckch->dh)
3306 DH_free(ckch->dh);
3307 ckch->dh = dh;
3308 }
3309
Emmanuel Hocdet54227d82019-07-30 17:04:01 +02003310#endif
William Lallemandfa892222019-07-23 16:06:08 +02003311
Willy Tarreaubb137a82016-04-06 19:02:38 +02003312 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02003313 if (BIO_reset(in) == -1) {
3314 memprintf(err, "%san error occurred while reading the file '%s'.\n",
3315 err && *err ? *err : "", path);
3316 goto end;
3317 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02003318
3319 /* Read Certificate */
William Lallemand96a9c972019-10-17 11:56:17 +02003320 cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
3321 if (cert == NULL) {
Willy Tarreaubb137a82016-04-06 19:02:38 +02003322 memprintf(err, "%sunable to load certificate from file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003323 err && *err ? *err : "", path);
Willy Tarreaubb137a82016-04-06 19:02:38 +02003324 goto end;
3325 }
3326
William Lallemand96a9c972019-10-17 11:56:17 +02003327 if (!X509_check_private_key(cert, key)) {
Emmanuel Hocdet03e09f32019-07-30 14:21:25 +02003328 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003329 err && *err ? *err : "", path);
Emmanuel Hocdet03e09f32019-07-30 14:21:25 +02003330 goto end;
3331 }
3332
William Lallemand96a9c972019-10-17 11:56:17 +02003333 /* Key and Cert are good, we can use them in the ckch */
3334 if (ckch->key) /* free the previous key */
3335 EVP_PKEY_free(ckch->key);
3336 ckch->key = key;
Emmanuel Hocdet83cbd3c2019-10-25 11:55:03 +02003337 key = NULL;
William Lallemand96a9c972019-10-17 11:56:17 +02003338
3339 if (ckch->cert) /* free the previous cert */
3340 X509_free(ckch->cert);
3341 ckch->cert = cert;
Emmanuel Hocdet83cbd3c2019-10-25 11:55:03 +02003342 cert = NULL;
William Lallemand96a9c972019-10-17 11:56:17 +02003343
3344 /* Look for a Certificate Chain */
3345 ca = PEM_read_bio_X509(in, NULL, NULL, NULL);
3346 if (ca) {
3347 /* there is a chain a in the PEM, clean the previous one in the CKCH */
3348 if (ckch->chain) /* free the previous chain */
3349 sk_X509_pop_free(ckch->chain, X509_free);
3350 ckch->chain = sk_X509_new_null();
3351 if (!sk_X509_push(ckch->chain, ca)) {
3352 X509_free(ca);
3353 goto end;
3354 }
3355 }
3356 /* look for other crt in the chain */
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01003357 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL)))
3358 if (!sk_X509_push(ckch->chain, ca)) {
3359 X509_free(ca);
3360 goto end;
3361 }
yanbzhu488a4d22015-12-01 15:16:07 -05003362
Emmanuel Hocdeted17f472019-10-24 18:28:33 +02003363 /* no chain */
3364 if (ckch->chain == NULL) {
3365 ckch->chain = sk_X509_new_null();
3366 }
3367
yanbzhu488a4d22015-12-01 15:16:07 -05003368 ret = ERR_get_error();
3369 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
3370 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003371 err && *err ? *err : "", path);
yanbzhu488a4d22015-12-01 15:16:07 -05003372 goto end;
William Lallemand246c0242019-10-11 08:59:13 +02003373 }
3374
3375 ret = 0;
3376
William Lallemand96a9c972019-10-17 11:56:17 +02003377end:
William Lallemand246c0242019-10-11 08:59:13 +02003378
3379 ERR_clear_error();
William Lallemand96a9c972019-10-17 11:56:17 +02003380 if (in)
William Lallemand246c0242019-10-11 08:59:13 +02003381 BIO_free(in);
Emmanuel Hocdet83cbd3c2019-10-25 11:55:03 +02003382 if (key)
3383 EVP_PKEY_free(key);
3384 if (cert)
3385 X509_free(cert);
William Lallemanda17f4112019-10-10 15:16:44 +02003386
William Lallemand96a9c972019-10-17 11:56:17 +02003387 return ret;
3388}
3389
3390/*
3391 * Try to load in a ckch every files related to a ckch.
3392 * (PEM, sctl, ocsp, issuer etc.)
3393 *
3394 * This function is only used to load files during the configuration parsing,
3395 * it is not used with the CLI.
3396 *
3397 * This allows us to carry the contents of the file without having to read the
3398 * file multiple times. The caller must call
3399 * ssl_sock_free_cert_key_and_chain_contents.
3400 *
3401 * returns:
3402 * 0 on Success
3403 * 1 on SSL Failure
3404 */
3405static int ssl_sock_load_files_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
3406{
3407 int ret = 1;
3408
3409 /* try to load the PEM */
3410 if (ssl_sock_load_pem_into_ckch(path, NULL, ckch , err) != 0) {
3411 goto end;
3412 }
3413
William Lallemanda17f4112019-10-10 15:16:44 +02003414#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
3415 /* try to load the sctl file */
3416 {
3417 char fp[MAXPATHLEN+1];
3418 struct stat st;
3419
3420 snprintf(fp, MAXPATHLEN+1, "%s.sctl", path);
3421 if (stat(fp, &st) == 0) {
William Lallemand0dfae6c2019-10-16 18:06:58 +02003422 if (ssl_sock_load_sctl_from_file(fp, NULL, ckch, err)) {
William Lallemanda17f4112019-10-10 15:16:44 +02003423 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01003424 err && *err ? *err : "", fp);
William Lallemanda17f4112019-10-10 15:16:44 +02003425 ret = 1;
3426 goto end;
3427 }
3428 }
3429 }
3430#endif
yanbzhu488a4d22015-12-01 15:16:07 -05003431
William Lallemand246c0242019-10-11 08:59:13 +02003432 /* try to load an ocsp response file */
3433 {
3434 char fp[MAXPATHLEN+1];
3435 struct stat st;
3436
3437 snprintf(fp, MAXPATHLEN+1, "%s.ocsp", path);
3438 if (stat(fp, &st) == 0) {
William Lallemand3b5f3602019-10-16 18:05:05 +02003439 if (ssl_sock_load_ocsp_response_from_file(fp, NULL, ckch, err)) {
William Lallemand246c0242019-10-11 08:59:13 +02003440 ret = 1;
3441 goto end;
3442 }
3443 }
3444 }
3445
Emmanuel Hocdeteaad5cc2019-10-25 12:19:00 +02003446#ifndef OPENSSL_IS_BORINGSSL /* Useless for BoringSSL */
William Lallemand246c0242019-10-11 08:59:13 +02003447 if (ckch->ocsp_response) {
3448 X509 *issuer;
3449 int i;
3450
3451 /* check if one of the certificate of the chain is the issuer */
3452 for (i = 0; i < sk_X509_num(ckch->chain); i++) {
3453 issuer = sk_X509_value(ckch->chain, i);
3454 if (X509_check_issued(issuer, ckch->cert) == X509_V_OK) {
3455 ckch->ocsp_issuer = issuer;
3456 break;
3457 } else
3458 issuer = NULL;
3459 }
3460
3461 /* if no issuer was found, try to load an issuer from the .issuer */
3462 if (!issuer) {
3463 struct stat st;
3464 char fp[MAXPATHLEN+1];
3465
3466 snprintf(fp, MAXPATHLEN+1, "%s.issuer", path);
3467 if (stat(fp, &st) == 0) {
William Lallemandf9568fc2019-10-16 18:27:58 +02003468 if (ssl_sock_load_issuer_file_into_ckch(fp, NULL, ckch, err)) {
William Lallemand246c0242019-10-11 08:59:13 +02003469 ret = 1;
3470 goto end;
3471 }
3472
3473 if (X509_check_issued(ckch->ocsp_issuer, ckch->cert) != X509_V_OK) {
William Lallemand786188f2019-10-15 10:05:37 +02003474 memprintf(err, "%s '%s' is not an issuer'.\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01003475 err && *err ? *err : "", fp);
William Lallemand246c0242019-10-11 08:59:13 +02003476 ret = 1;
3477 goto end;
3478 }
3479 } else {
3480 memprintf(err, "%sNo issuer found, cannot use the OCSP response'.\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01003481 err && *err ? *err : "");
William Lallemand246c0242019-10-11 08:59:13 +02003482 ret = 1;
3483 goto end;
3484 }
3485 }
3486 }
Emmanuel Hocdeteaad5cc2019-10-25 12:19:00 +02003487#endif
William Lallemand246c0242019-10-11 08:59:13 +02003488
yanbzhu488a4d22015-12-01 15:16:07 -05003489 ret = 0;
3490
3491end:
3492
3493 ERR_clear_error();
yanbzhu488a4d22015-12-01 15:16:07 -05003494
3495 /* Something went wrong in one of the reads */
3496 if (ret != 0)
3497 ssl_sock_free_cert_key_and_chain_contents(ckch);
3498
3499 return ret;
3500}
3501
3502/* Loads the info in ckch into ctx
Emeric Bruna96b5822019-10-17 13:25:14 +02003503 * Returns a bitfield containing the flags:
3504 * ERR_FATAL in any fatal error case
3505 * ERR_ALERT if the reason of the error is available in err
3506 * ERR_WARN if a warning is available into err
3507 * The value 0 means there is no error nor warning and
3508 * the operation succeed.
yanbzhu488a4d22015-12-01 15:16:07 -05003509 */
3510static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
3511{
Emeric Bruna96b5822019-10-17 13:25:14 +02003512 int errcode = 0;
3513
yanbzhu488a4d22015-12-01 15:16:07 -05003514 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
3515 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
3516 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003517 errcode |= ERR_ALERT | ERR_FATAL;
3518 return errcode;
yanbzhu488a4d22015-12-01 15:16:07 -05003519 }
3520
3521 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
3522 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
3523 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003524 errcode |= ERR_ALERT | ERR_FATAL;
3525 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003526 }
3527
yanbzhu488a4d22015-12-01 15:16:07 -05003528 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003529#ifdef SSL_CTX_set1_chain
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01003530 if (!SSL_CTX_set1_chain(ctx, ckch->chain)) {
3531 memprintf(err, "%sunable to load chain certificate into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
3532 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003533 errcode |= ERR_ALERT | ERR_FATAL;
3534 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003535 }
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003536#else
3537 { /* legacy compat (< openssl 1.0.2) */
3538 X509 *ca;
Emmanuel Hocdet140b64f2019-10-24 18:33:10 +02003539 STACK_OF(X509) *chain;
3540 chain = X509_chain_up_ref(ckch->chain);
3541 while ((ca = sk_X509_shift(chain)))
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003542 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3543 memprintf(err, "%sunable to load chain certificate into SSL Context '%s'.\n",
3544 err && *err ? *err : "", path);
3545 X509_free(ca);
Emmanuel Hocdet140b64f2019-10-24 18:33:10 +02003546 sk_X509_pop_free(chain, X509_free);
Emeric Bruna96b5822019-10-17 13:25:14 +02003547 errcode |= ERR_ALERT | ERR_FATAL;
3548 goto end;
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003549 }
3550 }
3551#endif
yanbzhu488a4d22015-12-01 15:16:07 -05003552
William Lallemandfa892222019-07-23 16:06:08 +02003553#ifndef OPENSSL_NO_DH
3554 /* store a NULL pointer to indicate we have not yet loaded
3555 a custom DH param file */
3556 if (ssl_dh_ptr_index >= 0) {
3557 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3558 }
3559
Emeric Brun7a883362019-10-17 13:27:40 +02003560 errcode |= ssl_sock_load_dh_params(ctx, ckch, path, err);
3561 if (errcode & ERR_CODE) {
William Lallemandfa892222019-07-23 16:06:08 +02003562 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3563 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003564 goto end;
William Lallemandfa892222019-07-23 16:06:08 +02003565 }
3566#endif
3567
William Lallemanda17f4112019-10-10 15:16:44 +02003568#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
3569 if (sctl_ex_index >= 0 && ckch->sctl) {
3570 if (ssl_sock_load_sctl(ctx, ckch->sctl) < 0) {
3571 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01003572 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003573 errcode |= ERR_ALERT | ERR_FATAL;
3574 goto end;
William Lallemanda17f4112019-10-10 15:16:44 +02003575 }
3576 }
3577#endif
3578
William Lallemand4a660132019-10-14 14:51:41 +02003579#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
William Lallemand246c0242019-10-11 08:59:13 +02003580 /* Load OCSP Info into context */
3581 if (ckch->ocsp_response) {
3582 if (ssl_sock_load_ocsp(ctx, ckch) < 0) {
Tim Duesterhus93128532019-11-23 23:45:10 +01003583 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3584 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003585 errcode |= ERR_ALERT | ERR_FATAL;
3586 goto end;
William Lallemand246c0242019-10-11 08:59:13 +02003587 }
3588 }
William Lallemand246c0242019-10-11 08:59:13 +02003589#endif
3590
Emeric Bruna96b5822019-10-17 13:25:14 +02003591 end:
3592 return errcode;
yanbzhu488a4d22015-12-01 15:16:07 -05003593}
3594
William Lallemandc4ecddf2019-07-31 16:50:08 +02003595#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu08ce6ab2015-12-02 13:01:29 -05003596
William Lallemand28a8fce2019-10-04 17:36:55 +02003597static int ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003598{
3599 struct sni_keytype *s_kt = NULL;
3600 struct ebmb_node *node;
3601 int i;
3602
3603 for (i = 0; i < trash.size; i++) {
3604 if (!str[i])
3605 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003606 trash.area[i] = tolower(str[i]);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003607 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003608 trash.area[i] = 0;
3609 node = ebst_lookup(sni_keytypes, trash.area);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003610 if (!node) {
3611 /* CN not found in tree */
3612 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
3613 /* Using memcpy here instead of strncpy.
3614 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
3615 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
3616 */
William Lallemand28a8fce2019-10-04 17:36:55 +02003617 if (!s_kt)
3618 return -1;
3619
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003620 memcpy(s_kt->name.key, trash.area, i+1);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003621 s_kt->keytypes = 0;
3622 ebst_insert(sni_keytypes, &s_kt->name);
3623 } else {
3624 /* CN found in tree */
3625 s_kt = container_of(node, struct sni_keytype, name);
3626 }
3627
3628 /* Mark that this CN has the keytype of key_index via keytypes mask */
3629 s_kt->keytypes |= 1<<key_index;
3630
William Lallemand28a8fce2019-10-04 17:36:55 +02003631 return 0;
3632
yanbzhu08ce6ab2015-12-02 13:01:29 -05003633}
3634
William Lallemandc4ecddf2019-07-31 16:50:08 +02003635#endif
William Lallemand8c1cdde2019-10-18 10:58:14 +02003636/*
3637 * Free a ckch_store and its ckch(s)
3638 * The linked ckch_inst are not free'd
3639 */
3640void ckchs_free(struct ckch_store *ckchs)
3641{
3642 if (!ckchs)
3643 return;
3644
3645#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3646 if (ckchs->multi) {
3647 int n;
3648
3649 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
3650 ssl_sock_free_cert_key_and_chain_contents(&ckchs->ckch[n]);
3651 } else
3652#endif
3653 {
3654 ssl_sock_free_cert_key_and_chain_contents(ckchs->ckch);
3655 ckchs->ckch = NULL;
3656 }
3657
3658 free(ckchs);
3659}
3660
3661/* allocate and duplicate a ckch_store
3662 * Return a new ckch_store or NULL */
3663static struct ckch_store *ckchs_dup(const struct ckch_store *src)
3664{
3665 struct ckch_store *dst;
3666 int pathlen;
3667
3668 pathlen = strlen(src->path);
3669 dst = calloc(1, sizeof(*dst) + pathlen + 1);
3670 if (!dst)
3671 return NULL;
3672 /* copy previous key */
3673 memcpy(dst->path, src->path, pathlen + 1);
3674 dst->multi = src->multi;
3675 LIST_INIT(&dst->ckch_inst);
3676
3677 dst->ckch = calloc((src->multi ? SSL_SOCK_NUM_KEYTYPES : 1), sizeof(*dst->ckch));
3678 if (!dst->ckch)
3679 goto error;
3680
3681#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3682 if (src->multi) {
3683 int n;
3684
3685 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3686 if (&src->ckch[n]) {
3687 if (!ssl_sock_copy_cert_key_and_chain(&src->ckch[n], &dst->ckch[n]))
3688 goto error;
3689 }
3690 }
3691 } else
3692#endif
3693 {
3694 if (!ssl_sock_copy_cert_key_and_chain(src->ckch, dst->ckch))
3695 goto error;
3696 }
3697
3698 return dst;
3699
3700error:
3701 ckchs_free(dst);
3702
3703 return NULL;
3704}
William Lallemandc4ecddf2019-07-31 16:50:08 +02003705
William Lallemand36b84632019-07-18 19:28:17 +02003706/*
William Lallemande3af8fb2019-10-08 11:36:53 +02003707 * lookup a path into the ckchs tree.
William Lallemand6af03992019-07-23 15:00:54 +02003708 */
William Lallemande3af8fb2019-10-08 11:36:53 +02003709static inline struct ckch_store *ckchs_lookup(char *path)
William Lallemand6af03992019-07-23 15:00:54 +02003710{
3711 struct ebmb_node *eb;
3712
William Lallemande3af8fb2019-10-08 11:36:53 +02003713 eb = ebst_lookup(&ckchs_tree, path);
William Lallemand6af03992019-07-23 15:00:54 +02003714 if (!eb)
3715 return NULL;
3716
William Lallemande3af8fb2019-10-08 11:36:53 +02003717 return ebmb_entry(eb, struct ckch_store, node);
William Lallemand6af03992019-07-23 15:00:54 +02003718}
3719
3720/*
William Lallemande3af8fb2019-10-08 11:36:53 +02003721 * This function allocate a ckch_store and populate it with certificates from files.
William Lallemand36b84632019-07-18 19:28:17 +02003722 */
William Lallemande3af8fb2019-10-08 11:36:53 +02003723static struct ckch_store *ckchs_load_cert_file(char *path, int multi, char **err)
William Lallemand36b84632019-07-18 19:28:17 +02003724{
William Lallemande3af8fb2019-10-08 11:36:53 +02003725 struct ckch_store *ckchs;
William Lallemand36b84632019-07-18 19:28:17 +02003726
William Lallemande3af8fb2019-10-08 11:36:53 +02003727 ckchs = calloc(1, sizeof(*ckchs) + strlen(path) + 1);
3728 if (!ckchs) {
William Lallemand36b84632019-07-18 19:28:17 +02003729 memprintf(err, "%sunable to allocate memory.\n", err && *err ? *err : "");
3730 goto end;
3731 }
William Lallemande3af8fb2019-10-08 11:36:53 +02003732 ckchs->ckch = calloc(1, sizeof(*ckchs->ckch) * (multi ? SSL_SOCK_NUM_KEYTYPES : 1));
William Lallemand36b84632019-07-18 19:28:17 +02003733
William Lallemande3af8fb2019-10-08 11:36:53 +02003734 if (!ckchs->ckch) {
William Lallemand36b84632019-07-18 19:28:17 +02003735 memprintf(err, "%sunable to allocate memory.\n", err && *err ? *err : "");
3736 goto end;
3737 }
3738
William Lallemand9117de92019-10-04 00:29:42 +02003739 LIST_INIT(&ckchs->ckch_inst);
3740
William Lallemand36b84632019-07-18 19:28:17 +02003741 if (!multi) {
3742
William Lallemand96a9c972019-10-17 11:56:17 +02003743 if (ssl_sock_load_files_into_ckch(path, ckchs->ckch, err) == 1)
William Lallemand36b84632019-07-18 19:28:17 +02003744 goto end;
3745
William Lallemande3af8fb2019-10-08 11:36:53 +02003746 /* insert into the ckchs tree */
3747 memcpy(ckchs->path, path, strlen(path) + 1);
3748 ebst_insert(&ckchs_tree, &ckchs->node);
William Lallemand36b84632019-07-18 19:28:17 +02003749 } else {
3750 int found = 0;
William Lallemandc4ecddf2019-07-31 16:50:08 +02003751#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3752 char fp[MAXPATHLEN+1] = {0};
3753 int n = 0;
William Lallemand36b84632019-07-18 19:28:17 +02003754
3755 /* Load all possible certs and keys */
3756 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3757 struct stat buf;
3758 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3759 if (stat(fp, &buf) == 0) {
William Lallemand96a9c972019-10-17 11:56:17 +02003760 if (ssl_sock_load_files_into_ckch(fp, &ckchs->ckch[n], err) == 1)
William Lallemand36b84632019-07-18 19:28:17 +02003761 goto end;
3762 found = 1;
William Lallemande3af8fb2019-10-08 11:36:53 +02003763 ckchs->multi = 1;
William Lallemand36b84632019-07-18 19:28:17 +02003764 }
3765 }
William Lallemandc4ecddf2019-07-31 16:50:08 +02003766#endif
William Lallemand36b84632019-07-18 19:28:17 +02003767
3768 if (!found) {
William Lallemand6e5f2ce2019-08-01 14:43:20 +02003769 memprintf(err, "%sDidn't find any certificate for bundle '%s'.\n", err && *err ? *err : "", path);
William Lallemand36b84632019-07-18 19:28:17 +02003770 goto end;
3771 }
William Lallemande3af8fb2019-10-08 11:36:53 +02003772 /* insert into the ckchs tree */
3773 memcpy(ckchs->path, path, strlen(path) + 1);
3774 ebst_insert(&ckchs_tree, &ckchs->node);
William Lallemand36b84632019-07-18 19:28:17 +02003775 }
William Lallemande3af8fb2019-10-08 11:36:53 +02003776 return ckchs;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003777
William Lallemand36b84632019-07-18 19:28:17 +02003778end:
William Lallemande3af8fb2019-10-08 11:36:53 +02003779 if (ckchs) {
3780 free(ckchs->ckch);
3781 ebmb_delete(&ckchs->node);
William Lallemand6af03992019-07-23 15:00:54 +02003782 }
3783
William Lallemande3af8fb2019-10-08 11:36:53 +02003784 free(ckchs);
William Lallemand36b84632019-07-18 19:28:17 +02003785
3786 return NULL;
3787}
3788
William Lallemandc4ecddf2019-07-31 16:50:08 +02003789#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3790
William Lallemand36b84632019-07-18 19:28:17 +02003791/*
William Lallemande3af8fb2019-10-08 11:36:53 +02003792 * Take a ckch_store which contains a multi-certificate bundle.
William Lallemand36b84632019-07-18 19:28:17 +02003793 * Group these certificates into a set of SSL_CTX*
yanbzhu08ce6ab2015-12-02 13:01:29 -05003794 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
3795 *
Joseph Herlant017b3da2018-11-15 09:07:59 -08003796 * This will allow the user to explicitly group multiple cert/keys for a single purpose
yanbzhu08ce6ab2015-12-02 13:01:29 -05003797 *
Emeric Brun054563d2019-10-17 13:16:58 +02003798 * Returns a bitfield containing the flags:
3799 * ERR_FATAL in any fatal error case
3800 * ERR_ALERT if the reason of the error is available in err
3801 * ERR_WARN if a warning is available into err
William Lallemand36b84632019-07-18 19:28:17 +02003802 *
yanbzhu08ce6ab2015-12-02 13:01:29 -05003803 */
Emeric Brun054563d2019-10-17 13:16:58 +02003804static int ckch_inst_new_load_multi_store(const char *path, struct ckch_store *ckchs,
3805 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3806 char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003807{
William Lallemand36b84632019-07-18 19:28:17 +02003808 int i = 0, n = 0;
3809 struct cert_key_and_chain *certs_and_keys;
William Lallemand4b989f22019-10-04 18:36:55 +02003810 struct eb_root sni_keytypes_map = EB_ROOT;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003811 struct ebmb_node *node;
3812 struct ebmb_node *next;
3813 /* Array of SSL_CTX pointers corresponding to each possible combo
3814 * of keytypes
3815 */
3816 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
Emeric Brun054563d2019-10-17 13:16:58 +02003817 int errcode = 0;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003818 X509_NAME *xname = NULL;
3819 char *str = NULL;
3820#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3821 STACK_OF(GENERAL_NAME) *names = NULL;
3822#endif
William Lallemand614ca0d2019-10-07 13:52:11 +02003823 struct ckch_inst *ckch_inst;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003824
Emeric Brun054563d2019-10-17 13:16:58 +02003825 *ckchi = NULL;
3826
William Lallemande3af8fb2019-10-08 11:36:53 +02003827 if (!ckchs || !ckchs->ckch || !ckchs->multi) {
William Lallemand36b84632019-07-18 19:28:17 +02003828 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3829 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003830 return ERR_ALERT | ERR_FATAL;
William Lallemand614ca0d2019-10-07 13:52:11 +02003831 }
3832
3833 ckch_inst = ckch_inst_new();
3834 if (!ckch_inst) {
3835 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3836 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003837 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand614ca0d2019-10-07 13:52:11 +02003838 goto end;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003839 }
3840
William Lallemande3af8fb2019-10-08 11:36:53 +02003841 certs_and_keys = ckchs->ckch;
William Lallemand36b84632019-07-18 19:28:17 +02003842
William Lallemand150bfa82019-09-19 17:12:49 +02003843 /* at least one of the instances is using filters during the config
3844 * parsing, that's ok to inherit this during loading on CLI */
William Lallemand920b0352019-12-04 15:33:01 +01003845 ckchs->filters |= !!fcount;
William Lallemand150bfa82019-09-19 17:12:49 +02003846
yanbzhu08ce6ab2015-12-02 13:01:29 -05003847 /* Process each ckch and update keytypes for each CN/SAN
3848 * for example, if CN/SAN www.a.com is associated with
3849 * certs with keytype 0 and 2, then at the end of the loop,
3850 * www.a.com will have:
3851 * keyindex = 0 | 1 | 4 = 5
3852 */
3853 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
William Lallemand28a8fce2019-10-04 17:36:55 +02003854 int ret;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003855
3856 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3857 continue;
3858
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003859 if (fcount) {
William Lallemand28a8fce2019-10-04 17:36:55 +02003860 for (i = 0; i < fcount; i++) {
3861 ret = ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3862 if (ret < 0) {
3863 memprintf(err, "%sunable to allocate SSL context.\n",
3864 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003865 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003866 goto end;
3867 }
3868 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003869 } else {
3870 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3871 * so the line that contains logic is marked via comments
3872 */
3873 xname = X509_get_subject_name(certs_and_keys[n].cert);
3874 i = -1;
3875 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3876 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003877 ASN1_STRING *value;
3878 value = X509_NAME_ENTRY_get_data(entry);
3879 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003880 /* Important line is here */
William Lallemand28a8fce2019-10-04 17:36:55 +02003881 ret = ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003882
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003883 OPENSSL_free(str);
3884 str = NULL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003885 if (ret < 0) {
3886 memprintf(err, "%sunable to allocate SSL context.\n",
3887 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003888 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003889 goto end;
3890 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003891 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003892 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003893
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003894 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003895#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003896 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3897 if (names) {
3898 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3899 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003900
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003901 if (name->type == GEN_DNS) {
3902 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3903 /* Important line is here */
William Lallemand28a8fce2019-10-04 17:36:55 +02003904 ret = ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003905
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003906 OPENSSL_free(str);
3907 str = NULL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003908 if (ret < 0) {
3909 memprintf(err, "%sunable to allocate SSL context.\n",
3910 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003911 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003912 goto end;
3913 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003914 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003915 }
3916 }
3917 }
3918 }
3919#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3920 }
3921
3922 /* If no files found, return error */
3923 if (eb_is_empty(&sni_keytypes_map)) {
3924 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3925 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003926 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003927 goto end;
3928 }
3929
3930 /* We now have a map of CN/SAN to keytypes that are loaded in
3931 * Iterate through the map to create the SSL_CTX's (if needed)
3932 * and add each CTX to the SNI tree
3933 *
3934 * Some math here:
Joseph Herlant017b3da2018-11-15 09:07:59 -08003935 * There are 2^n - 1 possible combinations, each unique
yanbzhu08ce6ab2015-12-02 13:01:29 -05003936 * combination is denoted by the key in the map. Each key
3937 * has a value between 1 and 2^n - 1. Conveniently, the array
3938 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3939 * entry in the array to correspond to the unique combo (key)
3940 * associated with i. This unique key combo (i) will be associated
3941 * with combos[i-1]
3942 */
3943
3944 node = ebmb_first(&sni_keytypes_map);
3945 while (node) {
3946 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003947 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003948 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003949
3950 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3951 i = container_of(node, struct sni_keytype, name)->keytypes;
3952 cur_ctx = key_combos[i-1].ctx;
3953
3954 if (cur_ctx == NULL) {
3955 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003956 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003957 if (cur_ctx == NULL) {
3958 memprintf(err, "%sunable to allocate SSL context.\n",
3959 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003960 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003961 goto end;
3962 }
3963
yanbzhube2774d2015-12-10 15:07:30 -05003964 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003965 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3966 if (i & (1<<n)) {
3967 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003968 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
Emeric Bruna96b5822019-10-17 13:25:14 +02003969 errcode |= ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err);
3970 if (errcode & ERR_CODE)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003971 goto end;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003972 }
3973 }
3974
yanbzhu08ce6ab2015-12-02 13:01:29 -05003975 /* Update key_combos */
3976 key_combos[i-1].ctx = cur_ctx;
3977 }
3978
3979 /* Update SNI Tree */
William Lallemand9117de92019-10-04 00:29:42 +02003980
William Lallemand1d29c742019-10-04 00:53:29 +02003981 key_combos[i-1].order = ckch_inst_add_cert_sni(cur_ctx, ckch_inst, bind_conf, ssl_conf,
William Lallemandfe49bb32019-10-03 23:46:33 +02003982 kinfo, str, key_combos[i-1].order);
3983 if (key_combos[i-1].order < 0) {
3984 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003985 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandfe49bb32019-10-03 23:46:33 +02003986 goto end;
3987 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003988 node = ebmb_next(node);
3989 }
3990
3991
3992 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3993 if (!bind_conf->default_ctx) {
3994 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3995 if (key_combos[i].ctx) {
3996 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003997 bind_conf->default_ssl_conf = ssl_conf;
William Lallemand21724f02019-11-04 17:56:13 +01003998 ckch_inst->is_default = 1;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003999 break;
4000 }
4001 }
4002 }
4003
William Lallemand614ca0d2019-10-07 13:52:11 +02004004 ckch_inst->bind_conf = bind_conf;
William Lallemand150bfa82019-09-19 17:12:49 +02004005 ckch_inst->ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004006end:
4007
4008 if (names)
4009 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
4010
yanbzhu08ce6ab2015-12-02 13:01:29 -05004011 node = ebmb_first(&sni_keytypes_map);
4012 while (node) {
4013 next = ebmb_next(node);
4014 ebmb_delete(node);
William Lallemand8ed5b962019-10-04 17:24:39 +02004015 free(ebmb_entry(node, struct sni_keytype, name));
yanbzhu08ce6ab2015-12-02 13:01:29 -05004016 node = next;
4017 }
4018
Emeric Brun054563d2019-10-17 13:16:58 +02004019 if (errcode & ERR_CODE && ckch_inst) {
William Lallemand0c6d12f2019-10-04 18:38:51 +02004020 struct sni_ctx *sc0, *sc0b;
4021
4022 /* free the SSL_CTX in case of error */
4023 for (i = 0; i < SSL_SOCK_POSSIBLE_KT_COMBOS; i++) {
4024 if (key_combos[i].ctx)
4025 SSL_CTX_free(key_combos[i].ctx);
4026 }
4027
4028 /* free the sni_ctx in case of error */
4029 list_for_each_entry_safe(sc0, sc0b, &ckch_inst->sni_ctx, by_ckch_inst) {
4030
4031 ebmb_delete(&sc0->name);
4032 LIST_DEL(&sc0->by_ckch_inst);
4033 free(sc0);
4034 }
William Lallemand614ca0d2019-10-07 13:52:11 +02004035 free(ckch_inst);
4036 ckch_inst = NULL;
William Lallemand0c6d12f2019-10-04 18:38:51 +02004037 }
4038
Emeric Brun054563d2019-10-17 13:16:58 +02004039 *ckchi = ckch_inst;
4040 return errcode;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004041}
4042#else
4043/* This is a dummy, that just logs an error and returns error */
Emeric Brun054563d2019-10-17 13:16:58 +02004044static int ckch_inst_new_load_multi_store(const char *path, struct ckch_store *ckchs,
4045 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
4046 char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05004047{
4048 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
4049 err && *err ? *err : "", path, strerror(errno));
Emeric Brun054563d2019-10-17 13:16:58 +02004050 return ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004051}
4052
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004053#endif /* #if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
yanbzhu488a4d22015-12-01 15:16:07 -05004054
William Lallemand614ca0d2019-10-07 13:52:11 +02004055/*
4056 * This function allocate a ckch_inst and create its snis
Emeric Brun054563d2019-10-17 13:16:58 +02004057 *
4058 * Returns a bitfield containing the flags:
4059 * ERR_FATAL in any fatal error case
4060 * ERR_ALERT if the reason of the error is available in err
4061 * ERR_WARN if a warning is available into err
William Lallemand614ca0d2019-10-07 13:52:11 +02004062 */
Emeric Brun054563d2019-10-17 13:16:58 +02004063static int ckch_inst_new_load_store(const char *path, struct ckch_store *ckchs, struct bind_conf *bind_conf,
4064 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004065{
William Lallemandc9402072019-05-15 15:33:54 +02004066 SSL_CTX *ctx;
William Lallemandc9402072019-05-15 15:33:54 +02004067 int i;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004068 int order = 0;
4069 X509_NAME *xname;
4070 char *str;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01004071 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02004072 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Emeric Brunfc0421f2012-09-07 17:30:07 +02004073#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
4074 STACK_OF(GENERAL_NAME) *names;
4075#endif
William Lallemand36b84632019-07-18 19:28:17 +02004076 struct cert_key_and_chain *ckch;
William Lallemand614ca0d2019-10-07 13:52:11 +02004077 struct ckch_inst *ckch_inst = NULL;
Emeric Brun054563d2019-10-17 13:16:58 +02004078 int errcode = 0;
4079
4080 *ckchi = NULL;
William Lallemanda59191b2019-05-15 16:08:56 +02004081
William Lallemande3af8fb2019-10-08 11:36:53 +02004082 if (!ckchs || !ckchs->ckch)
Emeric Brun054563d2019-10-17 13:16:58 +02004083 return ERR_FATAL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004084
William Lallemande3af8fb2019-10-08 11:36:53 +02004085 ckch = ckchs->ckch;
William Lallemand36b84632019-07-18 19:28:17 +02004086
William Lallemand150bfa82019-09-19 17:12:49 +02004087 /* at least one of the instances is using filters during the config
4088 * parsing, that's ok to inherit this during loading on CLI */
William Lallemand920b0352019-12-04 15:33:01 +01004089 ckchs->filters |= !!fcount;
William Lallemand150bfa82019-09-19 17:12:49 +02004090
William Lallemandc9402072019-05-15 15:33:54 +02004091 ctx = SSL_CTX_new(SSLv23_server_method());
4092 if (!ctx) {
4093 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
4094 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02004095 errcode |= ERR_ALERT | ERR_FATAL;
4096 goto error;
William Lallemandc9402072019-05-15 15:33:54 +02004097 }
4098
Emeric Bruna96b5822019-10-17 13:25:14 +02004099 errcode |= ssl_sock_put_ckch_into_ctx(path, ckch, ctx, err);
4100 if (errcode & ERR_CODE)
William Lallemand614ca0d2019-10-07 13:52:11 +02004101 goto error;
William Lallemand614ca0d2019-10-07 13:52:11 +02004102
4103 ckch_inst = ckch_inst_new();
4104 if (!ckch_inst) {
4105 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
4106 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02004107 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02004108 goto error;
William Lallemandc9402072019-05-15 15:33:54 +02004109 }
4110
William Lallemand36b84632019-07-18 19:28:17 +02004111 pkey = X509_get_pubkey(ckch->cert);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01004112 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02004113 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01004114 switch(EVP_PKEY_base_id(pkey)) {
4115 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02004116 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01004117 break;
4118 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02004119 kinfo.sig = TLSEXT_signature_ecdsa;
4120 break;
4121 case EVP_PKEY_DSA:
4122 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01004123 break;
4124 }
4125 EVP_PKEY_free(pkey);
4126 }
4127
Emeric Brun50bcecc2013-04-22 13:05:23 +02004128 if (fcount) {
William Lallemandfe49bb32019-10-03 23:46:33 +02004129 while (fcount--) {
William Lallemand1d29c742019-10-04 00:53:29 +02004130 order = ckch_inst_add_cert_sni(ctx, ckch_inst, bind_conf, ssl_conf, kinfo, sni_filter[fcount], order);
William Lallemandfe49bb32019-10-03 23:46:33 +02004131 if (order < 0) {
4132 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02004133 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02004134 goto error;
William Lallemandfe49bb32019-10-03 23:46:33 +02004135 }
4136 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004137 }
4138 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02004139#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
William Lallemand36b84632019-07-18 19:28:17 +02004140 names = X509_get_ext_d2i(ckch->cert, NID_subject_alt_name, NULL, NULL);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004141 if (names) {
4142 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
4143 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
4144 if (name->type == GEN_DNS) {
4145 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
William Lallemand1d29c742019-10-04 00:53:29 +02004146 order = ckch_inst_add_cert_sni(ctx, ckch_inst, bind_conf, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004147 OPENSSL_free(str);
William Lallemandfe49bb32019-10-03 23:46:33 +02004148 if (order < 0) {
4149 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02004150 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02004151 goto error;
William Lallemandfe49bb32019-10-03 23:46:33 +02004152 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004153 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004154 }
4155 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004156 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004157 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004158#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
William Lallemand36b84632019-07-18 19:28:17 +02004159 xname = X509_get_subject_name(ckch->cert);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004160 i = -1;
4161 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
4162 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02004163 ASN1_STRING *value;
4164
4165 value = X509_NAME_ENTRY_get_data(entry);
4166 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
William Lallemand1d29c742019-10-04 00:53:29 +02004167 order = ckch_inst_add_cert_sni(ctx, ckch_inst, bind_conf, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004168 OPENSSL_free(str);
William Lallemandfe49bb32019-10-03 23:46:33 +02004169 if (order < 0) {
4170 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02004171 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02004172 goto error;
William Lallemandfe49bb32019-10-03 23:46:33 +02004173 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004174 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004175 }
4176 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004177 /* we must not free the SSL_CTX anymore below, since it's already in
4178 * the tree, so it will be discovered and cleaned in time.
4179 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02004180
Emeric Brunfc0421f2012-09-07 17:30:07 +02004181#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004182 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02004183 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
4184 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02004185 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02004186 goto error;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004187 }
4188#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004189 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004190 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004191 bind_conf->default_ssl_conf = ssl_conf;
William Lallemand21724f02019-11-04 17:56:13 +01004192 ckch_inst->is_default = 1;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004193 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004194
William Lallemand9117de92019-10-04 00:29:42 +02004195 /* everything succeed, the ckch instance can be used */
4196 ckch_inst->bind_conf = bind_conf;
William Lallemand150bfa82019-09-19 17:12:49 +02004197 ckch_inst->ssl_conf = ssl_conf;
William Lallemand9117de92019-10-04 00:29:42 +02004198
Emeric Brun054563d2019-10-17 13:16:58 +02004199 *ckchi = ckch_inst;
4200 return errcode;
William Lallemandd9199372019-10-04 15:37:05 +02004201
4202error:
4203 /* free the allocated sni_ctxs */
William Lallemand614ca0d2019-10-07 13:52:11 +02004204 if (ckch_inst) {
William Lallemandd9199372019-10-04 15:37:05 +02004205 struct sni_ctx *sc0, *sc0b;
4206
4207 list_for_each_entry_safe(sc0, sc0b, &ckch_inst->sni_ctx, by_ckch_inst) {
4208
4209 ebmb_delete(&sc0->name);
4210 LIST_DEL(&sc0->by_ckch_inst);
4211 free(sc0);
4212 }
William Lallemand614ca0d2019-10-07 13:52:11 +02004213 free(ckch_inst);
4214 ckch_inst = NULL;
William Lallemandd9199372019-10-04 15:37:05 +02004215 }
4216 /* We only created 1 SSL_CTX so we can free it there */
4217 SSL_CTX_free(ctx);
4218
Emeric Brun054563d2019-10-17 13:16:58 +02004219 return errcode;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004220}
4221
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004222/* Returns a set of ERR_* flags possibly with an error in <err>. */
William Lallemand614ca0d2019-10-07 13:52:11 +02004223static int ssl_sock_load_ckchs(const char *path, struct ckch_store *ckchs,
4224 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
4225 char **sni_filter, int fcount, char **err)
4226{
4227 struct ckch_inst *ckch_inst = NULL;
Emeric Brun054563d2019-10-17 13:16:58 +02004228 int errcode = 0;
William Lallemand614ca0d2019-10-07 13:52:11 +02004229
4230 /* we found the ckchs in the tree, we can use it directly */
4231 if (ckchs->multi)
Emeric Brun054563d2019-10-17 13:16:58 +02004232 errcode |= ckch_inst_new_load_multi_store(path, ckchs, bind_conf, ssl_conf, sni_filter, fcount, &ckch_inst, err);
William Lallemand614ca0d2019-10-07 13:52:11 +02004233 else
Emeric Brun054563d2019-10-17 13:16:58 +02004234 errcode |= ckch_inst_new_load_store(path, ckchs, bind_conf, ssl_conf, sni_filter, fcount, &ckch_inst, err);
William Lallemand614ca0d2019-10-07 13:52:11 +02004235
Emeric Brun054563d2019-10-17 13:16:58 +02004236 if (errcode & ERR_CODE)
4237 return errcode;
William Lallemand614ca0d2019-10-07 13:52:11 +02004238
4239 ssl_sock_load_cert_sni(ckch_inst, bind_conf);
4240
4241 /* succeed, add the instance to the ckch_store's list of instance */
4242 LIST_ADDQ(&ckchs->ckch_inst, &ckch_inst->by_ckchs);
Emeric Brun054563d2019-10-17 13:16:58 +02004243 return errcode;
William Lallemand614ca0d2019-10-07 13:52:11 +02004244}
4245
4246
Willy Tarreaubbc91962019-10-16 16:42:19 +02004247/* Returns a set of ERR_* flags possibly with an error in <err>. */
Willy Tarreau03209342016-12-22 17:08:28 +01004248int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004249{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01004250 struct dirent **de_list;
4251 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004252 DIR *dir;
4253 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01004254 char *end;
4255 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02004256 int cfgerr = 0;
William Lallemande3af8fb2019-10-08 11:36:53 +02004257 struct ckch_store *ckchs;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004258#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05004259 int is_bundle;
4260 int j;
4261#endif
William Lallemande3af8fb2019-10-08 11:36:53 +02004262 if ((ckchs = ckchs_lookup(path))) {
William Lallemande3af8fb2019-10-08 11:36:53 +02004263 /* we found the ckchs in the tree, we can use it directly */
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004264 return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
William Lallemand6af03992019-07-23 15:00:54 +02004265 }
4266
yanbzhu08ce6ab2015-12-02 13:01:29 -05004267 if (stat(path, &buf) == 0) {
4268 dir = opendir(path);
William Lallemand36b84632019-07-18 19:28:17 +02004269 if (!dir) {
William Lallemande3af8fb2019-10-08 11:36:53 +02004270 ckchs = ckchs_load_cert_file(path, 0, err);
4271 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004272 return ERR_ALERT | ERR_FATAL;
4273
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004274 return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
William Lallemand36b84632019-07-18 19:28:17 +02004275 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004276
yanbzhu08ce6ab2015-12-02 13:01:29 -05004277 /* strip trailing slashes, including first one */
4278 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
4279 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004280
yanbzhu08ce6ab2015-12-02 13:01:29 -05004281 n = scandir(path, &de_list, 0, alphasort);
4282 if (n < 0) {
4283 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
4284 err && *err ? *err : "", path, strerror(errno));
Willy Tarreaubbc91962019-10-16 16:42:19 +02004285 cfgerr |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004286 }
4287 else {
4288 for (i = 0; i < n; i++) {
4289 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02004290
yanbzhu08ce6ab2015-12-02 13:01:29 -05004291 end = strrchr(de->d_name, '.');
4292 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
4293 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01004294
yanbzhu08ce6ab2015-12-02 13:01:29 -05004295 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
4296 if (stat(fp, &buf) != 0) {
4297 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
4298 err && *err ? *err : "", fp, strerror(errno));
Willy Tarreaubbc91962019-10-16 16:42:19 +02004299 cfgerr |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004300 goto ignore_entry;
4301 }
4302 if (!S_ISREG(buf.st_mode))
4303 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05004304
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004305#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05004306 is_bundle = 0;
4307 /* Check if current entry in directory is part of a multi-cert bundle */
4308
4309 if (end) {
4310 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
4311 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
4312 is_bundle = 1;
4313 break;
4314 }
4315 }
4316
4317 if (is_bundle) {
yanbzhu63ea8462015-12-09 13:35:14 -05004318 int dp_len;
4319
4320 dp_len = end - de->d_name;
yanbzhu63ea8462015-12-09 13:35:14 -05004321
4322 /* increment i and free de until we get to a non-bundle cert
4323 * Note here that we look at de_list[i + 1] before freeing de
Willy Tarreau05800522019-10-29 10:48:50 +01004324 * this is important since ignore_entry will free de. This also
4325 * guarantees that de->d_name continues to hold the same prefix.
yanbzhu63ea8462015-12-09 13:35:14 -05004326 */
Willy Tarreau05800522019-10-29 10:48:50 +01004327 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, de->d_name, dp_len)) {
yanbzhu63ea8462015-12-09 13:35:14 -05004328 free(de);
4329 i++;
4330 de = de_list[i];
4331 }
4332
Willy Tarreau05800522019-10-29 10:48:50 +01004333 snprintf(fp, sizeof(fp), "%s/%.*s", path, dp_len, de->d_name);
William Lallemande3af8fb2019-10-08 11:36:53 +02004334 if ((ckchs = ckchs_lookup(fp)) == NULL)
4335 ckchs = ckchs_load_cert_file(fp, 1, err);
4336 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004337 cfgerr |= ERR_ALERT | ERR_FATAL;
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004338 else
4339 cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05004340 /* Successfully processed the bundle */
4341 goto ignore_entry;
4342 }
4343 }
4344
4345#endif
William Lallemande3af8fb2019-10-08 11:36:53 +02004346 if ((ckchs = ckchs_lookup(fp)) == NULL)
4347 ckchs = ckchs_load_cert_file(fp, 0, err);
4348 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004349 cfgerr |= ERR_ALERT | ERR_FATAL;
William Lallemand614ca0d2019-10-07 13:52:11 +02004350 else
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004351 cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
William Lallemand36b84632019-07-18 19:28:17 +02004352
yanbzhu08ce6ab2015-12-02 13:01:29 -05004353ignore_entry:
4354 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01004355 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05004356 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004357 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05004358 closedir(dir);
4359 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004360 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05004361
William Lallemande3af8fb2019-10-08 11:36:53 +02004362 ckchs = ckchs_load_cert_file(path, 1, err);
4363 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004364 return ERR_ALERT | ERR_FATAL;
4365
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004366 cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05004367
Emeric Brunfc0421f2012-09-07 17:30:07 +02004368 return cfgerr;
4369}
4370
Thierry Fournier383085f2013-01-24 14:15:43 +01004371/* Make sure openssl opens /dev/urandom before the chroot. The work is only
4372 * done once. Zero is returned if the operation fails. No error is returned
4373 * if the random is said as not implemented, because we expect that openssl
4374 * will use another method once needed.
4375 */
4376static int ssl_initialize_random()
4377{
4378 unsigned char random;
4379 static int random_initialized = 0;
4380
4381 if (!random_initialized && RAND_bytes(&random, 1) != 0)
4382 random_initialized = 1;
4383
4384 return random_initialized;
4385}
4386
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004387/* release ssl bind conf */
4388void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004389{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004390 if (conf) {
Bernard Spil13c53f82018-02-15 13:34:58 +01004391#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004392 free(conf->npn_str);
4393 conf->npn_str = NULL;
4394#endif
4395#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4396 free(conf->alpn_str);
4397 conf->alpn_str = NULL;
4398#endif
4399 free(conf->ca_file);
4400 conf->ca_file = NULL;
4401 free(conf->crl_file);
4402 conf->crl_file = NULL;
4403 free(conf->ciphers);
4404 conf->ciphers = NULL;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004405#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004406 free(conf->ciphersuites);
4407 conf->ciphersuites = NULL;
4408#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004409 free(conf->curves);
4410 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004411 free(conf->ecdhe);
4412 conf->ecdhe = NULL;
4413 }
4414}
4415
Willy Tarreaubbc91962019-10-16 16:42:19 +02004416/* Returns a set of ERR_* flags possibly with an error in <err>. */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004417int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
4418{
4419 char thisline[CRT_LINESIZE];
4420 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004421 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05004422 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004423 int linenum = 0;
4424 int cfgerr = 0;
William Lallemande3af8fb2019-10-08 11:36:53 +02004425 struct ckch_store *ckchs;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004426
Willy Tarreauad1731d2013-04-02 17:35:58 +02004427 if ((f = fopen(file, "r")) == NULL) {
4428 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Willy Tarreaubbc91962019-10-16 16:42:19 +02004429 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004430 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004431
4432 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004433 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004434 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004435 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004436 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004437 char *crt_path;
4438 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004439
4440 linenum++;
4441 end = line + strlen(line);
4442 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
4443 /* Check if we reached the limit and the last char is not \n.
4444 * Watch out for the last line without the terminating '\n'!
4445 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02004446 memprintf(err, "line %d too long in file '%s', limit is %d characters",
4447 linenum, file, (int)sizeof(thisline)-1);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004448 cfgerr |= ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004449 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004450 }
4451
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004452 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02004453 newarg = 1;
4454 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004455 if (*line == '#' || *line == '\n' || *line == '\r') {
4456 /* end of string, end of loop */
4457 *line = 0;
4458 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004459 } else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02004460 newarg = 1;
4461 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004462 } else if (*line == '[') {
4463 if (ssl_b) {
4464 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004465 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004466 break;
4467 }
4468 if (!arg) {
4469 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004470 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004471 break;
4472 }
4473 ssl_b = arg;
4474 newarg = 1;
4475 *line = 0;
4476 } else if (*line == ']') {
4477 if (ssl_e) {
4478 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004479 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brun50bcecc2013-04-22 13:05:23 +02004480 break;
4481 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004482 if (!ssl_b) {
4483 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004484 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004485 break;
4486 }
4487 ssl_e = arg;
4488 newarg = 1;
4489 *line = 0;
4490 } else if (newarg) {
4491 if (arg == MAX_CRT_ARGS) {
4492 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004493 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004494 break;
4495 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02004496 newarg = 0;
4497 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004498 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02004499 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004500 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02004501 if (cfgerr)
4502 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004503 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004504
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004505 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004506 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004507 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004508
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004509 crt_path = args[0];
4510 if (*crt_path != '/' && global_ssl.crt_base) {
4511 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
4512 memprintf(err, "'%s' : path too long on line %d in file '%s'",
4513 crt_path, linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004514 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004515 break;
4516 }
4517 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
4518 crt_path = path;
4519 }
4520
4521 ssl_conf = calloc(1, sizeof *ssl_conf);
4522 cur_arg = ssl_b ? ssl_b : 1;
4523 while (cur_arg < ssl_e) {
4524 newarg = 0;
4525 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
4526 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
4527 newarg = 1;
Willy Tarreaubbc91962019-10-16 16:42:19 +02004528 cfgerr |= ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004529 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
4530 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
4531 args[cur_arg], linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004532 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004533 }
4534 cur_arg += 1 + ssl_bind_kws[i].skip;
4535 break;
4536 }
4537 }
4538 if (!cfgerr && !newarg) {
4539 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
4540 args[cur_arg], linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004541 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004542 break;
4543 }
4544 }
Willy Tarreaubbc91962019-10-16 16:42:19 +02004545
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004546 if (cfgerr) {
4547 ssl_sock_free_ssl_conf(ssl_conf);
4548 free(ssl_conf);
4549 ssl_conf = NULL;
4550 break;
4551 }
4552
William Lallemande3af8fb2019-10-08 11:36:53 +02004553 if ((ckchs = ckchs_lookup(crt_path)) == NULL) {
William Lallemandeed4bf22019-10-10 11:38:13 +02004554 if (stat(crt_path, &buf) == 0)
William Lallemande3af8fb2019-10-08 11:36:53 +02004555 ckchs = ckchs_load_cert_file(crt_path, 0, err);
Emmanuel Hocdet1503e052019-07-31 18:30:33 +02004556 else
William Lallemande3af8fb2019-10-08 11:36:53 +02004557 ckchs = ckchs_load_cert_file(crt_path, 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05004558 }
4559
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004560 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004561 cfgerr |= ERR_ALERT | ERR_FATAL;
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004562 else
4563 cfgerr |= ssl_sock_load_ckchs(crt_path, ckchs, bind_conf, ssl_conf, &args[cur_arg], arg - cur_arg - 1, err);
William Lallemandeed4bf22019-10-10 11:38:13 +02004564
Willy Tarreauad1731d2013-04-02 17:35:58 +02004565 if (cfgerr) {
4566 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004567 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004568 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004569 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004570 fclose(f);
4571 return cfgerr;
4572}
4573
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004574/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004575static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004576ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004577{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004578 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004579 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02004580 SSL_OP_ALL | /* all known workarounds for bugs */
4581 SSL_OP_NO_SSLv2 |
4582 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02004583 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02004584 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02004585 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02004586 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02004587 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004588 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02004589 SSL_MODE_ENABLE_PARTIAL_WRITE |
4590 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004591 SSL_MODE_RELEASE_BUFFERS |
4592 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004593 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004594 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004595 int flags = MC_SSL_O_ALL;
4596 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004597
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004598 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004599 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004600
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004601 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004602 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
4603 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4604 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004605 else
4606 flags = conf_ssl_methods->flags;
4607
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02004608 min = conf_ssl_methods->min;
4609 max = conf_ssl_methods->max;
4610 /* start with TLSv10 to remove SSLv3 per default */
4611 if (!min && (!max || max >= CONF_TLSV10))
4612 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004613 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02004614 if (min)
4615 flags |= (methodVersions[min].flag - 1);
4616 if (max)
4617 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004618 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004619 min = max = CONF_TLSV_NONE;
4620 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004621 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004622 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004623 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004624 if (min) {
4625 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004626 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
4627 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4628 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
4629 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004630 hole = 0;
4631 }
4632 max = i;
4633 }
4634 else {
4635 min = max = i;
4636 }
4637 }
4638 else {
4639 if (min)
4640 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004641 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004642 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004643 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4644 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004645 cfgerr += 1;
4646 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004647 /* save real min/max in bind_conf */
4648 conf_ssl_methods->min = min;
4649 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004650
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004651#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004652 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08004653 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004654 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004655 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004656 else
4657 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4658 if (flags & methodVersions[i].flag)
4659 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004660#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004661 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004662 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4663 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02004664#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004665
4666 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
4667 options |= SSL_OP_NO_TICKET;
4668 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
4669 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
Dirkjan Bussink526894f2019-01-21 09:35:03 -08004670
4671#ifdef SSL_OP_NO_RENEGOTIATION
4672 options |= SSL_OP_NO_RENEGOTIATION;
4673#endif
4674
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004675 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004676
Willy Tarreau5db847a2019-05-09 14:13:35 +02004677#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004678 if (global_ssl.async)
4679 mode |= SSL_MODE_ASYNC;
4680#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004681 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004682 if (global_ssl.life_time)
4683 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004684
4685#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
4686#ifdef OPENSSL_IS_BORINGSSL
4687 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
4688 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Willy Tarreau5db847a2019-05-09 14:13:35 +02004689#elif (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard545989f2019-12-17 15:39:54 +01004690 if (bind_conf->ssl_conf.early_data)
Olivier Houchard51088ce2019-01-02 18:46:41 +01004691 SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02004692 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
4693 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004694#else
4695 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004696#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02004697 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004698#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004699 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004700}
4701
William Lallemand4f45bb92017-10-30 20:08:51 +01004702
4703static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
4704{
4705 if (first == block) {
4706 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4707 if (first->len > 0)
4708 sh_ssl_sess_tree_delete(sh_ssl_sess);
4709 }
4710}
4711
4712/* return first block from sh_ssl_sess */
4713static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
4714{
4715 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
4716
4717}
4718
4719/* store a session into the cache
4720 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
4721 * data: asn1 encoded session
4722 * data_len: asn1 encoded session length
4723 * Returns 1 id session was stored (else 0)
4724 */
4725static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
4726{
4727 struct shared_block *first;
4728 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
4729
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004730 first = shctx_row_reserve_hot(ssl_shctx, NULL, data_len + sizeof(struct sh_ssl_sess_hdr));
William Lallemand4f45bb92017-10-30 20:08:51 +01004731 if (!first) {
4732 /* Could not retrieve enough free blocks to store that session */
4733 return 0;
4734 }
4735
4736 /* STORE the key in the first elem */
4737 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4738 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
4739 first->len = sizeof(struct sh_ssl_sess_hdr);
4740
4741 /* it returns the already existing node
4742 or current node if none, never returns null */
4743 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
4744 if (oldsh_ssl_sess != sh_ssl_sess) {
4745 /* NOTE: Row couldn't be in use because we lock read & write function */
4746 /* release the reserved row */
4747 shctx_row_dec_hot(ssl_shctx, first);
4748 /* replace the previous session already in the tree */
4749 sh_ssl_sess = oldsh_ssl_sess;
4750 /* ignore the previous session data, only use the header */
4751 first = sh_ssl_sess_first_block(sh_ssl_sess);
4752 shctx_row_inc_hot(ssl_shctx, first);
4753 first->len = sizeof(struct sh_ssl_sess_hdr);
4754 }
4755
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004756 if (shctx_row_data_append(ssl_shctx, first, NULL, data, data_len) < 0) {
William Lallemand99b90af2018-01-03 19:15:51 +01004757 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004758 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01004759 }
4760
4761 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004762
4763 return 1;
4764}
William Lallemanded0b5ad2017-10-30 19:36:36 +01004765
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004766/* SSL callback used when a new session is created while connecting to a server */
4767static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
4768{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004769 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004770 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004771
Willy Tarreau07d94e42018-09-20 10:57:52 +02004772 s = __objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004773
Olivier Houcharde6060c52017-11-16 17:42:52 +01004774 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
4775 int len;
4776 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004777
Olivier Houcharde6060c52017-11-16 17:42:52 +01004778 len = i2d_SSL_SESSION(sess, NULL);
4779 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
4780 ptr = s->ssl_ctx.reused_sess[tid].ptr;
4781 } else {
4782 free(s->ssl_ctx.reused_sess[tid].ptr);
4783 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
4784 s->ssl_ctx.reused_sess[tid].allocated_size = len;
4785 }
4786 if (s->ssl_ctx.reused_sess[tid].ptr) {
4787 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
4788 &ptr);
4789 }
4790 } else {
4791 free(s->ssl_ctx.reused_sess[tid].ptr);
4792 s->ssl_ctx.reused_sess[tid].ptr = NULL;
4793 }
4794
4795 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004796}
4797
Olivier Houcharde6060c52017-11-16 17:42:52 +01004798
William Lallemanded0b5ad2017-10-30 19:36:36 +01004799/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01004800int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004801{
4802 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
4803 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
4804 unsigned char *p;
4805 int data_len;
Emeric Bruneb469652019-10-08 18:27:37 +02004806 unsigned int sid_length;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004807 const unsigned char *sid_data;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004808
4809 /* Session id is already stored in to key and session id is known
4810 * so we dont store it to keep size.
Emeric Bruneb469652019-10-08 18:27:37 +02004811 * note: SSL_SESSION_set1_id is using
4812 * a memcpy so we need to use a different pointer
4813 * than sid_data or sid_ctx_data to avoid valgrind
4814 * complaining.
William Lallemanded0b5ad2017-10-30 19:36:36 +01004815 */
4816
4817 sid_data = SSL_SESSION_get_id(sess, &sid_length);
Emeric Bruneb469652019-10-08 18:27:37 +02004818
4819 /* copy value in an other buffer */
4820 memcpy(encid, sid_data, sid_length);
4821
4822 /* pad with 0 */
4823 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
4824 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
4825
4826 /* force length to zero to avoid ASN1 encoding */
4827 SSL_SESSION_set1_id(sess, encid, 0);
4828
4829 /* force length to zero to avoid ASN1 encoding */
4830 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, 0);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004831
4832 /* check if buffer is large enough for the ASN1 encoded session */
4833 data_len = i2d_SSL_SESSION(sess, NULL);
4834 if (data_len > SHSESS_MAX_DATA_LEN)
4835 goto err;
4836
4837 p = encsess;
4838
4839 /* process ASN1 session encoding before the lock */
4840 i2d_SSL_SESSION(sess, &p);
4841
William Lallemanded0b5ad2017-10-30 19:36:36 +01004842
William Lallemanda3c77cf2017-10-30 23:44:40 +01004843 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004844 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004845 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01004846 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004847err:
4848 /* reset original length values */
Emeric Bruneb469652019-10-08 18:27:37 +02004849 SSL_SESSION_set1_id(sess, encid, sid_length);
4850 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004851
4852 return 0; /* do not increment session reference count */
4853}
4854
4855/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004856SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004857{
William Lallemand4f45bb92017-10-30 20:08:51 +01004858 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004859 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
4860 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01004861 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01004862 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004863
4864 global.shctx_lookups++;
4865
4866 /* allow the session to be freed automatically by openssl */
4867 *do_copy = 0;
4868
4869 /* tree key is zeros padded sessionid */
4870 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4871 memcpy(tmpkey, key, key_len);
4872 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
4873 key = tmpkey;
4874 }
4875
4876 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004877 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004878
4879 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004880 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
4881 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004882 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004883 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004884 global.shctx_misses++;
4885 return NULL;
4886 }
4887
William Lallemand4f45bb92017-10-30 20:08:51 +01004888 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
4889 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004890
William Lallemand4f45bb92017-10-30 20:08:51 +01004891 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004892
William Lallemanda3c77cf2017-10-30 23:44:40 +01004893 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004894
4895 /* decode ASN1 session */
4896 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004897 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004898 /* Reset session id and session id contenxt */
4899 if (sess) {
4900 SSL_SESSION_set1_id(sess, key, key_len);
4901 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4902 }
4903
4904 return sess;
4905}
4906
William Lallemand4f45bb92017-10-30 20:08:51 +01004907
William Lallemanded0b5ad2017-10-30 19:36:36 +01004908/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004909void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004910{
William Lallemand4f45bb92017-10-30 20:08:51 +01004911 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004912 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4913 unsigned int sid_length;
4914 const unsigned char *sid_data;
4915 (void)ctx;
4916
4917 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4918 /* tree key is zeros padded sessionid */
4919 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4920 memcpy(tmpkey, sid_data, sid_length);
4921 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4922 sid_data = tmpkey;
4923 }
4924
William Lallemanda3c77cf2017-10-30 23:44:40 +01004925 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004926
4927 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004928 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4929 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004930 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004931 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004932 }
4933
4934 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004935 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004936}
4937
4938/* Set session cache mode to server and disable openssl internal cache.
4939 * Set shared cache callbacks on an ssl context.
4940 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004941void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004942{
4943 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4944
4945 if (!ssl_shctx) {
4946 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4947 return;
4948 }
4949
4950 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4951 SSL_SESS_CACHE_NO_INTERNAL |
4952 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4953
4954 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004955 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4956 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4957 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004958}
4959
William Lallemand8b453912019-11-21 15:48:10 +01004960/*
4961 * This function applies the SSL configuration on a SSL_CTX
4962 * It returns an error code and fills the <err> buffer
4963 */
4964int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx, char **err)
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004965{
4966 struct proxy *curproxy = bind_conf->frontend;
4967 int cfgerr = 0;
4968 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004969 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004970 const char *conf_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004971#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004972 const char *conf_ciphersuites;
4973#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004974 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004975
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004976 if (ssl_conf) {
4977 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4978 int i, min, max;
4979 int flags = MC_SSL_O_ALL;
4980
4981 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004982 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4983 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004984 if (min)
4985 flags |= (methodVersions[min].flag - 1);
4986 if (max)
4987 flags |= ~((methodVersions[max].flag << 1) - 1);
4988 min = max = CONF_TLSV_NONE;
4989 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4990 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4991 if (min)
4992 max = i;
4993 else
4994 min = max = i;
4995 }
4996 /* save real min/max */
4997 conf_ssl_methods->min = min;
4998 conf_ssl_methods->max = max;
4999 if (!min) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005000 memprintf(err, "%sProxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
5001 err && *err ? *err : "", bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005002 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02005003 }
5004 }
5005
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005006 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01005007 case SSL_SOCK_VERIFY_NONE:
5008 verify = SSL_VERIFY_NONE;
5009 break;
5010 case SSL_SOCK_VERIFY_OPTIONAL:
5011 verify = SSL_VERIFY_PEER;
5012 break;
5013 case SSL_SOCK_VERIFY_REQUIRED:
5014 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
5015 break;
5016 }
5017 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
5018 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005019 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
5020 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
5021 if (ca_file) {
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +02005022 /* set CAfile to verify */
5023 if (!ssl_set_verify_locations_file(ctx, ca_file)) {
5024 memprintf(err, "%sProxy '%s': unable to set CA file '%s' for bind '%s' at [%s:%d].\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01005025 err && *err ? *err : "", curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005026 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02005027 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02005028 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
5029 /* set CA names for client cert request, function returns void */
Emmanuel Hocdet129d3282019-10-24 18:08:51 +02005030 SSL_CTX_set_client_CA_list(ctx, SSL_dup_CA_list(ssl_get_client_ca_file(ca_file)));
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02005031 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02005032 }
Emeric Brun850efd52014-01-29 12:24:34 +01005033 else {
Tim Duesterhus93128532019-11-23 23:45:10 +01005034 memprintf(err, "%sProxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
5035 err && *err ? *err : "", curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005036 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brun850efd52014-01-29 12:24:34 +01005037 }
Emeric Brun051cdab2012-10-02 19:25:50 +02005038#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005039 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02005040 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
5041
Emmanuel Hocdetb270e812019-11-21 19:09:31 +01005042 if (!ssl_set_cert_crl_file(store, crl_file)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005043 memprintf(err, "%sProxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
5044 err && *err ? *err : "", curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005045 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02005046 }
Emeric Brun561e5742012-10-02 15:20:55 +02005047 else {
5048 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
5049 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02005050 }
Emeric Brun051cdab2012-10-02 19:25:50 +02005051#endif
Emeric Brun644cde02012-12-14 11:21:13 +01005052 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02005053 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01005054#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02005055 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01005056 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005057 memprintf(err, "%sProxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
5058 err && *err ? *err : "", curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005059 cfgerr |= ERR_ALERT | ERR_FATAL;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01005060 }
5061 }
5062#endif
5063
William Lallemand4f45bb92017-10-30 20:08:51 +01005064 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005065 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
5066 if (conf_ciphers &&
5067 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005068 memprintf(err, "%sProxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
5069 err && *err ? *err : "", curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005070 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02005071 }
5072
Emmanuel Hocdet839af572019-05-14 16:27:35 +02005073#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005074 conf_ciphersuites = (ssl_conf && ssl_conf->ciphersuites) ? ssl_conf->ciphersuites : bind_conf->ssl_conf.ciphersuites;
5075 if (conf_ciphersuites &&
5076 !SSL_CTX_set_ciphersuites(ctx, conf_ciphersuites)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005077 memprintf(err, "%sProxy '%s': unable to set TLS 1.3 cipher suites to '%s' for bind '%s' at [%s:%d].\n",
5078 err && *err ? *err : "", curproxy->id, conf_ciphersuites, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005079 cfgerr |= ERR_ALERT | ERR_FATAL;
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005080 }
5081#endif
5082
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01005083#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02005084 /* If tune.ssl.default-dh-param has not been set,
5085 neither has ssl-default-dh-file and no static DH
5086 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01005087 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02005088 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02005089 (ssl_dh_ptr_index == -1 ||
5090 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01005091 STACK_OF(SSL_CIPHER) * ciphers = NULL;
5092 const SSL_CIPHER * cipher = NULL;
5093 char cipher_description[128];
5094 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
5095 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
5096 which is not ephemeral DH. */
5097 const char dhe_description[] = " Kx=DH ";
5098 const char dhe_export_description[] = " Kx=DH(";
5099 int idx = 0;
5100 int dhe_found = 0;
5101 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02005102
Remi Gacogne23d5d372014-10-10 17:04:26 +02005103 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02005104
Remi Gacogne23d5d372014-10-10 17:04:26 +02005105 if (ssl) {
5106 ciphers = SSL_get_ciphers(ssl);
5107
5108 if (ciphers) {
5109 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
5110 cipher = sk_SSL_CIPHER_value(ciphers, idx);
5111 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
5112 if (strstr(cipher_description, dhe_description) != NULL ||
5113 strstr(cipher_description, dhe_export_description) != NULL) {
5114 dhe_found = 1;
5115 break;
5116 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02005117 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02005118 }
5119 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02005120 SSL_free(ssl);
5121 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02005122 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02005123
Lukas Tribus90132722014-08-18 00:56:33 +02005124 if (dhe_found) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005125 memprintf(err, "%sSetting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n",
5126 err && *err ? *err : "");
William Lallemand8b453912019-11-21 15:48:10 +01005127 cfgerr |= ERR_WARN;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02005128 }
5129
Willy Tarreauef934602016-12-22 23:12:01 +01005130 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02005131 }
Remi Gacogne8de54152014-07-15 11:36:40 +02005132
Willy Tarreauef934602016-12-22 23:12:01 +01005133 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02005134 if (local_dh_1024 == NULL) {
5135 local_dh_1024 = ssl_get_dh_1024();
5136 }
Willy Tarreauef934602016-12-22 23:12:01 +01005137 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02005138 if (local_dh_2048 == NULL) {
5139 local_dh_2048 = ssl_get_dh_2048();
5140 }
Willy Tarreauef934602016-12-22 23:12:01 +01005141 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02005142 if (local_dh_4096 == NULL) {
5143 local_dh_4096 = ssl_get_dh_4096();
5144 }
Remi Gacogne8de54152014-07-15 11:36:40 +02005145 }
5146 }
5147 }
5148#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02005149
Emeric Brunfc0421f2012-09-07 17:30:07 +02005150 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005151#if HA_OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02005152 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02005153#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02005154
Bernard Spil13c53f82018-02-15 13:34:58 +01005155#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005156 ssl_conf_cur = NULL;
5157 if (ssl_conf && ssl_conf->npn_str)
5158 ssl_conf_cur = ssl_conf;
5159 else if (bind_conf->ssl_conf.npn_str)
5160 ssl_conf_cur = &bind_conf->ssl_conf;
5161 if (ssl_conf_cur)
5162 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02005163#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01005164#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005165 ssl_conf_cur = NULL;
5166 if (ssl_conf && ssl_conf->alpn_str)
5167 ssl_conf_cur = ssl_conf;
5168 else if (bind_conf->ssl_conf.alpn_str)
5169 ssl_conf_cur = &bind_conf->ssl_conf;
5170 if (ssl_conf_cur)
5171 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02005172#endif
Lukas Tribusd14b49c2019-11-24 18:20:40 +01005173#if ((HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL) || defined(LIBRESSL_VERSION_NUMBER))
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01005174 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
5175 if (conf_curves) {
5176 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005177 memprintf(err, "%sProxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
5178 err && *err ? *err : "", curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005179 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01005180 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01005181 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01005182 }
5183#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02005184#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01005185 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02005186 int i;
5187 EC_KEY *ecdh;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005188#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005189 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02005190 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
5191 NULL);
5192
5193 if (ecdhe == NULL) {
Eric Salama3c8bde82019-11-20 11:33:40 +01005194 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005195 return cfgerr;
5196 }
5197#else
5198 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
5199 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
5200 ECDHE_DEFAULT_CURVE);
5201#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02005202
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005203 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02005204 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005205 memprintf(err, "%sProxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
5206 err && *err ? *err : "", curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005207 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brun2b58d042012-09-20 17:10:03 +02005208 }
5209 else {
5210 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
5211 EC_KEY_free(ecdh);
5212 }
5213 }
5214#endif
5215
Emeric Brunfc0421f2012-09-07 17:30:07 +02005216 return cfgerr;
5217}
5218
Evan Broderbe554312013-06-27 00:05:25 -07005219static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
5220{
5221 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
5222 size_t prefixlen, suffixlen;
5223
5224 /* Trivial case */
5225 if (strcmp(pattern, hostname) == 0)
5226 return 1;
5227
Evan Broderbe554312013-06-27 00:05:25 -07005228 /* The rest of this logic is based on RFC 6125, section 6.4.3
5229 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
5230
Emeric Bruna848dae2013-10-08 11:27:28 +02005231 pattern_wildcard = NULL;
5232 pattern_left_label_end = pattern;
5233 while (*pattern_left_label_end != '.') {
5234 switch (*pattern_left_label_end) {
5235 case 0:
5236 /* End of label not found */
5237 return 0;
5238 case '*':
5239 /* If there is more than one wildcards */
5240 if (pattern_wildcard)
5241 return 0;
5242 pattern_wildcard = pattern_left_label_end;
5243 break;
5244 }
5245 pattern_left_label_end++;
5246 }
5247
5248 /* If it's not trivial and there is no wildcard, it can't
5249 * match */
5250 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07005251 return 0;
5252
5253 /* Make sure all labels match except the leftmost */
5254 hostname_left_label_end = strchr(hostname, '.');
5255 if (!hostname_left_label_end
5256 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
5257 return 0;
5258
5259 /* Make sure the leftmost label of the hostname is long enough
5260 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02005261 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07005262 return 0;
5263
5264 /* Finally compare the string on either side of the
5265 * wildcard */
5266 prefixlen = pattern_wildcard - pattern;
5267 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02005268 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
5269 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07005270 return 0;
5271
5272 return 1;
5273}
5274
5275static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
5276{
5277 SSL *ssl;
5278 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005279 struct ssl_sock_ctx *ssl_ctx;
Willy Tarreau2ab88672017-07-05 18:23:03 +02005280 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02005281 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07005282
5283 int depth;
5284 X509 *cert;
5285 STACK_OF(GENERAL_NAME) *alt_names;
5286 int i;
5287 X509_NAME *cert_subject;
5288 char *str;
5289
5290 if (ok == 0)
5291 return ok;
5292
5293 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02005294 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005295 ssl_ctx = conn->xprt_ctx;
Evan Broderbe554312013-06-27 00:05:25 -07005296
Willy Tarreauad92a9a2017-07-28 11:38:41 +02005297 /* We're checking if the provided hostnames match the desired one. The
5298 * desired hostname comes from the SNI we presented if any, or if not
5299 * provided then it may have been explicitly stated using a "verifyhost"
5300 * directive. If neither is set, we don't care about the name so the
5301 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02005302 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005303 servername = SSL_get_servername(ssl_ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02005304 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02005305 if (!servername) {
Willy Tarreau07d94e42018-09-20 10:57:52 +02005306 servername = __objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02005307 if (!servername)
5308 return ok;
5309 }
Evan Broderbe554312013-06-27 00:05:25 -07005310
5311 /* We only need to verify the CN on the actual server cert,
5312 * not the indirect CAs */
5313 depth = X509_STORE_CTX_get_error_depth(ctx);
5314 if (depth != 0)
5315 return ok;
5316
5317 /* At this point, the cert is *not* OK unless we can find a
5318 * hostname match */
5319 ok = 0;
5320
5321 cert = X509_STORE_CTX_get_current_cert(ctx);
5322 /* It seems like this might happen if verify peer isn't set */
5323 if (!cert)
5324 return ok;
5325
5326 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
5327 if (alt_names) {
5328 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
5329 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
5330 if (name->type == GEN_DNS) {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005331#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Emeric Bruna33410c2013-09-17 15:47:48 +02005332 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
5333#else
Evan Broderbe554312013-06-27 00:05:25 -07005334 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02005335#endif
Evan Broderbe554312013-06-27 00:05:25 -07005336 ok = ssl_sock_srv_hostcheck(str, servername);
5337 OPENSSL_free(str);
5338 }
5339 }
5340 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02005341 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07005342 }
5343
5344 cert_subject = X509_get_subject_name(cert);
5345 i = -1;
5346 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
5347 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005348 ASN1_STRING *value;
5349 value = X509_NAME_ENTRY_get_data(entry);
5350 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07005351 ok = ssl_sock_srv_hostcheck(str, servername);
5352 OPENSSL_free(str);
5353 }
5354 }
5355
Willy Tarreau71d058c2017-07-26 20:09:56 +02005356 /* report the mismatch and indicate if SNI was used or not */
5357 if (!ok && !conn->err_code)
5358 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07005359 return ok;
5360}
5361
Emeric Brun94324a42012-10-11 14:00:19 +02005362/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01005363int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02005364{
Willy Tarreau03209342016-12-22 17:08:28 +01005365 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02005366 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02005367 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02005368 SSL_OP_ALL | /* all known workarounds for bugs */
5369 SSL_OP_NO_SSLv2 |
5370 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02005371 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02005372 SSL_MODE_ENABLE_PARTIAL_WRITE |
5373 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01005374 SSL_MODE_RELEASE_BUFFERS |
5375 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01005376 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005377 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005378 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005379 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005380 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02005381
Thierry Fournier383085f2013-01-24 14:15:43 +01005382 /* Make sure openssl opens /dev/urandom before the chroot */
5383 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005384 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01005385 cfgerr++;
5386 }
5387
Willy Tarreaufce03112015-01-15 21:32:40 +01005388 /* Automatic memory computations need to know we use SSL there */
5389 global.ssl_used_backend = 1;
5390
5391 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02005392 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005393 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005394 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
5395 curproxy->id, srv->id,
5396 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005397 cfgerr++;
5398 return cfgerr;
5399 }
5400 }
Emeric Brun94324a42012-10-11 14:00:19 +02005401 if (srv->use_ssl)
5402 srv->xprt = &ssl_sock;
5403 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01005404 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02005405
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005406 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005407 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005408 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
5409 proxy_type_str(curproxy), curproxy->id,
5410 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02005411 cfgerr++;
5412 return cfgerr;
5413 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005414
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005415 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01005416 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
5417 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
5418 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005419 else
5420 flags = conf_ssl_methods->flags;
5421
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005422 /* Real min and max should be determinate with configuration and openssl's capabilities */
5423 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005424 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005425 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005426 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005427
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02005428 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005429 min = max = CONF_TLSV_NONE;
5430 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005431 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005432 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005433 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005434 if (min) {
5435 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005436 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
5437 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
5438 proxy_type_str(curproxy), curproxy->id, srv->id,
5439 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005440 hole = 0;
5441 }
5442 max = i;
5443 }
5444 else {
5445 min = max = i;
5446 }
5447 }
5448 else {
5449 if (min)
5450 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005451 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005452 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005453 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
5454 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005455 cfgerr += 1;
5456 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005457
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005458#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005459 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08005460 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005461 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02005462 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005463 else
5464 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
5465 if (flags & methodVersions[i].flag)
5466 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005467#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005468 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02005469 methodVersions[min].ctx_set_version(ctx, SET_MIN);
5470 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005471#endif
5472
5473 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
5474 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005475 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005476
Willy Tarreau5db847a2019-05-09 14:13:35 +02005477#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005478 if (global_ssl.async)
5479 mode |= SSL_MODE_ASYNC;
5480#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005481 SSL_CTX_set_mode(ctx, mode);
5482 srv->ssl_ctx.ctx = ctx;
5483
Emeric Bruna7aa3092012-10-26 12:58:00 +02005484 if (srv->ssl_ctx.client_crt) {
5485 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005486 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
5487 proxy_type_str(curproxy), curproxy->id,
5488 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02005489 cfgerr++;
5490 }
5491 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005492 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
5493 proxy_type_str(curproxy), curproxy->id,
5494 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02005495 cfgerr++;
5496 }
5497 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005498 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
5499 proxy_type_str(curproxy), curproxy->id,
5500 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02005501 cfgerr++;
5502 }
5503 }
Emeric Brun94324a42012-10-11 14:00:19 +02005504
Emeric Brun850efd52014-01-29 12:24:34 +01005505 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
5506 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01005507 switch (srv->ssl_ctx.verify) {
5508 case SSL_SOCK_VERIFY_NONE:
5509 verify = SSL_VERIFY_NONE;
5510 break;
5511 case SSL_SOCK_VERIFY_REQUIRED:
5512 verify = SSL_VERIFY_PEER;
5513 break;
5514 }
Evan Broderbe554312013-06-27 00:05:25 -07005515 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01005516 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02005517 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01005518 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02005519 if (srv->ssl_ctx.ca_file) {
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +02005520 /* set CAfile to verify */
5521 if (!ssl_set_verify_locations_file(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file)) {
5522 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to set CA file '%s'.\n",
Christopher Faulet767a84b2017-11-24 16:50:31 +01005523 curproxy->id, srv->id,
5524 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02005525 cfgerr++;
5526 }
5527 }
Emeric Brun850efd52014-01-29 12:24:34 +01005528 else {
5529 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01005530 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
5531 curproxy->id, srv->id,
5532 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01005533 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01005534 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
5535 curproxy->id, srv->id,
5536 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01005537 cfgerr++;
5538 }
Emeric Brunef42d922012-10-11 16:11:36 +02005539#ifdef X509_V_FLAG_CRL_CHECK
5540 if (srv->ssl_ctx.crl_file) {
5541 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
5542
Emmanuel Hocdetb270e812019-11-21 19:09:31 +01005543 if (!ssl_set_cert_crl_file(store, srv->ssl_ctx.crl_file)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005544 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
5545 curproxy->id, srv->id,
5546 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02005547 cfgerr++;
5548 }
5549 else {
5550 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
5551 }
5552 }
5553#endif
5554 }
5555
Olivier Houchardbd84ac82017-11-03 13:43:35 +01005556 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
5557 SSL_SESS_CACHE_NO_INTERNAL_STORE);
5558 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02005559 if (srv->ssl_ctx.ciphers &&
5560 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005561 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
5562 curproxy->id, srv->id,
5563 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02005564 cfgerr++;
5565 }
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005566
Emmanuel Hocdet839af572019-05-14 16:27:35 +02005567#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005568 if (srv->ssl_ctx.ciphersuites &&
Pierre Cheynierbc34cd12019-03-21 16:15:47 +00005569 !SSL_CTX_set_ciphersuites(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphersuites)) {
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005570 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set TLS 1.3 cipher suites to '%s'.\n",
5571 curproxy->id, srv->id,
5572 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphersuites);
5573 cfgerr++;
5574 }
5575#endif
Olivier Houchardc7566002018-11-20 23:33:50 +01005576#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
5577 if (srv->ssl_ctx.npn_str)
5578 SSL_CTX_set_next_proto_select_cb(ctx, ssl_sock_srv_select_protos, srv);
5579#endif
5580#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
5581 if (srv->ssl_ctx.alpn_str)
5582 SSL_CTX_set_alpn_protos(ctx, (unsigned char *)srv->ssl_ctx.alpn_str, srv->ssl_ctx.alpn_len);
5583#endif
5584
Emeric Brun94324a42012-10-11 14:00:19 +02005585
5586 return cfgerr;
5587}
5588
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005589/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02005590 * be NULL, in which case nothing is done. Returns the number of errors
5591 * encountered.
5592 */
Willy Tarreau03209342016-12-22 17:08:28 +01005593int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02005594{
5595 struct ebmb_node *node;
5596 struct sni_ctx *sni;
5597 int err = 0;
William Lallemand8b453912019-11-21 15:48:10 +01005598 int errcode = 0;
5599 char *errmsg = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02005600
Willy Tarreaufce03112015-01-15 21:32:40 +01005601 /* Automatic memory computations need to know we use SSL there */
5602 global.ssl_used_frontend = 1;
5603
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005604 /* Make sure openssl opens /dev/urandom before the chroot */
5605 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005606 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005607 err++;
5608 }
5609 /* Create initial_ctx used to start the ssl connection before do switchctx */
5610 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005611 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005612 /* It should not be necessary to call this function, but it's
5613 necessary first to check and move all initialisation related
5614 to initial_ctx in ssl_sock_initial_ctx. */
William Lallemand8b453912019-11-21 15:48:10 +01005615 errcode |= ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx, &errmsg);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005616 }
Emeric Brun0bed9942014-10-30 19:25:24 +01005617 if (bind_conf->default_ctx)
William Lallemand8b453912019-11-21 15:48:10 +01005618 errcode |= ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx, &errmsg);
Emeric Brun0bed9942014-10-30 19:25:24 +01005619
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005620 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005621 while (node) {
5622 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01005623 if (!sni->order && sni->ctx != bind_conf->default_ctx)
5624 /* only initialize the CTX on its first occurrence and
5625 if it is not the default_ctx */
William Lallemand8b453912019-11-21 15:48:10 +01005626 errcode |= ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx, &errmsg);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005627 node = ebmb_next(node);
5628 }
5629
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005630 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005631 while (node) {
5632 sni = ebmb_entry(node, struct sni_ctx, name);
William Lallemand8b453912019-11-21 15:48:10 +01005633 if (!sni->order && sni->ctx != bind_conf->default_ctx) {
Emeric Brun0bed9942014-10-30 19:25:24 +01005634 /* only initialize the CTX on its first occurrence and
5635 if it is not the default_ctx */
William Lallemand8b453912019-11-21 15:48:10 +01005636 errcode |= ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx, &errmsg);
5637 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005638 node = ebmb_next(node);
5639 }
William Lallemand8b453912019-11-21 15:48:10 +01005640
5641 if (errcode & ERR_WARN) {
Tim Duesterhusc0e820c2019-11-23 23:52:30 +01005642 ha_warning("%s", errmsg);
William Lallemand8b453912019-11-21 15:48:10 +01005643 } else if (errcode & ERR_CODE) {
Tim Duesterhusc0e820c2019-11-23 23:52:30 +01005644 ha_alert("%s", errmsg);
William Lallemand8b453912019-11-21 15:48:10 +01005645 err++;
5646 }
5647
5648 free(errmsg);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005649 return err;
5650}
5651
Willy Tarreau55d37912016-12-21 23:38:39 +01005652/* Prepares all the contexts for a bind_conf and allocates the shared SSL
5653 * context if needed. Returns < 0 on error, 0 on success. The warnings and
5654 * alerts are directly emitted since the rest of the stack does it below.
5655 */
5656int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
5657{
5658 struct proxy *px = bind_conf->frontend;
5659 int alloc_ctx;
5660 int err;
5661
5662 if (!bind_conf->is_ssl) {
5663 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005664 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
5665 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01005666 }
5667 return 0;
5668 }
5669 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005670 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005671 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
5672 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005673 }
5674 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005675 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
5676 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005677 return -1;
5678 }
Willy Tarreau55d37912016-12-21 23:38:39 +01005679 }
William Lallemandc61c0b32017-12-04 18:46:39 +01005680 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01005681 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
Frédéric Lécailleb7838af2018-10-22 16:21:39 +02005682 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE, -1,
William Lallemandc3cd35f2017-11-28 11:04:43 +01005683 sizeof(*sh_ssl_sess_tree),
5684 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
Frédéric Lécaille4c8aa112018-10-25 20:22:46 +02005685 if (alloc_ctx <= 0) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01005686 if (alloc_ctx == SHCTX_E_INIT_LOCK)
5687 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
5688 else
5689 ha_alert("Unable to allocate SSL session cache.\n");
5690 return -1;
5691 }
5692 /* free block callback */
5693 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
5694 /* init the root tree within the extra space */
5695 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
5696 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01005697 }
Willy Tarreau55d37912016-12-21 23:38:39 +01005698 err = 0;
5699 /* initialize all certificate contexts */
5700 err += ssl_sock_prepare_all_ctx(bind_conf);
5701
5702 /* initialize CA variables if the certificates generation is enabled */
5703 err += ssl_sock_load_ca(bind_conf);
5704
5705 return -err;
5706}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005707
5708/* release ssl context allocated for servers. */
5709void ssl_sock_free_srv_ctx(struct server *srv)
5710{
Olivier Houchardc7566002018-11-20 23:33:50 +01005711#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
5712 if (srv->ssl_ctx.alpn_str)
5713 free(srv->ssl_ctx.alpn_str);
5714#endif
Lukas Tribusda95fd92018-11-25 13:21:27 +01005715#ifdef OPENSSL_NPN_NEGOTIATED
Olivier Houchardc7566002018-11-20 23:33:50 +01005716 if (srv->ssl_ctx.npn_str)
5717 free(srv->ssl_ctx.npn_str);
Lukas Tribus7706b852018-11-26 22:57:17 +01005718#endif
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005719 if (srv->ssl_ctx.ctx)
5720 SSL_CTX_free(srv->ssl_ctx.ctx);
5721}
5722
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005723/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02005724 * be NULL, in which case nothing is done. The default_ctx is nullified too.
5725 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005726void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02005727{
5728 struct ebmb_node *node, *back;
5729 struct sni_ctx *sni;
5730
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005731 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005732 while (node) {
5733 sni = ebmb_entry(node, struct sni_ctx, name);
5734 back = ebmb_next(node);
5735 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005736 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005737 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005738 ssl_sock_free_ssl_conf(sni->conf);
5739 free(sni->conf);
5740 sni->conf = NULL;
5741 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005742 free(sni);
5743 node = back;
5744 }
5745
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005746 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005747 while (node) {
5748 sni = ebmb_entry(node, struct sni_ctx, name);
5749 back = ebmb_next(node);
5750 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005751 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005752 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005753 ssl_sock_free_ssl_conf(sni->conf);
5754 free(sni->conf);
5755 sni->conf = NULL;
5756 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005757 free(sni);
5758 node = back;
5759 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005760 SSL_CTX_free(bind_conf->initial_ctx);
5761 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005762 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005763 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02005764}
5765
Willy Tarreau795cdab2016-12-22 17:30:54 +01005766/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
5767void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
5768{
5769 ssl_sock_free_ca(bind_conf);
5770 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005771 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01005772 free(bind_conf->ca_sign_file);
5773 free(bind_conf->ca_sign_pass);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02005774 if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) {
Willy Tarreau795cdab2016-12-22 17:30:54 +01005775 free(bind_conf->keys_ref->filename);
5776 free(bind_conf->keys_ref->tlskeys);
5777 LIST_DEL(&bind_conf->keys_ref->list);
5778 free(bind_conf->keys_ref);
5779 }
5780 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005781 bind_conf->ca_sign_pass = NULL;
5782 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005783}
5784
Christopher Faulet31af49d2015-06-09 17:29:50 +02005785/* Load CA cert file and private key used to generate certificates */
5786int
Willy Tarreau03209342016-12-22 17:08:28 +01005787ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005788{
Willy Tarreau03209342016-12-22 17:08:28 +01005789 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005790 FILE *fp;
5791 X509 *cacert = NULL;
5792 EVP_PKEY *capkey = NULL;
5793 int err = 0;
5794
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02005795 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005796 return err;
5797
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005798#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02005799 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01005800 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005801 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02005802 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005803 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02005804#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02005805
Christopher Faulet31af49d2015-06-09 17:29:50 +02005806 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005807 ha_alert("Proxy '%s': cannot enable certificate generation, "
5808 "no CA certificate File configured at [%s:%d].\n",
5809 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005810 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005811 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005812
5813 /* read in the CA certificate */
5814 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005815 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5816 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005817 goto load_error;
5818 }
5819 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005820 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5821 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005822 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005823 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005824 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005825 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005826 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
5827 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005828 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005829 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005830
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005831 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005832 bind_conf->ca_sign_cert = cacert;
5833 bind_conf->ca_sign_pkey = capkey;
5834 return err;
5835
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005836 read_error:
5837 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005838 if (capkey) EVP_PKEY_free(capkey);
5839 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005840 load_error:
5841 bind_conf->generate_certs = 0;
5842 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005843 return err;
5844}
5845
5846/* Release CA cert and private key used to generate certificated */
5847void
5848ssl_sock_free_ca(struct bind_conf *bind_conf)
5849{
Christopher Faulet31af49d2015-06-09 17:29:50 +02005850 if (bind_conf->ca_sign_pkey)
5851 EVP_PKEY_free(bind_conf->ca_sign_pkey);
5852 if (bind_conf->ca_sign_cert)
5853 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01005854 bind_conf->ca_sign_pkey = NULL;
5855 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005856}
5857
Emeric Brun46591952012-05-18 15:47:34 +02005858/*
5859 * This function is called if SSL * context is not yet allocated. The function
5860 * is designed to be called before any other data-layer operation and sets the
5861 * handshake flag on the connection. It is safe to call it multiple times.
5862 * It returns 0 on success and -1 in error case.
5863 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005864static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005865{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005866 struct ssl_sock_ctx *ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005867 /* already initialized */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005868 if (*xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005869 return 0;
5870
Willy Tarreau3c728722014-01-23 13:50:42 +01005871 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005872 return 0;
5873
Olivier Houchard66ab4982019-02-26 18:37:15 +01005874 ctx = pool_alloc(ssl_sock_ctx_pool);
5875 if (!ctx) {
5876 conn->err_code = CO_ER_SSL_NO_MEM;
5877 return -1;
5878 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005879 ctx->wait_event.tasklet = tasklet_new();
5880 if (!ctx->wait_event.tasklet) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005881 conn->err_code = CO_ER_SSL_NO_MEM;
5882 pool_free(ssl_sock_ctx_pool, ctx);
5883 return -1;
5884 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005885 ctx->wait_event.tasklet->process = ssl_sock_io_cb;
5886 ctx->wait_event.tasklet->context = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005887 ctx->wait_event.events = 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005888 ctx->sent_early_data = 0;
Olivier Houchard54907bb2019-12-19 15:02:39 +01005889 ctx->early_buf = BUF_NULL;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005890 ctx->conn = conn;
Olivier Houchard81284e62019-06-06 13:21:23 +02005891 ctx->send_wait = NULL;
5892 ctx->recv_wait = NULL;
Emeric Brun5762a0d2019-09-06 15:36:02 +02005893 ctx->xprt_st = 0;
5894 ctx->xprt_ctx = NULL;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005895
5896 /* Only work with sockets for now, this should be adapted when we'll
5897 * add QUIC support.
5898 */
5899 ctx->xprt = xprt_get(XPRT_RAW);
Olivier Houchard19afb272019-05-23 18:24:07 +02005900 if (ctx->xprt->init) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005901 if (ctx->xprt->init(conn, &ctx->xprt_ctx) != 0)
5902 goto err;
Olivier Houchard19afb272019-05-23 18:24:07 +02005903 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005904
Willy Tarreau20879a02012-12-03 16:32:10 +01005905 if (global.maxsslconn && sslconns >= global.maxsslconn) {
5906 conn->err_code = CO_ER_SSL_TOO_MANY;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005907 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005908 }
Willy Tarreau403edff2012-09-06 11:58:37 +02005909
Emeric Brun46591952012-05-18 15:47:34 +02005910 /* If it is in client mode initiate SSL session
5911 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005912 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005913 int may_retry = 1;
5914
5915 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02005916 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005917 ctx->ssl = SSL_new(__objt_server(conn->target)->ssl_ctx.ctx);
5918 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005919 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005920 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005921 goto retry_connect;
5922 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005923 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005924 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005925 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005926 ctx->bio = BIO_new(ha_meth);
5927 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005928 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005929 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005930 goto retry_connect;
5931 }
Emeric Brun55476152014-11-12 17:35:37 +01005932 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005933 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005934 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005935 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005936 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005937
Evan Broderbe554312013-06-27 00:05:25 -07005938 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005939 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5940 SSL_free(ctx->ssl);
5941 ctx->ssl = NULL;
Emeric Brun55476152014-11-12 17:35:37 +01005942 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005943 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005944 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005945 goto retry_connect;
5946 }
Emeric Brun55476152014-11-12 17:35:37 +01005947 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005948 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005949 }
5950
Olivier Houchard66ab4982019-02-26 18:37:15 +01005951 SSL_set_connect_state(ctx->ssl);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005952 if (__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5953 const unsigned char *ptr = __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
5954 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, __objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005955 if (sess && !SSL_set_session(ctx->ssl, sess)) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005956 SSL_SESSION_free(sess);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005957 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5958 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Olivier Houcharde6060c52017-11-16 17:42:52 +01005959 } else if (sess) {
5960 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01005961 }
5962 }
Evan Broderbe554312013-06-27 00:05:25 -07005963
Emeric Brun46591952012-05-18 15:47:34 +02005964 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005965 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02005966
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005967 _HA_ATOMIC_ADD(&sslconns, 1);
5968 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005969 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005970 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005971 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005972 if (conn->flags & CO_FL_ERROR)
5973 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005974 return 0;
5975 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005976 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005977 int may_retry = 1;
5978
5979 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02005980 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005981 ctx->ssl = SSL_new(__objt_listener(conn->target)->bind_conf->initial_ctx);
5982 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005983 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005984 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005985 goto retry_accept;
5986 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005987 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005988 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005989 }
Olivier Houchard545989f2019-12-17 15:39:54 +01005990#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard54907bb2019-12-19 15:02:39 +01005991 if (__objt_listener(conn->target)->bind_conf->ssl_conf.early_data) {
5992 b_alloc(&ctx->early_buf);
5993 SSL_set_max_early_data(ctx->ssl,
5994 /* Only allow early data if we managed to allocate
5995 * a buffer.
5996 */
5997 (!b_is_null(&ctx->early_buf)) ?
5998 global.tune.bufsize - global.tune.maxrewrite : 0);
5999 }
Olivier Houchard545989f2019-12-17 15:39:54 +01006000#endif
Emeric Brun46591952012-05-18 15:47:34 +02006001
Olivier Houcharda8955d52019-04-07 22:00:38 +02006002 ctx->bio = BIO_new(ha_meth);
6003 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01006004 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01006005 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01006006 goto retry_accept;
6007 }
Emeric Brun55476152014-11-12 17:35:37 +01006008 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006009 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01006010 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02006011 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02006012 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02006013
Emeric Brune1f38db2012-09-03 20:36:47 +02006014 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006015 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
6016 SSL_free(ctx->ssl);
6017 ctx->ssl = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01006018 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01006019 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01006020 goto retry_accept;
6021 }
Emeric Brun55476152014-11-12 17:35:37 +01006022 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006023 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01006024 }
6025
Olivier Houchard66ab4982019-02-26 18:37:15 +01006026 SSL_set_accept_state(ctx->ssl);
Emeric Brune1f38db2012-09-03 20:36:47 +02006027
Emeric Brun46591952012-05-18 15:47:34 +02006028 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02006029 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Emmanuel Hocdetf967c312019-08-05 18:04:16 +02006030#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02006031 conn->flags |= CO_FL_EARLY_SSL_HS;
6032#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02006033
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006034 _HA_ATOMIC_ADD(&sslconns, 1);
6035 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006036 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006037 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006038 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006039 if (conn->flags & CO_FL_ERROR)
6040 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02006041 return 0;
6042 }
6043 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01006044 conn->err_code = CO_ER_SSL_NO_TARGET;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006045err:
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006046 if (ctx && ctx->wait_event.tasklet)
6047 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006048 pool_free(ssl_sock_ctx_pool, ctx);
Emeric Brun46591952012-05-18 15:47:34 +02006049 return -1;
6050}
6051
6052
6053/* This is the callback which is used when an SSL handshake is pending. It
6054 * updates the FD status if it wants some polling before being called again.
6055 * It returns 0 if it fails in a fatal way or needs to poll to go further,
6056 * otherwise it returns non-zero and removes itself from the connection's
6057 * flags (the bit is provided in <flag> by the caller).
6058 */
Olivier Houchard000694c2019-05-23 14:45:12 +02006059static int ssl_sock_handshake(struct connection *conn, unsigned int flag)
Emeric Brun46591952012-05-18 15:47:34 +02006060{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006061 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brun46591952012-05-18 15:47:34 +02006062 int ret;
6063
Willy Tarreau3c728722014-01-23 13:50:42 +01006064 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02006065 return 0;
6066
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02006067 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02006068 goto out_error;
6069
Willy Tarreau5db847a2019-05-09 14:13:35 +02006070#if HA_OPENSSL_VERSION_NUMBER >= 0x10101000L
Olivier Houchardc2aae742017-09-22 18:26:28 +02006071 /*
6072 * Check if we have early data. If we do, we have to read them
6073 * before SSL_do_handshake() is called, And there's no way to
6074 * detect early data, except to try to read them
6075 */
6076 if (conn->flags & CO_FL_EARLY_SSL_HS) {
Olivier Houchard54907bb2019-12-19 15:02:39 +01006077 size_t read_data = 0;
Olivier Houchardc2aae742017-09-22 18:26:28 +02006078
Olivier Houchard54907bb2019-12-19 15:02:39 +01006079 while (1) {
6080 ret = SSL_read_early_data(ctx->ssl,
6081 b_tail(&ctx->early_buf), b_room(&ctx->early_buf),
6082 &read_data);
6083 if (ret == SSL_READ_EARLY_DATA_ERROR)
6084 goto check_error;
6085 if (read_data > 0) {
6086 conn->flags |= CO_FL_EARLY_DATA;
6087 b_add(&ctx->early_buf, read_data);
6088 }
6089 if (ret == SSL_READ_EARLY_DATA_FINISH) {
6090 conn->flags &= ~CO_FL_EARLY_SSL_HS;
6091 if (!b_data(&ctx->early_buf))
6092 b_free(&ctx->early_buf);
6093 break;
6094 }
6095 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02006096 }
6097#endif
Emeric Brun674b7432012-11-08 19:21:55 +01006098 /* If we use SSL_do_handshake to process a reneg initiated by
6099 * the remote peer, it sometimes returns SSL_ERROR_SSL.
6100 * Usually SSL_write and SSL_read are used and process implicitly
6101 * the reneg handshake.
6102 * Here we use SSL_peek as a workaround for reneg.
6103 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006104 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01006105 char c;
6106
Olivier Houchard66ab4982019-02-26 18:37:15 +01006107 ret = SSL_peek(ctx->ssl, &c, 1);
Emeric Brun674b7432012-11-08 19:21:55 +01006108 if (ret <= 0) {
6109 /* handshake may have not been completed, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006110 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006111
Emeric Brun674b7432012-11-08 19:21:55 +01006112 if (ret == SSL_ERROR_WANT_WRITE) {
6113 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02006114 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02006115 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01006116 return 0;
6117 }
6118 else if (ret == SSL_ERROR_WANT_READ) {
6119 /* handshake may have been completed but we have
6120 * no more data to read.
6121 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006122 if (!SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01006123 ret = 1;
6124 goto reneg_ok;
6125 }
6126 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02006127 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02006128 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01006129 return 0;
6130 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02006131#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006132 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006133 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006134 return 0;
6135 }
6136#endif
Emeric Brun674b7432012-11-08 19:21:55 +01006137 else if (ret == SSL_ERROR_SYSCALL) {
6138 /* if errno is null, then connection was successfully established */
6139 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
6140 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01006141 if (!conn->err_code) {
Lukas Tribus49799162019-07-08 14:29:15 +02006142#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
6143 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006144 conn->err_code = CO_ER_SSL_HANDSHAKE;
6145#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006146 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02006147#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus49799162019-07-08 14:29:15 +02006148 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006149 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)ctx->ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006150 empty_handshake = state == TLS_ST_BEFORE;
6151#else
Lukas Tribus49799162019-07-08 14:29:15 +02006152 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
6153 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006154#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006155 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02006156 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006157 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02006158 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6159 else
6160 conn->err_code = CO_ER_SSL_EMPTY;
6161 }
6162 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006163 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02006164 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6165 else
6166 conn->err_code = CO_ER_SSL_ABORT;
6167 }
6168 }
6169 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006170 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02006171 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01006172 else
Emeric Brun29f037d2014-04-25 19:05:36 +02006173 conn->err_code = CO_ER_SSL_HANDSHAKE;
6174 }
Lukas Tribus49799162019-07-08 14:29:15 +02006175#endif /* BoringSSL or LibreSSL */
Willy Tarreau20879a02012-12-03 16:32:10 +01006176 }
Emeric Brun674b7432012-11-08 19:21:55 +01006177 goto out_error;
6178 }
6179 else {
6180 /* Fail on all other handshake errors */
6181 /* Note: OpenSSL may leave unread bytes in the socket's
6182 * buffer, causing an RST to be emitted upon close() on
6183 * TCP sockets. We first try to drain possibly pending
6184 * data to avoid this as much as possible.
6185 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01006186 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01006187 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006188 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02006189 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01006190 goto out_error;
6191 }
6192 }
6193 /* read some data: consider handshake completed */
6194 goto reneg_ok;
6195 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01006196 ret = SSL_do_handshake(ctx->ssl);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006197check_error:
Emeric Brun46591952012-05-18 15:47:34 +02006198 if (ret != 1) {
6199 /* handshake did not complete, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006200 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02006201
6202 if (ret == SSL_ERROR_WANT_WRITE) {
6203 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02006204 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02006205 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02006206 return 0;
6207 }
6208 else if (ret == SSL_ERROR_WANT_READ) {
6209 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchardea8dd942019-05-20 14:02:16 +02006210 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02006211 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6212 SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02006213 return 0;
6214 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02006215#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006216 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006217 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006218 return 0;
6219 }
6220#endif
Willy Tarreau89230192012-09-28 20:22:13 +02006221 else if (ret == SSL_ERROR_SYSCALL) {
6222 /* if errno is null, then connection was successfully established */
6223 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
6224 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006225 if (!conn->err_code) {
Lukas Tribus49799162019-07-08 14:29:15 +02006226#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
6227 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006228 conn->err_code = CO_ER_SSL_HANDSHAKE;
6229#else
6230 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02006231#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus49799162019-07-08 14:29:15 +02006232 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006233 OSSL_HANDSHAKE_STATE state = SSL_get_state(ctx->ssl);
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006234 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006235#else
Lukas Tribus49799162019-07-08 14:29:15 +02006236 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
6237 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006238#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006239 if (empty_handshake) {
6240 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006241 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006242 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6243 else
6244 conn->err_code = CO_ER_SSL_EMPTY;
6245 }
6246 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006247 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006248 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6249 else
6250 conn->err_code = CO_ER_SSL_ABORT;
6251 }
Emeric Brun29f037d2014-04-25 19:05:36 +02006252 }
6253 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006254 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02006255 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6256 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006257 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02006258 }
Lukas Tribus49799162019-07-08 14:29:15 +02006259#endif /* BoringSSL or LibreSSL */
Emeric Brun29f037d2014-04-25 19:05:36 +02006260 }
Willy Tarreau89230192012-09-28 20:22:13 +02006261 goto out_error;
6262 }
Emeric Brun46591952012-05-18 15:47:34 +02006263 else {
6264 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02006265 /* Note: OpenSSL may leave unread bytes in the socket's
6266 * buffer, causing an RST to be emitted upon close() on
6267 * TCP sockets. We first try to drain possibly pending
6268 * data to avoid this as much as possible.
6269 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01006270 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01006271 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006272 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02006273 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02006274 goto out_error;
6275 }
6276 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02006277#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard522eea72017-11-03 16:27:47 +01006278 else {
6279 /*
6280 * If the server refused the early data, we have to send a
6281 * 425 to the client, as we no longer have the data to sent
6282 * them again.
6283 */
6284 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006285 if (SSL_get_early_data_status(ctx->ssl) == SSL_EARLY_DATA_REJECTED) {
Olivier Houchard522eea72017-11-03 16:27:47 +01006286 conn->err_code = CO_ER_SSL_EARLY_FAILED;
6287 goto out_error;
6288 }
6289 }
6290 }
6291#endif
6292
Emeric Brun46591952012-05-18 15:47:34 +02006293
Emeric Brun674b7432012-11-08 19:21:55 +01006294reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00006295
Willy Tarreau5db847a2019-05-09 14:13:35 +02006296#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006297 /* ASYNC engine API doesn't support moving read/write
6298 * buffers. So we disable ASYNC mode right after
6299 * the handshake to avoid buffer oveflows.
6300 */
6301 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006302 SSL_clear_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006303#endif
Emeric Brun46591952012-05-18 15:47:34 +02006304 /* Handshake succeeded */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006305 if (!SSL_session_reused(ctx->ssl)) {
Willy Tarreau0c9c2722014-05-28 12:28:58 +02006306 if (objt_server(conn->target)) {
6307 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
6308 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
6309 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02006310 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02006311 else {
6312 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
6313 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
6314 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
6315 }
Emeric Brun46591952012-05-18 15:47:34 +02006316 }
6317
6318 /* The connection is now established at both layers, it's time to leave */
6319 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
6320 return 1;
6321
6322 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01006323 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006324 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006325 ERR_clear_error();
6326
Emeric Brun9fa89732012-10-04 17:09:56 +02006327 /* free resumed session if exists */
Willy Tarreau07d94e42018-09-20 10:57:52 +02006328 if (objt_server(conn->target) && __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
6329 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
6330 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02006331 }
6332
Emeric Brun46591952012-05-18 15:47:34 +02006333 /* Fail on all other handshake errors */
6334 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01006335 if (!conn->err_code)
6336 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02006337 return 0;
6338}
6339
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006340static int ssl_subscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01006341{
Olivier Houchardea8dd942019-05-20 14:02:16 +02006342 struct wait_event *sw;
6343 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006344
Olivier Houchard0ff28652019-06-24 18:57:39 +02006345 if (!ctx)
6346 return -1;
6347
Olivier Houchardea8dd942019-05-20 14:02:16 +02006348 if (event_type & SUB_RETRY_RECV) {
6349 sw = param;
6350 BUG_ON(ctx->recv_wait != NULL || (sw->events & SUB_RETRY_RECV));
6351 sw->events |= SUB_RETRY_RECV;
6352 ctx->recv_wait = sw;
6353 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
6354 !(ctx->wait_event.events & SUB_RETRY_RECV))
6355 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
6356 event_type &= ~SUB_RETRY_RECV;
6357 }
6358 if (event_type & SUB_RETRY_SEND) {
6359sw = param;
6360 BUG_ON(ctx->send_wait != NULL || (sw->events & SUB_RETRY_SEND));
6361 sw->events |= SUB_RETRY_SEND;
6362 ctx->send_wait = sw;
6363 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
6364 !(ctx->wait_event.events & SUB_RETRY_SEND))
6365 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
6366 event_type &= ~SUB_RETRY_SEND;
6367
6368 }
6369 if (event_type != 0)
6370 return -1;
6371 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01006372}
6373
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006374static int ssl_unsubscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01006375{
Olivier Houchardea8dd942019-05-20 14:02:16 +02006376 struct wait_event *sw;
6377 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006378
Olivier Houchardea8dd942019-05-20 14:02:16 +02006379 if (event_type & SUB_RETRY_RECV) {
6380 sw = param;
6381 BUG_ON(ctx->recv_wait != sw);
6382 ctx->recv_wait = NULL;
6383 sw->events &= ~SUB_RETRY_RECV;
6384 /* If we subscribed, and we're not doing the handshake,
6385 * then we subscribed because the upper layer asked for it,
6386 * as the upper layer is no longer interested, we can
6387 * unsubscribe too.
6388 */
6389 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
6390 (ctx->wait_event.events & SUB_RETRY_RECV))
6391 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV,
6392 &ctx->wait_event);
6393 }
6394 if (event_type & SUB_RETRY_SEND) {
6395 sw = param;
6396 BUG_ON(ctx->send_wait != sw);
6397 ctx->send_wait = NULL;
6398 sw->events &= ~SUB_RETRY_SEND;
6399 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
6400 (ctx->wait_event.events & SUB_RETRY_SEND))
6401 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND,
6402 &ctx->wait_event);
6403
6404 }
6405
6406 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01006407}
6408
Olivier Houchard2e055482019-05-27 19:50:12 +02006409/* Use the provided XPRT as an underlying XPRT, and provide the old one.
6410 * Returns 0 on success, and non-zero on failure.
6411 */
6412static int ssl_add_xprt(struct connection *conn, void *xprt_ctx, void *toadd_ctx, const struct xprt_ops *toadd_ops, void **oldxprt_ctx, const struct xprt_ops **oldxprt_ops)
6413{
6414 struct ssl_sock_ctx *ctx = xprt_ctx;
6415
6416 if (oldxprt_ops != NULL)
6417 *oldxprt_ops = ctx->xprt;
6418 if (oldxprt_ctx != NULL)
6419 *oldxprt_ctx = ctx->xprt_ctx;
6420 ctx->xprt = toadd_ops;
6421 ctx->xprt_ctx = toadd_ctx;
6422 return 0;
6423}
6424
Olivier Houchard5149b592019-05-23 17:47:36 +02006425/* Remove the specified xprt. If if it our underlying XPRT, remove it and
6426 * return 0, otherwise just call the remove_xprt method from the underlying
6427 * XPRT.
6428 */
6429static int ssl_remove_xprt(struct connection *conn, void *xprt_ctx, void *toremove_ctx, const struct xprt_ops *newops, void *newctx)
6430{
6431 struct ssl_sock_ctx *ctx = xprt_ctx;
6432
6433 if (ctx->xprt_ctx == toremove_ctx) {
6434 ctx->xprt_ctx = newctx;
6435 ctx->xprt = newops;
6436 return 0;
6437 }
6438 return (ctx->xprt->remove_xprt(conn, ctx->xprt_ctx, toremove_ctx, newops, newctx));
6439}
6440
Olivier Houchardea8dd942019-05-20 14:02:16 +02006441static struct task *ssl_sock_io_cb(struct task *t, void *context, unsigned short state)
6442{
6443 struct ssl_sock_ctx *ctx = context;
6444
6445 /* First if we're doing an handshake, try that */
6446 if (ctx->conn->flags & CO_FL_SSL_WAIT_HS)
6447 ssl_sock_handshake(ctx->conn, CO_FL_SSL_WAIT_HS);
6448 /* If we had an error, or the handshake is done and I/O is available,
6449 * let the upper layer know.
6450 * If no mux was set up yet, and nobody subscribed, then call
6451 * xprt_done_cb() ourself if it's set, or destroy the connection,
6452 * we can't be sure conn_fd_handler() will be called again.
6453 */
6454 if ((ctx->conn->flags & CO_FL_ERROR) ||
6455 !(ctx->conn->flags & CO_FL_SSL_WAIT_HS)) {
6456 int ret = 0;
6457 int woke = 0;
6458
6459 /* On error, wake any waiter */
6460 if (ctx->recv_wait) {
6461 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006462 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006463 ctx->recv_wait = NULL;
6464 woke = 1;
6465 }
6466 if (ctx->send_wait) {
6467 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006468 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006469 ctx->send_wait = NULL;
6470 woke = 1;
6471 }
6472 /* If we're the first xprt for the connection, let the
6473 * upper layers know. If xprt_done_cb() is set, call it,
6474 * otherwise, we should have a mux, so call its wake
6475 * method if we didn't woke a tasklet already.
6476 */
6477 if (ctx->conn->xprt_ctx == ctx) {
6478 if (ctx->conn->xprt_done_cb)
6479 ret = ctx->conn->xprt_done_cb(ctx->conn);
6480 if (ret >= 0 && !woke && ctx->conn->mux && ctx->conn->mux->wake)
6481 ctx->conn->mux->wake(ctx->conn);
6482 return NULL;
6483 }
6484 }
Olivier Houchard54907bb2019-12-19 15:02:39 +01006485#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
6486 /* If we have early data and somebody wants to receive, let them */
6487 else if (b_data(&ctx->early_buf) && ctx->recv_wait) {
6488 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
6489 tasklet_wakeup(ctx->recv_wait->tasklet);
6490 ctx->recv_wait = NULL;
6491
6492 }
6493#endif
Olivier Houchardea8dd942019-05-20 14:02:16 +02006494 return NULL;
6495}
6496
Emeric Brun46591952012-05-18 15:47:34 +02006497/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01006498 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02006499 * buffer wraps, in which case a second call may be performed. The connection's
6500 * flags are updated with whatever special event is detected (error, read0,
6501 * empty). The caller is responsible for taking care of those events and
6502 * avoiding the call if inappropriate. The function does not call the
6503 * connection's polling update function, so the caller is responsible for this.
6504 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006505static size_t ssl_sock_to_buf(struct connection *conn, void *xprt_ctx, struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02006506{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006507 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreaubfc4d772018-07-18 11:22:03 +02006508 ssize_t ret;
6509 size_t try, done = 0;
Emeric Brun46591952012-05-18 15:47:34 +02006510
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006511 conn_refresh_polling_flags(conn);
6512
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006513 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02006514 goto out_error;
6515
Olivier Houchard54907bb2019-12-19 15:02:39 +01006516#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
6517 if (b_data(&ctx->early_buf)) {
6518 try = b_contig_space(buf);
6519 if (try > b_data(&ctx->early_buf))
6520 try = b_data(&ctx->early_buf);
6521 memcpy(b_tail(buf), b_head(&ctx->early_buf), try);
6522 b_add(buf, try);
6523 b_del(&ctx->early_buf, try);
6524 if (b_data(&ctx->early_buf) == 0)
6525 b_free(&ctx->early_buf);
6526 return try;
6527 }
6528#endif
6529
Emeric Brun46591952012-05-18 15:47:34 +02006530 if (conn->flags & CO_FL_HANDSHAKE)
6531 /* a handshake was requested */
6532 return 0;
6533
Emeric Brun46591952012-05-18 15:47:34 +02006534 /* read the largest possible block. For this, we perform only one call
6535 * to recv() unless the buffer wraps and we exactly fill the first hunk,
6536 * in which case we accept to do it once again. A new attempt is made on
6537 * EINTR too.
6538 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01006539 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02006540
Willy Tarreau591d4452018-06-15 17:21:00 +02006541 try = b_contig_space(buf);
6542 if (!try)
6543 break;
6544
Willy Tarreauabf08d92014-01-14 11:31:27 +01006545 if (try > count)
6546 try = count;
Willy Tarreau591d4452018-06-15 17:21:00 +02006547
Olivier Houchard66ab4982019-02-26 18:37:15 +01006548 ret = SSL_read(ctx->ssl, b_tail(buf), try);
Emmanuel Hocdetf967c312019-08-05 18:04:16 +02006549
Emeric Brune1f38db2012-09-03 20:36:47 +02006550 if (conn->flags & CO_FL_ERROR) {
6551 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01006552 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02006553 }
Emeric Brun46591952012-05-18 15:47:34 +02006554 if (ret > 0) {
Olivier Houchardacd14032018-06-28 18:17:23 +02006555 b_add(buf, ret);
Emeric Brun46591952012-05-18 15:47:34 +02006556 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02006557 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02006558 }
Emeric Brun46591952012-05-18 15:47:34 +02006559 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006560 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02006561 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01006562 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02006563 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006564 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006565#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006566 /* Async mode can be re-enabled, because we're leaving data state.*/
6567 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006568 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006569#endif
Emeric Brun46591952012-05-18 15:47:34 +02006570 break;
6571 }
6572 else if (ret == SSL_ERROR_WANT_READ) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006573 if (SSL_renegotiate_pending(ctx->ssl)) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006574 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6575 SUB_RETRY_RECV,
6576 &ctx->wait_event);
Emeric Brun282a76a2012-11-08 18:02:56 +01006577 /* handshake is running, and it may need to re-enable read */
6578 conn->flags |= CO_FL_SSL_WAIT_HS;
Willy Tarreau5db847a2019-05-09 14:13:35 +02006579#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006580 /* Async mode can be re-enabled, because we're leaving data state.*/
6581 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006582 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006583#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01006584 break;
6585 }
Emeric Brun46591952012-05-18 15:47:34 +02006586 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02006587 } else if (ret == SSL_ERROR_ZERO_RETURN)
6588 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01006589 /* For SSL_ERROR_SYSCALL, make sure to clear the error
6590 * stack before shutting down the connection for
6591 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01006592 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
6593 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02006594 /* otherwise it's a real error */
6595 goto out_error;
6596 }
6597 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006598 leave:
Emeric Brun46591952012-05-18 15:47:34 +02006599 return done;
6600
Christopher Faulet4ac77a92018-02-19 14:25:15 +01006601 clear_ssl_error:
6602 /* Clear openssl global errors stack */
6603 ssl_sock_dump_errors(conn);
6604 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02006605 read0:
6606 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006607 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01006608
Emeric Brun46591952012-05-18 15:47:34 +02006609 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01006610 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01006611 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006612 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006613 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006614 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02006615}
6616
6617
Willy Tarreau787db9a2018-06-14 18:31:46 +02006618/* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s
6619 * socket. <flags> may contain some CO_SFL_* flags to hint the system about
6620 * other pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02006621 * Only one call to send() is performed, unless the buffer wraps, in which case
6622 * a second call may be performed. The connection's flags are updated with
6623 * whatever special event is detected (error, empty). The caller is responsible
6624 * for taking care of those events and avoiding the call if inappropriate. The
6625 * function does not call the connection's polling update function, so the caller
Willy Tarreau787db9a2018-06-14 18:31:46 +02006626 * is responsible for this. The buffer's output is not adjusted, it's up to the
6627 * caller to take care of this. It's up to the caller to update the buffer's
6628 * contents based on the return value.
Emeric Brun46591952012-05-18 15:47:34 +02006629 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006630static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02006631{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006632 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreau787db9a2018-06-14 18:31:46 +02006633 ssize_t ret;
6634 size_t try, done;
Emeric Brun46591952012-05-18 15:47:34 +02006635
6636 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006637 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02006638
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006639 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02006640 goto out_error;
6641
Olivier Houchard010941f2019-05-03 20:56:19 +02006642 if (conn->flags & (CO_FL_HANDSHAKE | CO_FL_EARLY_SSL_HS))
Emeric Brun46591952012-05-18 15:47:34 +02006643 /* a handshake was requested */
6644 return 0;
6645
6646 /* send the largest possible block. For this we perform only one call
6647 * to send() unless the buffer wraps and we exactly fill the first hunk,
6648 * in which case we accept to do it once again.
6649 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02006650 while (count) {
Willy Tarreau5db847a2019-05-09 14:13:35 +02006651#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02006652 size_t written_data;
6653#endif
6654
Willy Tarreau787db9a2018-06-14 18:31:46 +02006655 try = b_contig_data(buf, done);
6656 if (try > count)
6657 try = count;
Willy Tarreaubfd59462013-02-21 07:46:09 +01006658
Willy Tarreau7bed9452014-02-02 02:00:24 +01006659 if (!(flags & CO_SFL_STREAMER) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006660 !(ctx->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01006661 global_ssl.max_record && try > global_ssl.max_record) {
6662 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01006663 }
6664 else {
6665 /* we need to keep the information about the fact that
6666 * we're not limiting the upcoming send(), because if it
6667 * fails, we'll have to retry with at least as many data.
6668 */
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006669 ctx->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau518cedd2014-02-17 15:43:01 +01006670 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01006671
Willy Tarreau5db847a2019-05-09 14:13:35 +02006672#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard010941f2019-05-03 20:56:19 +02006673 if (!SSL_is_init_finished(ctx->ssl) && conn_is_back(conn)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02006674 unsigned int max_early;
6675
Olivier Houchard522eea72017-11-03 16:27:47 +01006676 if (objt_listener(conn->target))
Olivier Houchard66ab4982019-02-26 18:37:15 +01006677 max_early = SSL_get_max_early_data(ctx->ssl);
Olivier Houchard522eea72017-11-03 16:27:47 +01006678 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006679 if (SSL_get0_session(ctx->ssl))
6680 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(ctx->ssl));
Olivier Houchard522eea72017-11-03 16:27:47 +01006681 else
6682 max_early = 0;
6683 }
6684
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006685 if (try + ctx->sent_early_data > max_early) {
6686 try -= (try + ctx->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01006687 if (try <= 0) {
Olivier Houchard010941f2019-05-03 20:56:19 +02006688 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006689 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006690 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01006691 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02006692 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01006693 ret = SSL_write_early_data(ctx->ssl, b_peek(buf, done), try, &written_data);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006694 if (ret == 1) {
6695 ret = written_data;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006696 ctx->sent_early_data += ret;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006697 if (objt_server(conn->target)) {
Olivier Houchard522eea72017-11-03 16:27:47 +01006698 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006699 /* Initiate the handshake, now */
6700 tasklet_wakeup(ctx->wait_event.tasklet);
6701 }
Olivier Houchard522eea72017-11-03 16:27:47 +01006702
Olivier Houchardc2aae742017-09-22 18:26:28 +02006703 }
6704
6705 } else
6706#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006707 ret = SSL_write(ctx->ssl, b_peek(buf, done), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01006708
Emeric Brune1f38db2012-09-03 20:36:47 +02006709 if (conn->flags & CO_FL_ERROR) {
6710 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01006711 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02006712 }
Emeric Brun46591952012-05-18 15:47:34 +02006713 if (ret > 0) {
Olivier Houchardf24502b2019-01-17 19:09:11 +01006714 /* A send succeeded, so we can consier ourself connected */
6715 conn->flags |= CO_FL_CONNECTED;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006716 ctx->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau787db9a2018-06-14 18:31:46 +02006717 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02006718 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02006719 }
6720 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006721 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006722
Emeric Brun46591952012-05-18 15:47:34 +02006723 if (ret == SSL_ERROR_WANT_WRITE) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006724 if (SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun282a76a2012-11-08 18:02:56 +01006725 /* handshake is running, and it may need to re-enable write */
6726 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006727 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006728#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006729 /* Async mode can be re-enabled, because we're leaving data state.*/
6730 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006731 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006732#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01006733 break;
6734 }
Olivier Houchardea8dd942019-05-20 14:02:16 +02006735
Emeric Brun46591952012-05-18 15:47:34 +02006736 break;
6737 }
6738 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01006739 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02006740 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006741 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6742 SUB_RETRY_RECV,
6743 &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006744#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006745 /* Async mode can be re-enabled, because we're leaving data state.*/
6746 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006747 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006748#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006749 break;
6750 }
Emeric Brun46591952012-05-18 15:47:34 +02006751 goto out_error;
6752 }
6753 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006754 leave:
Emeric Brun46591952012-05-18 15:47:34 +02006755 return done;
6756
6757 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01006758 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006759 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006760 ERR_clear_error();
6761
Emeric Brun46591952012-05-18 15:47:34 +02006762 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006763 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02006764}
6765
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006766static void ssl_sock_close(struct connection *conn, void *xprt_ctx) {
Emeric Brun46591952012-05-18 15:47:34 +02006767
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006768 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006769
Olivier Houchardea8dd942019-05-20 14:02:16 +02006770
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006771 if (ctx) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006772 if (ctx->wait_event.events != 0)
6773 ctx->xprt->unsubscribe(ctx->conn, ctx->xprt_ctx,
6774 ctx->wait_event.events,
6775 &ctx->wait_event);
6776 if (ctx->send_wait) {
6777 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006778 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006779 }
6780 if (ctx->recv_wait) {
6781 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006782 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006783 }
Olivier Houchard692c1d02019-05-23 18:41:47 +02006784 if (ctx->xprt->close)
6785 ctx->xprt->close(conn, ctx->xprt_ctx);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006786#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02006787 if (global_ssl.async) {
6788 OSSL_ASYNC_FD all_fd[32], afd;
6789 size_t num_all_fds = 0;
6790 int i;
6791
Olivier Houchard66ab4982019-02-26 18:37:15 +01006792 SSL_get_all_async_fds(ctx->ssl, NULL, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006793 if (num_all_fds > 32) {
6794 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
6795 return;
6796 }
6797
Olivier Houchard66ab4982019-02-26 18:37:15 +01006798 SSL_get_all_async_fds(ctx->ssl, all_fd, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006799
6800 /* If an async job is pending, we must try to
6801 to catch the end using polling before calling
6802 SSL_free */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006803 if (num_all_fds && SSL_waiting_for_async(ctx->ssl)) {
Emeric Brun3854e012017-05-17 20:42:48 +02006804 for (i=0 ; i < num_all_fds ; i++) {
6805 /* switch on an handler designed to
6806 * handle the SSL_free
6807 */
6808 afd = all_fd[i];
6809 fdtab[afd].iocb = ssl_async_fd_free;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006810 fdtab[afd].owner = ctx->ssl;
Emeric Brun3854e012017-05-17 20:42:48 +02006811 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00006812 /* To ensure that the fd cache won't be used
6813 * and we'll catch a real RD event.
6814 */
6815 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02006816 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006817 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006818 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006819 _HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006820 return;
6821 }
Emeric Brun3854e012017-05-17 20:42:48 +02006822 /* Else we can remove the fds from the fdtab
6823 * and call SSL_free.
6824 * note: we do a fd_remove and not a delete
6825 * because the fd is owned by the engine.
6826 * the engine is responsible to close
6827 */
6828 for (i=0 ; i < num_all_fds ; i++)
6829 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006830 }
6831#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006832 SSL_free(ctx->ssl);
Olivier Houchard54907bb2019-12-19 15:02:39 +01006833 b_free(&ctx->early_buf);
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006834 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006835 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006836 _HA_ATOMIC_SUB(&sslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006837 }
Emeric Brun46591952012-05-18 15:47:34 +02006838}
6839
6840/* This function tries to perform a clean shutdown on an SSL connection, and in
6841 * any case, flags the connection as reusable if no handshake was in progress.
6842 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006843static void ssl_sock_shutw(struct connection *conn, void *xprt_ctx, int clean)
Emeric Brun46591952012-05-18 15:47:34 +02006844{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006845 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006846
Emeric Brun46591952012-05-18 15:47:34 +02006847 if (conn->flags & CO_FL_HANDSHAKE)
6848 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01006849 if (!clean)
6850 /* don't sent notify on SSL_shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006851 SSL_set_quiet_shutdown(ctx->ssl, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006852 /* no handshake was in progress, try a clean ssl shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006853 if (SSL_shutdown(ctx->ssl) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01006854 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006855 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006856 ERR_clear_error();
6857 }
Emeric Brun46591952012-05-18 15:47:34 +02006858}
6859
William Lallemandd4f946c2019-12-05 10:26:40 +01006860/* fill a buffer with the algorithm and size of a public key */
6861static int cert_get_pkey_algo(X509 *crt, struct buffer *out)
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006862{
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006863 int bits = 0;
6864 int sig = TLSEXT_signature_anonymous;
6865 int len = -1;
Emmanuel Hocdetc3775d22019-11-04 18:19:32 +01006866 EVP_PKEY *pkey;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006867
Emmanuel Hocdetc3775d22019-11-04 18:19:32 +01006868 pkey = X509_get_pubkey(crt);
6869 if (pkey) {
6870 bits = EVP_PKEY_bits(pkey);
6871 switch(EVP_PKEY_base_id(pkey)) {
6872 case EVP_PKEY_RSA:
6873 sig = TLSEXT_signature_rsa;
6874 break;
6875 case EVP_PKEY_EC:
6876 sig = TLSEXT_signature_ecdsa;
6877 break;
6878 case EVP_PKEY_DSA:
6879 sig = TLSEXT_signature_dsa;
6880 break;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006881 }
Emmanuel Hocdetc3775d22019-11-04 18:19:32 +01006882 EVP_PKEY_free(pkey);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006883 }
6884
6885 switch(sig) {
6886 case TLSEXT_signature_rsa:
6887 len = chunk_printf(out, "RSA%d", bits);
6888 break;
6889 case TLSEXT_signature_ecdsa:
6890 len = chunk_printf(out, "EC%d", bits);
6891 break;
6892 case TLSEXT_signature_dsa:
6893 len = chunk_printf(out, "DSA%d", bits);
6894 break;
6895 default:
6896 return 0;
6897 }
6898 if (len < 0)
6899 return 0;
6900 return 1;
6901}
6902
William Lallemandd4f946c2019-12-05 10:26:40 +01006903/* used for ppv2 pkey alog (can be used for logging) */
6904int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
6905{
6906 struct ssl_sock_ctx *ctx;
6907 X509 *crt;
6908
6909 if (!ssl_sock_is_ssl(conn))
6910 return 0;
6911
6912 ctx = conn->xprt_ctx;
6913
6914 crt = SSL_get_certificate(ctx->ssl);
6915 if (!crt)
6916 return 0;
6917
6918 return cert_get_pkey_algo(crt, out);
6919}
6920
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006921/* used for ppv2 cert signature (can be used for logging) */
6922const char *ssl_sock_get_cert_sig(struct connection *conn)
6923{
Christopher Faulet82004142019-09-10 10:12:03 +02006924 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006925
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006926 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
6927 X509 *crt;
6928
6929 if (!ssl_sock_is_ssl(conn))
6930 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006931 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006932 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006933 if (!crt)
6934 return NULL;
6935 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6936 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
6937}
6938
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006939/* used for ppv2 authority */
6940const char *ssl_sock_get_sni(struct connection *conn)
6941{
6942#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet82004142019-09-10 10:12:03 +02006943 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006944
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006945 if (!ssl_sock_is_ssl(conn))
6946 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006947 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006948 return SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006949#else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006950 return NULL;
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006951#endif
6952}
6953
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006954/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006955const char *ssl_sock_get_cipher_name(struct connection *conn)
6956{
Christopher Faulet82004142019-09-10 10:12:03 +02006957 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006958
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006959 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006960 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006961 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006962 return SSL_get_cipher_name(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006963}
6964
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006965/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006966const char *ssl_sock_get_proto_version(struct connection *conn)
6967{
Christopher Faulet82004142019-09-10 10:12:03 +02006968 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006969
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006970 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006971 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006972 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006973 return SSL_get_version(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006974}
6975
Willy Tarreau8d598402012-10-22 17:58:39 +02006976/* Extract a serial from a cert, and copy it to a chunk.
6977 * Returns 1 if serial is found and copied, 0 if no serial found and
6978 * -1 if output is not large enough.
6979 */
6980static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006981ssl_sock_get_serial(X509 *crt, struct buffer *out)
Willy Tarreau8d598402012-10-22 17:58:39 +02006982{
6983 ASN1_INTEGER *serial;
6984
6985 serial = X509_get_serialNumber(crt);
6986 if (!serial)
6987 return 0;
6988
6989 if (out->size < serial->length)
6990 return -1;
6991
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006992 memcpy(out->area, serial->data, serial->length);
6993 out->data = serial->length;
Willy Tarreau8d598402012-10-22 17:58:39 +02006994 return 1;
6995}
6996
Emeric Brun43e79582014-10-29 19:03:26 +01006997/* Extract a cert to der, and copy it to a chunk.
Joseph Herlant017b3da2018-11-15 09:07:59 -08006998 * Returns 1 if the cert is found and copied, 0 on der conversion failure
6999 * and -1 if the output is not large enough.
Emeric Brun43e79582014-10-29 19:03:26 +01007000 */
7001static int
Willy Tarreau83061a82018-07-13 11:56:34 +02007002ssl_sock_crt2der(X509 *crt, struct buffer *out)
Emeric Brun43e79582014-10-29 19:03:26 +01007003{
7004 int len;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007005 unsigned char *p = (unsigned char *) out->area;;
Emeric Brun43e79582014-10-29 19:03:26 +01007006
7007 len =i2d_X509(crt, NULL);
7008 if (len <= 0)
7009 return 1;
7010
7011 if (out->size < len)
7012 return -1;
7013
7014 i2d_X509(crt,&p);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007015 out->data = len;
Emeric Brun43e79582014-10-29 19:03:26 +01007016 return 1;
7017}
7018
Emeric Brunce5ad802012-10-22 14:11:22 +02007019
Willy Tarreau83061a82018-07-13 11:56:34 +02007020/* Copy Date in ASN1_UTCTIME format in struct buffer out.
Emeric Brunce5ad802012-10-22 14:11:22 +02007021 * Returns 1 if serial is found and copied, 0 if no valid time found
7022 * and -1 if output is not large enough.
7023 */
7024static int
Willy Tarreau83061a82018-07-13 11:56:34 +02007025ssl_sock_get_time(ASN1_TIME *tm, struct buffer *out)
Emeric Brunce5ad802012-10-22 14:11:22 +02007026{
7027 if (tm->type == V_ASN1_GENERALIZEDTIME) {
7028 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
7029
7030 if (gentm->length < 12)
7031 return 0;
7032 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
7033 return 0;
7034 if (out->size < gentm->length-2)
7035 return -1;
7036
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007037 memcpy(out->area, gentm->data+2, gentm->length-2);
7038 out->data = gentm->length-2;
Emeric Brunce5ad802012-10-22 14:11:22 +02007039 return 1;
7040 }
7041 else if (tm->type == V_ASN1_UTCTIME) {
7042 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
7043
7044 if (utctm->length < 10)
7045 return 0;
7046 if (utctm->data[0] >= 0x35)
7047 return 0;
7048 if (out->size < utctm->length)
7049 return -1;
7050
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007051 memcpy(out->area, utctm->data, utctm->length);
7052 out->data = utctm->length;
Emeric Brunce5ad802012-10-22 14:11:22 +02007053 return 1;
7054 }
7055
7056 return 0;
7057}
7058
Emeric Brun87855892012-10-17 17:39:35 +02007059/* Extract an entry from a X509_NAME and copy its value to an output chunk.
7060 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
7061 */
7062static int
Willy Tarreau83061a82018-07-13 11:56:34 +02007063ssl_sock_get_dn_entry(X509_NAME *a, const struct buffer *entry, int pos,
7064 struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02007065{
7066 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007067 ASN1_OBJECT *obj;
7068 ASN1_STRING *data;
7069 const unsigned char *data_ptr;
7070 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02007071 int i, j, n;
7072 int cur = 0;
7073 const char *s;
7074 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007075 int name_count;
7076
7077 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02007078
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007079 out->data = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007080 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02007081 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007082 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02007083 else
7084 j = i;
7085
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007086 ne = X509_NAME_get_entry(a, j);
7087 obj = X509_NAME_ENTRY_get_object(ne);
7088 data = X509_NAME_ENTRY_get_data(ne);
7089 data_ptr = ASN1_STRING_get0_data(data);
7090 data_len = ASN1_STRING_length(data);
7091 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02007092 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007093 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02007094 s = tmp;
7095 }
7096
7097 if (chunk_strcasecmp(entry, s) != 0)
7098 continue;
7099
7100 if (pos < 0)
7101 cur--;
7102 else
7103 cur++;
7104
7105 if (cur != pos)
7106 continue;
7107
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007108 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02007109 return -1;
7110
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007111 memcpy(out->area, data_ptr, data_len);
7112 out->data = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02007113 return 1;
7114 }
7115
7116 return 0;
7117
William Lallemandd4f946c2019-12-05 10:26:40 +01007118}
7119
7120/*
7121 * Extract and format the DNS SAN extensions and copy result into a chuink
7122 * Return 0;
7123 */
7124#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
7125static int ssl_sock_get_san_oneline(X509 *cert, struct buffer *out)
7126{
7127 int i;
7128 char *str;
7129 STACK_OF(GENERAL_NAME) *names = NULL;
7130
7131 names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
7132 if (names) {
7133 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
7134 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
7135 if (i > 0)
7136 chunk_appendf(out, ", ");
7137 if (name->type == GEN_DNS) {
7138 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
7139 chunk_appendf(out, "DNS:%s", str);
7140 OPENSSL_free(str);
7141 }
7142 }
7143 }
7144 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
7145 }
7146 return 0;
Emeric Brun87855892012-10-17 17:39:35 +02007147}
William Lallemandd4f946c2019-12-05 10:26:40 +01007148#endif
Emeric Brun87855892012-10-17 17:39:35 +02007149
7150/* Extract and format full DN from a X509_NAME and copy result into a chunk
7151 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
7152 */
7153static int
Willy Tarreau83061a82018-07-13 11:56:34 +02007154ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02007155{
7156 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007157 ASN1_OBJECT *obj;
7158 ASN1_STRING *data;
7159 const unsigned char *data_ptr;
7160 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02007161 int i, n, ln;
7162 int l = 0;
7163 const char *s;
7164 char *p;
7165 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007166 int name_count;
7167
7168
7169 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02007170
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007171 out->data = 0;
7172 p = out->area;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007173 for (i = 0; i < name_count; i++) {
7174 ne = X509_NAME_get_entry(a, i);
7175 obj = X509_NAME_ENTRY_get_object(ne);
7176 data = X509_NAME_ENTRY_get_data(ne);
7177 data_ptr = ASN1_STRING_get0_data(data);
7178 data_len = ASN1_STRING_length(data);
7179 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02007180 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007181 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02007182 s = tmp;
7183 }
7184 ln = strlen(s);
7185
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007186 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02007187 if (l > out->size)
7188 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007189 out->data = l;
Emeric Brun87855892012-10-17 17:39:35 +02007190
7191 *(p++)='/';
7192 memcpy(p, s, ln);
7193 p += ln;
7194 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007195 memcpy(p, data_ptr, data_len);
7196 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02007197 }
7198
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007199 if (!out->data)
Emeric Brun87855892012-10-17 17:39:35 +02007200 return 0;
7201
7202 return 1;
7203}
7204
Olivier Houchardab28a322018-12-21 19:45:40 +01007205void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int len)
7206{
7207#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Christopher Faulet82004142019-09-10 10:12:03 +02007208 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007209
Olivier Houcharde488ea82019-06-28 14:10:33 +02007210 if (!ssl_sock_is_ssl(conn))
7211 return;
Christopher Faulet82004142019-09-10 10:12:03 +02007212 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007213 SSL_set_alpn_protos(ctx->ssl, alpn, len);
Olivier Houchardab28a322018-12-21 19:45:40 +01007214#endif
7215}
7216
Willy Tarreau119a4082016-12-22 21:58:38 +01007217/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
7218 * to disable SNI.
7219 */
Willy Tarreau63076412015-07-10 11:33:32 +02007220void ssl_sock_set_servername(struct connection *conn, const char *hostname)
7221{
7222#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet82004142019-09-10 10:12:03 +02007223 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007224
Willy Tarreau119a4082016-12-22 21:58:38 +01007225 char *prev_name;
7226
Willy Tarreau63076412015-07-10 11:33:32 +02007227 if (!ssl_sock_is_ssl(conn))
7228 return;
Christopher Faulet82004142019-09-10 10:12:03 +02007229 ctx = conn->xprt_ctx;
Willy Tarreau63076412015-07-10 11:33:32 +02007230
Willy Tarreau119a4082016-12-22 21:58:38 +01007231 /* if the SNI changes, we must destroy the reusable context so that a
7232 * new connection will present a new SNI. As an optimization we could
7233 * later imagine having a small cache of ssl_ctx to hold a few SNI per
7234 * server.
7235 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007236 prev_name = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau119a4082016-12-22 21:58:38 +01007237 if ((!prev_name && hostname) ||
7238 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
Olivier Houchard66ab4982019-02-26 18:37:15 +01007239 SSL_set_session(ctx->ssl, NULL);
Willy Tarreau119a4082016-12-22 21:58:38 +01007240
Olivier Houchard66ab4982019-02-26 18:37:15 +01007241 SSL_set_tlsext_host_name(ctx->ssl, hostname);
Willy Tarreau63076412015-07-10 11:33:32 +02007242#endif
7243}
7244
Emeric Brun0abf8362014-06-24 18:26:41 +02007245/* Extract peer certificate's common name into the chunk dest
7246 * Returns
7247 * the len of the extracted common name
7248 * or 0 if no CN found in DN
7249 * or -1 on error case (i.e. no peer certificate)
7250 */
Willy Tarreau83061a82018-07-13 11:56:34 +02007251int ssl_sock_get_remote_common_name(struct connection *conn,
7252 struct buffer *dest)
David Safb76832014-05-08 23:42:08 -04007253{
Christopher Faulet82004142019-09-10 10:12:03 +02007254 struct ssl_sock_ctx *ctx;
David Safb76832014-05-08 23:42:08 -04007255 X509 *crt = NULL;
7256 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04007257 const char find_cn[] = "CN";
Willy Tarreau83061a82018-07-13 11:56:34 +02007258 const struct buffer find_cn_chunk = {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007259 .area = (char *)&find_cn,
7260 .data = sizeof(find_cn)-1
David Safb76832014-05-08 23:42:08 -04007261 };
Emeric Brun0abf8362014-06-24 18:26:41 +02007262 int result = -1;
David Safb76832014-05-08 23:42:08 -04007263
7264 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02007265 goto out;
Christopher Faulet82004142019-09-10 10:12:03 +02007266 ctx = conn->xprt_ctx;
David Safb76832014-05-08 23:42:08 -04007267
7268 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007269 crt = SSL_get_peer_certificate(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04007270 if (!crt)
7271 goto out;
7272
7273 name = X509_get_subject_name(crt);
7274 if (!name)
7275 goto out;
David Safb76832014-05-08 23:42:08 -04007276
Emeric Brun0abf8362014-06-24 18:26:41 +02007277 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
7278out:
David Safb76832014-05-08 23:42:08 -04007279 if (crt)
7280 X509_free(crt);
7281
7282 return result;
7283}
7284
Dave McCowan328fb582014-07-30 10:39:13 -04007285/* returns 1 if client passed a certificate for this session, 0 if not */
7286int ssl_sock_get_cert_used_sess(struct connection *conn)
7287{
Christopher Faulet82004142019-09-10 10:12:03 +02007288 struct ssl_sock_ctx *ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04007289 X509 *crt = NULL;
7290
7291 if (!ssl_sock_is_ssl(conn))
7292 return 0;
Christopher Faulet82004142019-09-10 10:12:03 +02007293 ctx = conn->xprt_ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04007294
7295 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007296 crt = SSL_get_peer_certificate(ctx->ssl);
Dave McCowan328fb582014-07-30 10:39:13 -04007297 if (!crt)
7298 return 0;
7299
7300 X509_free(crt);
7301 return 1;
7302}
7303
7304/* returns 1 if client passed a certificate for this connection, 0 if not */
7305int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04007306{
Christopher Faulet82004142019-09-10 10:12:03 +02007307 struct ssl_sock_ctx *ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007308
David Safb76832014-05-08 23:42:08 -04007309 if (!ssl_sock_is_ssl(conn))
7310 return 0;
Christopher Faulet82004142019-09-10 10:12:03 +02007311 ctx = conn->xprt_ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007312 return SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
David Safb76832014-05-08 23:42:08 -04007313}
7314
7315/* returns result from SSL verify */
7316unsigned int ssl_sock_get_verify_result(struct connection *conn)
7317{
Christopher Faulet82004142019-09-10 10:12:03 +02007318 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007319
David Safb76832014-05-08 23:42:08 -04007320 if (!ssl_sock_is_ssl(conn))
7321 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
Christopher Faulet82004142019-09-10 10:12:03 +02007322 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007323 return (unsigned int)SSL_get_verify_result(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04007324}
7325
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007326/* Returns the application layer protocol name in <str> and <len> when known.
7327 * Zero is returned if the protocol name was not found, otherwise non-zero is
7328 * returned. The string is allocated in the SSL context and doesn't have to be
7329 * freed by the caller. NPN is also checked if available since older versions
7330 * of openssl (1.0.1) which are more common in field only support this one.
7331 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01007332static int ssl_sock_get_alpn(const struct connection *conn, void *xprt_ctx, const char **str, int *len)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007333{
Olivier Houchard66ab4982019-02-26 18:37:15 +01007334#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) || \
7335 defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houcharde179d0e2019-03-21 18:27:17 +01007336 struct ssl_sock_ctx *ctx = xprt_ctx;
7337 if (!ctx)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007338 return 0;
7339
7340 *str = NULL;
7341
7342#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Olivier Houchard66ab4982019-02-26 18:37:15 +01007343 SSL_get0_alpn_selected(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007344 if (*str)
7345 return 1;
7346#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01007347#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007348 SSL_get0_next_proto_negotiated(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007349 if (*str)
7350 return 1;
7351#endif
Olivier Houcharde179d0e2019-03-21 18:27:17 +01007352#endif
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007353 return 0;
7354}
7355
Willy Tarreau7875d092012-09-10 08:20:03 +02007356/***** Below are some sample fetching functions for ACL/patterns *****/
7357
Olivier Houchardccaa7de2017-10-02 11:51:03 +02007358static int
7359smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
7360{
7361 struct connection *conn;
7362
7363 conn = objt_conn(smp->sess->origin);
7364 if (!conn || conn->xprt != &ssl_sock)
7365 return 0;
7366
7367 smp->flags = 0;
7368 smp->data.type = SMP_T_BOOL;
Emmanuel Hocdetc9858012019-08-07 14:44:49 +02007369#ifdef OPENSSL_IS_BORINGSSL
7370 {
7371 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
7372 smp->data.u.sint = (SSL_in_early_data(ctx->ssl) &&
7373 SSL_early_data_accepted(ctx->ssl));
7374 }
7375#else
Olivier Houchard25ae45a2017-11-29 19:51:19 +01007376 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
7377 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_HANDSHAKE))) ? 1 : 0;
Emmanuel Hocdetc9858012019-08-07 14:44:49 +02007378#endif
Olivier Houchardccaa7de2017-10-02 11:51:03 +02007379 return 1;
7380}
7381
Emeric Brune64aef12012-09-21 13:15:06 +02007382/* boolean, returns true if client cert was present */
7383static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007384smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02007385{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007386 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007387 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007388
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007389 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007390 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02007391 return 0;
7392
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007393 ctx = conn->xprt_ctx;
7394
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007395 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02007396 smp->flags |= SMP_F_MAY_CHANGE;
7397 return 0;
7398 }
7399
7400 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007401 smp->data.type = SMP_T_BOOL;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007402 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02007403
7404 return 1;
7405}
7406
Emeric Brun43e79582014-10-29 19:03:26 +01007407/* binary, returns a certificate in a binary chunk (der/raw).
7408 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7409 * should be use.
7410 */
7411static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007412smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01007413{
7414 int cert_peer = (kw[4] == 'c') ? 1 : 0;
7415 X509 *crt = NULL;
7416 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007417 struct buffer *smp_trash;
Emeric Brun43e79582014-10-29 19:03:26 +01007418 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007419 struct ssl_sock_ctx *ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01007420
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007421 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01007422 if (!conn || conn->xprt != &ssl_sock)
7423 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007424 ctx = conn->xprt_ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01007425
7426 if (!(conn->flags & CO_FL_CONNECTED)) {
7427 smp->flags |= SMP_F_MAY_CHANGE;
7428 return 0;
7429 }
7430
7431 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007432 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01007433 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007434 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01007435
7436 if (!crt)
7437 goto out;
7438
7439 smp_trash = get_trash_chunk();
7440 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
7441 goto out;
7442
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007443 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007444 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01007445 ret = 1;
7446out:
7447 /* SSL_get_peer_certificate, it increase X509 * ref count */
7448 if (cert_peer && crt)
7449 X509_free(crt);
7450 return ret;
7451}
7452
Emeric Brunba841a12014-04-30 17:05:08 +02007453/* binary, returns serial of certificate in a binary chunk.
7454 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7455 * should be use.
7456 */
Willy Tarreau8d598402012-10-22 17:58:39 +02007457static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007458smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02007459{
Emeric Brunba841a12014-04-30 17:05:08 +02007460 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02007461 X509 *crt = NULL;
7462 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007463 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007464 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007465 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007466
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007467 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007468 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02007469 return 0;
7470
Olivier Houchard66ab4982019-02-26 18:37:15 +01007471 ctx = conn->xprt_ctx;
7472
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007473 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02007474 smp->flags |= SMP_F_MAY_CHANGE;
7475 return 0;
7476 }
7477
Emeric Brunba841a12014-04-30 17:05:08 +02007478 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007479 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007480 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007481 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007482
Willy Tarreau8d598402012-10-22 17:58:39 +02007483 if (!crt)
7484 goto out;
7485
Willy Tarreau47ca5452012-12-23 20:22:19 +01007486 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02007487 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
7488 goto out;
7489
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007490 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007491 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02007492 ret = 1;
7493out:
Emeric Brunba841a12014-04-30 17:05:08 +02007494 /* SSL_get_peer_certificate, it increase X509 * ref count */
7495 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02007496 X509_free(crt);
7497 return ret;
7498}
Emeric Brune64aef12012-09-21 13:15:06 +02007499
Emeric Brunba841a12014-04-30 17:05:08 +02007500/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
7501 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7502 * should be use.
7503 */
James Votha051b4a2013-05-14 20:37:59 +02007504static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007505smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02007506{
Emeric Brunba841a12014-04-30 17:05:08 +02007507 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02007508 X509 *crt = NULL;
7509 const EVP_MD *digest;
7510 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007511 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007512 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007513 struct ssl_sock_ctx *ctx;
James Votha051b4a2013-05-14 20:37:59 +02007514
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007515 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007516 if (!conn || conn->xprt != &ssl_sock)
7517 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007518 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007519
7520 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02007521 smp->flags |= SMP_F_MAY_CHANGE;
7522 return 0;
7523 }
7524
Emeric Brunba841a12014-04-30 17:05:08 +02007525 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007526 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007527 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007528 crt = SSL_get_certificate(ctx->ssl);
James Votha051b4a2013-05-14 20:37:59 +02007529 if (!crt)
7530 goto out;
7531
7532 smp_trash = get_trash_chunk();
7533 digest = EVP_sha1();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007534 X509_digest(crt, digest, (unsigned char *) smp_trash->area,
7535 (unsigned int *)&smp_trash->data);
James Votha051b4a2013-05-14 20:37:59 +02007536
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007537 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007538 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02007539 ret = 1;
7540out:
Emeric Brunba841a12014-04-30 17:05:08 +02007541 /* SSL_get_peer_certificate, it increase X509 * ref count */
7542 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02007543 X509_free(crt);
7544 return ret;
7545}
7546
Emeric Brunba841a12014-04-30 17:05:08 +02007547/* string, returns certificate's notafter date in ASN1_UTCTIME format.
7548 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7549 * should be use.
7550 */
Emeric Brunce5ad802012-10-22 14:11:22 +02007551static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007552smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02007553{
Emeric Brunba841a12014-04-30 17:05:08 +02007554 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02007555 X509 *crt = NULL;
7556 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007557 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007558 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007559 struct ssl_sock_ctx *ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02007560
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007561 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007562 if (!conn || conn->xprt != &ssl_sock)
7563 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007564 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007565
7566 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02007567 smp->flags |= SMP_F_MAY_CHANGE;
7568 return 0;
7569 }
7570
Emeric Brunba841a12014-04-30 17:05:08 +02007571 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007572 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007573 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007574 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02007575 if (!crt)
7576 goto out;
7577
Willy Tarreau47ca5452012-12-23 20:22:19 +01007578 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08007579 if (ssl_sock_get_time(X509_getm_notAfter(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02007580 goto out;
7581
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007582 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007583 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02007584 ret = 1;
7585out:
Emeric Brunba841a12014-04-30 17:05:08 +02007586 /* SSL_get_peer_certificate, it increase X509 * ref count */
7587 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02007588 X509_free(crt);
7589 return ret;
7590}
7591
Emeric Brunba841a12014-04-30 17:05:08 +02007592/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
7593 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7594 * should be use.
7595 */
Emeric Brun87855892012-10-17 17:39:35 +02007596static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007597smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02007598{
Emeric Brunba841a12014-04-30 17:05:08 +02007599 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02007600 X509 *crt = NULL;
7601 X509_NAME *name;
7602 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007603 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007604 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007605 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02007606
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007607 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007608 if (!conn || conn->xprt != &ssl_sock)
7609 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007610 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007611
7612 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02007613 smp->flags |= SMP_F_MAY_CHANGE;
7614 return 0;
7615 }
7616
Emeric Brunba841a12014-04-30 17:05:08 +02007617 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007618 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007619 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007620 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02007621 if (!crt)
7622 goto out;
7623
7624 name = X509_get_issuer_name(crt);
7625 if (!name)
7626 goto out;
7627
Willy Tarreau47ca5452012-12-23 20:22:19 +01007628 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02007629 if (args && args[0].type == ARGT_STR) {
7630 int pos = 1;
7631
7632 if (args[1].type == ARGT_SINT)
7633 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02007634
7635 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
7636 goto out;
7637 }
7638 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
7639 goto out;
7640
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007641 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007642 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02007643 ret = 1;
7644out:
Emeric Brunba841a12014-04-30 17:05:08 +02007645 /* SSL_get_peer_certificate, it increase X509 * ref count */
7646 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02007647 X509_free(crt);
7648 return ret;
7649}
7650
Emeric Brunba841a12014-04-30 17:05:08 +02007651/* string, returns notbefore date in ASN1_UTCTIME format.
7652 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7653 * should be use.
7654 */
Emeric Brunce5ad802012-10-22 14:11:22 +02007655static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007656smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02007657{
Emeric Brunba841a12014-04-30 17:05:08 +02007658 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02007659 X509 *crt = NULL;
7660 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007661 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007662 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007663 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007664
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007665 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007666 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02007667 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007668 ctx = conn->xprt_ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02007669
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007670 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02007671 smp->flags |= SMP_F_MAY_CHANGE;
7672 return 0;
7673 }
7674
Emeric Brunba841a12014-04-30 17:05:08 +02007675 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007676 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007677 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007678 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02007679 if (!crt)
7680 goto out;
7681
Willy Tarreau47ca5452012-12-23 20:22:19 +01007682 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08007683 if (ssl_sock_get_time(X509_getm_notBefore(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02007684 goto out;
7685
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007686 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007687 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02007688 ret = 1;
7689out:
Emeric Brunba841a12014-04-30 17:05:08 +02007690 /* SSL_get_peer_certificate, it increase X509 * ref count */
7691 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02007692 X509_free(crt);
7693 return ret;
7694}
7695
Emeric Brunba841a12014-04-30 17:05:08 +02007696/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
7697 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7698 * should be use.
7699 */
Emeric Brun87855892012-10-17 17:39:35 +02007700static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007701smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02007702{
Emeric Brunba841a12014-04-30 17:05:08 +02007703 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02007704 X509 *crt = NULL;
7705 X509_NAME *name;
7706 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007707 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007708 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007709 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02007710
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007711 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007712 if (!conn || conn->xprt != &ssl_sock)
7713 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007714 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007715
7716 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02007717 smp->flags |= SMP_F_MAY_CHANGE;
7718 return 0;
7719 }
7720
Emeric Brunba841a12014-04-30 17:05:08 +02007721 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007722 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007723 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007724 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02007725 if (!crt)
7726 goto out;
7727
7728 name = X509_get_subject_name(crt);
7729 if (!name)
7730 goto out;
7731
Willy Tarreau47ca5452012-12-23 20:22:19 +01007732 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02007733 if (args && args[0].type == ARGT_STR) {
7734 int pos = 1;
7735
7736 if (args[1].type == ARGT_SINT)
7737 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02007738
7739 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
7740 goto out;
7741 }
7742 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
7743 goto out;
7744
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007745 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007746 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02007747 ret = 1;
7748out:
Emeric Brunba841a12014-04-30 17:05:08 +02007749 /* SSL_get_peer_certificate, it increase X509 * ref count */
7750 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02007751 X509_free(crt);
7752 return ret;
7753}
Emeric Brun9143d372012-12-20 15:44:16 +01007754
7755/* integer, returns true if current session use a client certificate */
7756static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007757smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01007758{
7759 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007760 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007761 struct ssl_sock_ctx *ctx;
Emeric Brun9143d372012-12-20 15:44:16 +01007762
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007763 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007764 if (!conn || conn->xprt != &ssl_sock)
7765 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007766 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007767
7768 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01007769 smp->flags |= SMP_F_MAY_CHANGE;
7770 return 0;
7771 }
7772
7773 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007774 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun9143d372012-12-20 15:44:16 +01007775 if (crt) {
7776 X509_free(crt);
7777 }
7778
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007779 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007780 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01007781 return 1;
7782}
7783
Emeric Brunba841a12014-04-30 17:05:08 +02007784/* integer, returns the certificate version
7785 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7786 * should be use.
7787 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02007788static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007789smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007790{
Emeric Brunba841a12014-04-30 17:05:08 +02007791 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007792 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007793 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007794 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007795
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007796 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007797 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007798 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007799 ctx = conn->xprt_ctx;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007800
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007801 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02007802 smp->flags |= SMP_F_MAY_CHANGE;
7803 return 0;
7804 }
7805
Emeric Brunba841a12014-04-30 17:05:08 +02007806 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007807 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007808 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007809 crt = SSL_get_certificate(ctx->ssl);
Emeric Bruna7359fd2012-10-17 15:03:11 +02007810 if (!crt)
7811 return 0;
7812
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007813 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02007814 /* SSL_get_peer_certificate increase X509 * ref count */
7815 if (cert_peer)
7816 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007817 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007818
7819 return 1;
7820}
7821
Emeric Brunba841a12014-04-30 17:05:08 +02007822/* string, returns the certificate's signature algorithm.
7823 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7824 * should be use.
7825 */
Emeric Brun7f56e742012-10-19 18:15:40 +02007826static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007827smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02007828{
Emeric Brunba841a12014-04-30 17:05:08 +02007829 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02007830 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007831 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02007832 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007833 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007834 struct ssl_sock_ctx *ctx;
Emeric Brun7f56e742012-10-19 18:15:40 +02007835
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007836 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007837 if (!conn || conn->xprt != &ssl_sock)
7838 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007839 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007840
7841 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02007842 smp->flags |= SMP_F_MAY_CHANGE;
7843 return 0;
7844 }
7845
Emeric Brunba841a12014-04-30 17:05:08 +02007846 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007847 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007848 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007849 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun7f56e742012-10-19 18:15:40 +02007850 if (!crt)
7851 return 0;
7852
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007853 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
7854 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02007855
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007856 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7857 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007858 /* SSL_get_peer_certificate increase X509 * ref count */
7859 if (cert_peer)
7860 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007861 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007862 }
Emeric Brun7f56e742012-10-19 18:15:40 +02007863
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007864 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007865 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007866 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007867 /* SSL_get_peer_certificate increase X509 * ref count */
7868 if (cert_peer)
7869 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007870
7871 return 1;
7872}
7873
Emeric Brunba841a12014-04-30 17:05:08 +02007874/* string, returns the certificate's key algorithm.
7875 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7876 * should be use.
7877 */
Emeric Brun521a0112012-10-22 12:22:55 +02007878static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007879smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02007880{
Emeric Brunba841a12014-04-30 17:05:08 +02007881 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02007882 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007883 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02007884 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007885 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007886 struct ssl_sock_ctx *ctx;
Emeric Brun521a0112012-10-22 12:22:55 +02007887
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007888 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007889 if (!conn || conn->xprt != &ssl_sock)
7890 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007891 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007892
7893 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02007894 smp->flags |= SMP_F_MAY_CHANGE;
7895 return 0;
7896 }
7897
Emeric Brunba841a12014-04-30 17:05:08 +02007898 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007899 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007900 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007901 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun521a0112012-10-22 12:22:55 +02007902 if (!crt)
7903 return 0;
7904
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007905 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
7906 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02007907
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007908 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7909 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007910 /* SSL_get_peer_certificate increase X509 * ref count */
7911 if (cert_peer)
7912 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007913 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007914 }
Emeric Brun521a0112012-10-22 12:22:55 +02007915
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007916 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007917 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007918 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007919 if (cert_peer)
7920 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007921
7922 return 1;
7923}
7924
Emeric Brun645ae792014-04-30 14:21:06 +02007925/* boolean, returns true if front conn. transport layer is SSL.
7926 * This function is also usable on backend conn if the fetch keyword 5th
7927 * char is 'b'.
7928 */
Willy Tarreau7875d092012-09-10 08:20:03 +02007929static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007930smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007931{
Emeric Bruneb8def92018-02-19 15:59:48 +01007932 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7933 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007934
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007935 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007936 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02007937 return 1;
7938}
7939
Emeric Brun2525b6b2012-10-18 15:59:43 +02007940/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02007941static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007942smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007943{
7944#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007945 struct connection *conn = objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007946 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007947
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007948 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007949 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007950 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007951 SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02007952 return 1;
7953#else
7954 return 0;
7955#endif
7956}
7957
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007958/* boolean, returns true if client session has been resumed.
7959 * This function is also usable on backend conn if the fetch keyword 5th
7960 * char is 'b'.
7961 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007962static int
7963smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
7964{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007965 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7966 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007967 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007968
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007969
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007970 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007971 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007972 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007973 SSL_session_reused(ctx->ssl);
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007974 return 1;
7975}
7976
Emeric Brun645ae792014-04-30 14:21:06 +02007977/* string, returns the used cipher if front conn. transport layer is SSL.
7978 * This function is also usable on backend conn if the fetch keyword 5th
7979 * char is 'b'.
7980 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007981static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007982smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007983{
Emeric Bruneb8def92018-02-19 15:59:48 +01007984 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7985 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007986 struct ssl_sock_ctx *ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007987
Willy Tarreaube508f12016-03-10 11:47:01 +01007988 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007989 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007990 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007991 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007992
Olivier Houchard66ab4982019-02-26 18:37:15 +01007993 smp->data.u.str.area = (char *)SSL_get_cipher_name(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007994 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007995 return 0;
7996
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007997 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007998 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007999 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02008000
8001 return 1;
8002}
8003
Emeric Brun645ae792014-04-30 14:21:06 +02008004/* integer, returns the algoritm's keysize if front conn. transport layer
8005 * is SSL.
8006 * This function is also usable on backend conn if the fetch keyword 5th
8007 * char is 'b'.
8008 */
Emeric Brun589fcad2012-10-16 14:13:26 +02008009static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008010smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02008011{
Emeric Bruneb8def92018-02-19 15:59:48 +01008012 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8013 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008014 struct ssl_sock_ctx *ctx;
Willy Tarreaue237fe12016-03-10 17:05:28 +01008015 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01008016
Emeric Brun589fcad2012-10-16 14:13:26 +02008017 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008018 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02008019 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008020 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02008021
Olivier Houchard66ab4982019-02-26 18:37:15 +01008022 if (!SSL_get_cipher_bits(ctx->ssl, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008023 return 0;
8024
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02008025 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008026 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02008027
8028 return 1;
8029}
8030
Emeric Brun645ae792014-04-30 14:21:06 +02008031/* integer, returns the used keysize if front conn. transport layer is SSL.
8032 * This function is also usable on backend conn if the fetch keyword 5th
8033 * char is 'b'.
8034 */
Emeric Brun589fcad2012-10-16 14:13:26 +02008035static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008036smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02008037{
Emeric Bruneb8def92018-02-19 15:59:48 +01008038 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8039 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008040 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01008041
Emeric Brun589fcad2012-10-16 14:13:26 +02008042 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008043 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8044 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008045 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008046
Olivier Houchard66ab4982019-02-26 18:37:15 +01008047 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(ctx->ssl, NULL);
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02008048 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02008049 return 0;
8050
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008051 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02008052
8053 return 1;
8054}
8055
Bernard Spil13c53f82018-02-15 13:34:58 +01008056#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau7875d092012-09-10 08:20:03 +02008057static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008058smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02008059{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008060 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008061 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008062
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008063 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008064 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02008065
Olivier Houchard6b77f492018-11-22 18:18:29 +01008066 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
8067 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008068 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8069 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008070 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008071
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008072 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008073 SSL_get0_next_proto_negotiated(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008074 (const unsigned char **)&smp->data.u.str.area,
8075 (unsigned *)&smp->data.u.str.data);
Willy Tarreaua33c6542012-10-15 13:19:06 +02008076
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008077 if (!smp->data.u.str.area)
Willy Tarreaua33c6542012-10-15 13:19:06 +02008078 return 0;
8079
8080 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02008081}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008082#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02008083
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008084#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02008085static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008086smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02008087{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008088 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008089 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008090
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008091 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008092 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02008093
Olivier Houchard6b77f492018-11-22 18:18:29 +01008094 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
8095 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
8096
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008097 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02008098 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008099 ctx = conn->xprt_ctx;
Willy Tarreauab861d32013-04-02 02:30:41 +02008100
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008101 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008102 SSL_get0_alpn_selected(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008103 (const unsigned char **)&smp->data.u.str.area,
8104 (unsigned *)&smp->data.u.str.data);
Willy Tarreauab861d32013-04-02 02:30:41 +02008105
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008106 if (!smp->data.u.str.area)
Willy Tarreauab861d32013-04-02 02:30:41 +02008107 return 0;
8108
8109 return 1;
8110}
8111#endif
8112
Emeric Brun645ae792014-04-30 14:21:06 +02008113/* string, returns the used protocol if front conn. transport layer is SSL.
8114 * This function is also usable on backend conn if the fetch keyword 5th
8115 * char is 'b'.
8116 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02008117static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008118smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02008119{
Emeric Bruneb8def92018-02-19 15:59:48 +01008120 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8121 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008122 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01008123
Emeric Brun589fcad2012-10-16 14:13:26 +02008124 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008125 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8126 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008127 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008128
Olivier Houchard66ab4982019-02-26 18:37:15 +01008129 smp->data.u.str.area = (char *)SSL_get_version(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008130 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02008131 return 0;
8132
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008133 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008134 smp->flags = SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008135 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02008136
8137 return 1;
8138}
8139
Willy Tarreau87b09662015-04-03 00:22:06 +02008140/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02008141 * This function is also usable on backend conn if the fetch keyword 5th
8142 * char is 'b'.
8143 */
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008144#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun589fcad2012-10-16 14:13:26 +02008145static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008146smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02008147{
Emeric Bruneb8def92018-02-19 15:59:48 +01008148 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8149 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01008150 SSL_SESSION *ssl_sess;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008151 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01008152
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008153 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008154 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02008155
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008156 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8157 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008158 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008159
Olivier Houchard66ab4982019-02-26 18:37:15 +01008160 ssl_sess = SSL_get_session(ctx->ssl);
Willy Tarreau192252e2015-04-04 01:47:55 +02008161 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02008162 return 0;
8163
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008164 smp->data.u.str.area = (char *)SSL_SESSION_get_id(ssl_sess,
8165 (unsigned int *)&smp->data.u.str.data);
8166 if (!smp->data.u.str.area || !smp->data.u.str.data)
Emeric Brunfe68f682012-10-16 14:59:28 +02008167 return 0;
8168
8169 return 1;
Emeric Brunfe68f682012-10-16 14:59:28 +02008170}
Patrick Hemmer41966772018-04-28 19:15:48 -04008171#endif
8172
Emeric Brunfe68f682012-10-16 14:59:28 +02008173
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008174#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmere0275472018-04-28 19:15:51 -04008175static int
Patrick Hemmer65674662019-06-04 08:13:03 -04008176smp_fetch_ssl_fc_random(const struct arg *args, struct sample *smp, const char *kw, void *private)
8177{
8178 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8179 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
8180 struct buffer *data;
8181 struct ssl_sock_ctx *ctx;
8182
8183 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8184 return 0;
8185 ctx = conn->xprt_ctx;
8186
8187 data = get_trash_chunk();
8188 if (kw[7] == 'c')
8189 data->data = SSL_get_client_random(ctx->ssl,
8190 (unsigned char *) data->area,
8191 data->size);
8192 else
8193 data->data = SSL_get_server_random(ctx->ssl,
8194 (unsigned char *) data->area,
8195 data->size);
8196 if (!data->data)
8197 return 0;
8198
8199 smp->flags = 0;
8200 smp->data.type = SMP_T_BIN;
8201 smp->data.u.str = *data;
8202
8203 return 1;
8204}
8205
8206static int
Patrick Hemmere0275472018-04-28 19:15:51 -04008207smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
8208{
8209 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8210 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
8211 SSL_SESSION *ssl_sess;
Willy Tarreau83061a82018-07-13 11:56:34 +02008212 struct buffer *data;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008213 struct ssl_sock_ctx *ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04008214
8215 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8216 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008217 ctx = conn->xprt_ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04008218
Olivier Houchard66ab4982019-02-26 18:37:15 +01008219 ssl_sess = SSL_get_session(ctx->ssl);
Patrick Hemmere0275472018-04-28 19:15:51 -04008220 if (!ssl_sess)
8221 return 0;
8222
8223 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008224 data->data = SSL_SESSION_get_master_key(ssl_sess,
8225 (unsigned char *) data->area,
8226 data->size);
8227 if (!data->data)
Patrick Hemmere0275472018-04-28 19:15:51 -04008228 return 0;
8229
8230 smp->flags = 0;
8231 smp->data.type = SMP_T_BIN;
8232 smp->data.u.str = *data;
8233
8234 return 1;
8235}
8236#endif
8237
Patrick Hemmer41966772018-04-28 19:15:48 -04008238#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emeric Brunfe68f682012-10-16 14:59:28 +02008239static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008240smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02008241{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008242 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008243 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008244
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008245 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008246 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02008247
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008248 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008249 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8250 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008251 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008252
Olivier Houchard66ab4982019-02-26 18:37:15 +01008253 smp->data.u.str.area = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008254 if (!smp->data.u.str.area)
Willy Tarreau3e394c92012-09-14 23:56:58 +02008255 return 0;
8256
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008257 smp->data.u.str.data = strlen(smp->data.u.str.area);
Willy Tarreau7875d092012-09-10 08:20:03 +02008258 return 1;
Willy Tarreau7875d092012-09-10 08:20:03 +02008259}
Patrick Hemmer41966772018-04-28 19:15:48 -04008260#endif
Willy Tarreau7875d092012-09-10 08:20:03 +02008261
David Sc1ad52e2014-04-08 18:48:47 -04008262static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008263smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
8264{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008265 struct connection *conn;
8266 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008267 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008268
8269 conn = objt_conn(smp->sess->origin);
8270 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8271 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008272 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008273
Olivier Houchard66ab4982019-02-26 18:37:15 +01008274 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008275 if (!capture)
8276 return 0;
8277
8278 smp->flags = SMP_F_CONST;
8279 smp->data.type = SMP_T_BIN;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008280 smp->data.u.str.area = capture->ciphersuite;
8281 smp->data.u.str.data = capture->ciphersuite_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008282 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008283}
8284
8285static int
8286smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
8287{
Willy Tarreau83061a82018-07-13 11:56:34 +02008288 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008289
8290 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
8291 return 0;
8292
8293 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008294 dump_binary(data, smp->data.u.str.area, smp->data.u.str.data);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008295 smp->data.type = SMP_T_BIN;
8296 smp->data.u.str = *data;
8297 return 1;
8298}
8299
8300static int
8301smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
8302{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008303 struct connection *conn;
8304 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008305 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008306
8307 conn = objt_conn(smp->sess->origin);
8308 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8309 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008310 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008311
Olivier Houchard66ab4982019-02-26 18:37:15 +01008312 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008313 if (!capture)
8314 return 0;
8315
8316 smp->data.type = SMP_T_SINT;
8317 smp->data.u.sint = capture->xxh64;
8318 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008319}
8320
8321static int
8322smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
8323{
Willy Tarreau5db847a2019-05-09 14:13:35 +02008324#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL)
Willy Tarreau83061a82018-07-13 11:56:34 +02008325 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008326 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008327
8328 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
8329 return 0;
8330
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008331 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008332 for (i = 0; i + 1 < smp->data.u.str.data; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02008333 const char *str;
8334 const SSL_CIPHER *cipher;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008335 const unsigned char *bin = (const unsigned char *) smp->data.u.str.area + i;
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02008336 uint16_t id = (bin[0] << 8) | bin[1];
8337#if defined(OPENSSL_IS_BORINGSSL)
8338 cipher = SSL_get_cipher_by_value(id);
8339#else
Willy Tarreaub7290772018-10-15 11:01:59 +02008340 struct connection *conn = __objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01008341 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
8342 cipher = SSL_CIPHER_find(ctx->ssl, bin);
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02008343#endif
8344 str = SSL_CIPHER_get_name(cipher);
8345 if (!str || strcmp(str, "(NONE)") == 0)
8346 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008347 else
8348 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
8349 }
8350 smp->data.type = SMP_T_STR;
8351 smp->data.u.str = *data;
8352 return 1;
8353#else
8354 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
8355#endif
8356}
8357
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008358#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008359static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008360smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04008361{
Emeric Bruneb8def92018-02-19 15:59:48 +01008362 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8363 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04008364 int finished_len;
Willy Tarreau83061a82018-07-13 11:56:34 +02008365 struct buffer *finished_trash;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008366 struct ssl_sock_ctx *ctx;
David Sc1ad52e2014-04-08 18:48:47 -04008367
8368 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04008369 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8370 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008371 ctx = conn->xprt_ctx;
David Sc1ad52e2014-04-08 18:48:47 -04008372
8373 if (!(conn->flags & CO_FL_CONNECTED)) {
8374 smp->flags |= SMP_F_MAY_CHANGE;
8375 return 0;
8376 }
8377
8378 finished_trash = get_trash_chunk();
Olivier Houchard66ab4982019-02-26 18:37:15 +01008379 if (!SSL_session_reused(ctx->ssl))
8380 finished_len = SSL_get_peer_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008381 finished_trash->area,
8382 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04008383 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01008384 finished_len = SSL_get_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008385 finished_trash->area,
8386 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04008387
8388 if (!finished_len)
8389 return 0;
8390
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008391 finished_trash->data = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02008392 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008393 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04008394
8395 return 1;
David Sc1ad52e2014-04-08 18:48:47 -04008396}
Patrick Hemmer41966772018-04-28 19:15:48 -04008397#endif
David Sc1ad52e2014-04-08 18:48:47 -04008398
Emeric Brun2525b6b2012-10-18 15:59:43 +02008399/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02008400static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008401smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02008402{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008403 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008404 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008405
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008406 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008407 if (!conn || conn->xprt != &ssl_sock)
8408 return 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008409 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008410
8411 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02008412 smp->flags = SMP_F_MAY_CHANGE;
8413 return 0;
8414 }
8415
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008416 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008417 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02008418 smp->flags = 0;
8419
8420 return 1;
8421}
8422
Emeric Brun2525b6b2012-10-18 15:59:43 +02008423/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02008424static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008425smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02008426{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008427 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008428 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008429
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008430 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008431 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02008432 return 0;
8433
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008434 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02008435 smp->flags = SMP_F_MAY_CHANGE;
8436 return 0;
8437 }
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008438 ctx = conn->xprt_ctx;
Emeric Brunf282a812012-09-21 15:27:54 +02008439
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008440 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008441 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02008442 smp->flags = 0;
8443
8444 return 1;
8445}
8446
Emeric Brun2525b6b2012-10-18 15:59:43 +02008447/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02008448static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008449smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02008450{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008451 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008452 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008453
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008454 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008455 if (!conn || conn->xprt != &ssl_sock)
8456 return 0;
8457
8458 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02008459 smp->flags = SMP_F_MAY_CHANGE;
8460 return 0;
8461 }
8462
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008463 ctx = conn->xprt_ctx;
8464
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008465 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008466 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02008467 smp->flags = 0;
8468
8469 return 1;
8470}
8471
Emeric Brun2525b6b2012-10-18 15:59:43 +02008472/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008473static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008474smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008475{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008476 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008477 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008478
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008479 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008480 if (!conn || conn->xprt != &ssl_sock)
8481 return 0;
8482
8483 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008484 smp->flags = SMP_F_MAY_CHANGE;
8485 return 0;
8486 }
8487
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008488 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008489 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008490 ctx = conn->xprt_ctx;
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008491
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008492 smp->data.type = SMP_T_SINT;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008493 smp->data.u.sint = (long long int)SSL_get_verify_result(ctx->ssl);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008494 smp->flags = 0;
8495
8496 return 1;
8497}
8498
Emeric Brunfb510ea2012-10-05 12:00:26 +02008499/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008500static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008501{
8502 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008503 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
Emeric Brund94b3fe2012-09-20 18:23:56 +02008504 return ERR_ALERT | ERR_FATAL;
8505 }
8506
Willy Tarreauef934602016-12-22 23:12:01 +01008507 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
8508 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008509 else
8510 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02008511
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +02008512 if (!ssl_store_load_locations_file(conf->ca_file)) {
8513 memprintf(err, "'%s' : unable to load %s", args[cur_arg], conf->ca_file);
8514 return ERR_ALERT | ERR_FATAL;
8515 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02008516 return 0;
8517}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008518static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8519{
8520 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
8521}
Emeric Brund94b3fe2012-09-20 18:23:56 +02008522
Christopher Faulet31af49d2015-06-09 17:29:50 +02008523/* parse the "ca-sign-file" bind keyword */
8524static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8525{
8526 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008527 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02008528 return ERR_ALERT | ERR_FATAL;
8529 }
8530
Willy Tarreauef934602016-12-22 23:12:01 +01008531 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
8532 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02008533 else
8534 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
8535
8536 return 0;
8537}
8538
Bertrand Jacquinff13c062016-11-13 16:37:11 +00008539/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02008540static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8541{
8542 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008543 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02008544 return ERR_ALERT | ERR_FATAL;
8545 }
8546 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
8547 return 0;
8548}
8549
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008550/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008551static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008552{
8553 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02008554 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008555 return ERR_ALERT | ERR_FATAL;
8556 }
8557
Emeric Brun76d88952012-10-05 15:47:31 +02008558 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02008559 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008560 return 0;
8561}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008562static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8563{
8564 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
8565}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008566
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008567#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008568/* parse the "ciphersuites" bind keyword */
8569static int ssl_bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8570{
8571 if (!*args[cur_arg + 1]) {
8572 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
8573 return ERR_ALERT | ERR_FATAL;
8574 }
8575
8576 free(conf->ciphersuites);
8577 conf->ciphersuites = strdup(args[cur_arg + 1]);
8578 return 0;
8579}
8580static int bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8581{
8582 return ssl_bind_parse_ciphersuites(args, cur_arg, px, &conf->ssl_conf, err);
8583}
8584#endif
8585
Willy Tarreaubbc91962019-10-16 16:42:19 +02008586/* parse the "crt" bind keyword. Returns a set of ERR_* flags possibly with an error in <err>. */
Willy Tarreau4348fad2012-09-20 16:48:07 +02008587static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008588{
Willy Tarreau38011032013-08-13 16:59:39 +02008589 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02008590
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008591 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02008592 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008593 return ERR_ALERT | ERR_FATAL;
8594 }
8595
Willy Tarreauef934602016-12-22 23:12:01 +01008596 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
8597 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02008598 memprintf(err, "'%s' : path too long", args[cur_arg]);
8599 return ERR_ALERT | ERR_FATAL;
8600 }
Willy Tarreauef934602016-12-22 23:12:01 +01008601 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreaubbc91962019-10-16 16:42:19 +02008602 return ssl_sock_load_cert(path, conf, err);
Emeric Brunc8e8d122012-10-02 18:42:10 +02008603 }
8604
Willy Tarreaubbc91962019-10-16 16:42:19 +02008605 return ssl_sock_load_cert(args[cur_arg + 1], conf, err);
Emeric Brund94b3fe2012-09-20 18:23:56 +02008606}
8607
Willy Tarreaubbc91962019-10-16 16:42:19 +02008608/* parse the "crt-list" bind keyword. Returns a set of ERR_* flags possibly with an error in <err>. */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008609static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8610{
Willy Tarreaubbc91962019-10-16 16:42:19 +02008611 int err_code;
8612
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008613 if (!*args[cur_arg + 1]) {
8614 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
8615 return ERR_ALERT | ERR_FATAL;
8616 }
8617
Willy Tarreaubbc91962019-10-16 16:42:19 +02008618 err_code = ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err);
8619 if (err_code)
Willy Tarreauad1731d2013-04-02 17:35:58 +02008620 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008621
Willy Tarreaubbc91962019-10-16 16:42:19 +02008622 return err_code;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008623}
8624
Emeric Brunfb510ea2012-10-05 12:00:26 +02008625/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008626static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008627{
Emeric Brun051cdab2012-10-02 19:25:50 +02008628#ifndef X509_V_FLAG_CRL_CHECK
Tim Duesterhus93128532019-11-23 23:45:10 +01008629 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
Emeric Brun051cdab2012-10-02 19:25:50 +02008630 return ERR_ALERT | ERR_FATAL;
8631#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02008632 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008633 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
Emeric Brund94b3fe2012-09-20 18:23:56 +02008634 return ERR_ALERT | ERR_FATAL;
8635 }
Emeric Brun2b58d042012-09-20 17:10:03 +02008636
Willy Tarreauef934602016-12-22 23:12:01 +01008637 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
8638 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008639 else
8640 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02008641
Emmanuel Hocdetb270e812019-11-21 19:09:31 +01008642 if (!ssl_store_load_locations_file(conf->crl_file)) {
8643 memprintf(err, "'%s' : unable to load %s", args[cur_arg], conf->crl_file);
8644 return ERR_ALERT | ERR_FATAL;
8645 }
Emeric Brun2b58d042012-09-20 17:10:03 +02008646 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02008647#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02008648}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008649static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8650{
8651 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
8652}
Emeric Brun2b58d042012-09-20 17:10:03 +02008653
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008654/* parse the "curves" bind keyword keyword */
8655static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8656{
Lukas Tribusd14b49c2019-11-24 18:20:40 +01008657#if ((HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL) || defined(LIBRESSL_VERSION_NUMBER))
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008658 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008659 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008660 return ERR_ALERT | ERR_FATAL;
8661 }
8662 conf->curves = strdup(args[cur_arg + 1]);
8663 return 0;
8664#else
Tim Duesterhus93128532019-11-23 23:45:10 +01008665 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008666 return ERR_ALERT | ERR_FATAL;
8667#endif
8668}
8669static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8670{
8671 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
8672}
8673
Bertrand Jacquinff13c062016-11-13 16:37:11 +00008674/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008675static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02008676{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008677#if HA_OPENSSL_VERSION_NUMBER < 0x0090800fL
Tim Duesterhus93128532019-11-23 23:45:10 +01008678 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
Emeric Brun2b58d042012-09-20 17:10:03 +02008679 return ERR_ALERT | ERR_FATAL;
8680#elif defined(OPENSSL_NO_ECDH)
Tim Duesterhus93128532019-11-23 23:45:10 +01008681 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
Emeric Brun2b58d042012-09-20 17:10:03 +02008682 return ERR_ALERT | ERR_FATAL;
8683#else
8684 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008685 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
Emeric Brun2b58d042012-09-20 17:10:03 +02008686 return ERR_ALERT | ERR_FATAL;
8687 }
8688
8689 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008690
8691 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02008692#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008693}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008694static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8695{
8696 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
8697}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008698
Bertrand Jacquinff13c062016-11-13 16:37:11 +00008699/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02008700static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8701{
8702 int code;
8703 char *p = args[cur_arg + 1];
8704 unsigned long long *ignerr = &conf->crt_ignerr;
8705
8706 if (!*p) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008707 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
Emeric Brun81c00f02012-09-21 14:31:21 +02008708 return ERR_ALERT | ERR_FATAL;
8709 }
8710
8711 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
8712 ignerr = &conf->ca_ignerr;
8713
8714 if (strcmp(p, "all") == 0) {
8715 *ignerr = ~0ULL;
8716 return 0;
8717 }
8718
8719 while (p) {
8720 code = atoi(p);
8721 if ((code <= 0) || (code > 63)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008722 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
8723 args[cur_arg], code, args[cur_arg + 1]);
Emeric Brun81c00f02012-09-21 14:31:21 +02008724 return ERR_ALERT | ERR_FATAL;
8725 }
8726 *ignerr |= 1ULL << code;
8727 p = strchr(p, ',');
8728 if (p)
8729 p++;
8730 }
8731
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008732 return 0;
8733}
8734
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008735/* parse tls_method_options "no-xxx" and "force-xxx" */
8736static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008737{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008738 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008739 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008740 p = strchr(arg, '-');
8741 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008742 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008743 p++;
8744 if (!strcmp(p, "sslv3"))
8745 v = CONF_SSLV3;
8746 else if (!strcmp(p, "tlsv10"))
8747 v = CONF_TLSV10;
8748 else if (!strcmp(p, "tlsv11"))
8749 v = CONF_TLSV11;
8750 else if (!strcmp(p, "tlsv12"))
8751 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008752 else if (!strcmp(p, "tlsv13"))
8753 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008754 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008755 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008756 if (!strncmp(arg, "no-", 3))
8757 methods->flags |= methodVersions[v].flag;
8758 else if (!strncmp(arg, "force-", 6))
8759 methods->min = methods->max = v;
8760 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008761 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008762 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008763 fail:
Tim Duesterhus93128532019-11-23 23:45:10 +01008764 memprintf(err, "'%s' : option not implemented", arg);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008765 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008766}
8767
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008768static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008769{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008770 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008771}
8772
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008773static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008774{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008775 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
8776}
8777
8778/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
8779static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
8780{
8781 uint16_t i, v = 0;
8782 char *argv = args[cur_arg + 1];
8783 if (!*argv) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008784 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008785 return ERR_ALERT | ERR_FATAL;
8786 }
8787 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
8788 if (!strcmp(argv, methodVersions[i].name))
8789 v = i;
8790 if (!v) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008791 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008792 return ERR_ALERT | ERR_FATAL;
8793 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008794 if (!strcmp("ssl-min-ver", args[cur_arg]))
8795 methods->min = v;
8796 else if (!strcmp("ssl-max-ver", args[cur_arg]))
8797 methods->max = v;
8798 else {
Tim Duesterhus93128532019-11-23 23:45:10 +01008799 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008800 return ERR_ALERT | ERR_FATAL;
8801 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008802 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008803}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008804
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008805static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8806{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008807#if (HA_OPENSSL_VERSION_NUMBER < 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01008808 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008809#endif
8810 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
8811}
8812
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008813static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8814{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008815 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008816}
8817
8818static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8819{
8820 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
8821}
8822
Emeric Brun2d0c4822012-10-02 13:45:20 +02008823/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008824static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02008825{
Emeric Brun89675492012-10-05 13:48:26 +02008826 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02008827 return 0;
8828}
Emeric Brun2d0c4822012-10-02 13:45:20 +02008829
Olivier Houchardc2aae742017-09-22 18:26:28 +02008830/* parse the "allow-0rtt" bind keyword */
8831static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8832{
8833 conf->early_data = 1;
8834 return 0;
8835}
8836
8837static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8838{
Olivier Houchard9679ac92017-10-27 14:58:08 +02008839 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02008840 return 0;
8841}
8842
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008843/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008844static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008845{
Bernard Spil13c53f82018-02-15 13:34:58 +01008846#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008847 char *p1, *p2;
8848
8849 if (!*args[cur_arg + 1]) {
8850 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
8851 return ERR_ALERT | ERR_FATAL;
8852 }
8853
8854 free(conf->npn_str);
8855
Willy Tarreau3724da12016-02-12 17:11:12 +01008856 /* the NPN string is built as a suite of (<len> <name>)*,
8857 * so we reuse each comma to store the next <len> and need
8858 * one more for the end of the string.
8859 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008860 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01008861 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008862 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
8863
8864 /* replace commas with the name length */
8865 p1 = conf->npn_str;
8866 p2 = p1 + 1;
8867 while (1) {
8868 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
8869 if (!p2)
8870 p2 = p1 + 1 + strlen(p1 + 1);
8871
8872 if (p2 - (p1 + 1) > 255) {
8873 *p2 = '\0';
8874 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8875 return ERR_ALERT | ERR_FATAL;
8876 }
8877
8878 *p1 = p2 - (p1 + 1);
8879 p1 = p2;
8880
8881 if (!*p2)
8882 break;
8883
8884 *(p2++) = '\0';
8885 }
8886 return 0;
8887#else
Tim Duesterhus93128532019-11-23 23:45:10 +01008888 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008889 return ERR_ALERT | ERR_FATAL;
8890#endif
8891}
8892
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008893static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8894{
8895 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
8896}
8897
Willy Tarreauab861d32013-04-02 02:30:41 +02008898/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008899static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02008900{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008901#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02008902 char *p1, *p2;
8903
8904 if (!*args[cur_arg + 1]) {
8905 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
8906 return ERR_ALERT | ERR_FATAL;
8907 }
8908
8909 free(conf->alpn_str);
8910
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008911 /* the ALPN string is built as a suite of (<len> <name>)*,
8912 * so we reuse each comma to store the next <len> and need
8913 * one more for the end of the string.
8914 */
Willy Tarreauab861d32013-04-02 02:30:41 +02008915 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008916 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02008917 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
8918
8919 /* replace commas with the name length */
8920 p1 = conf->alpn_str;
8921 p2 = p1 + 1;
8922 while (1) {
8923 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
8924 if (!p2)
8925 p2 = p1 + 1 + strlen(p1 + 1);
8926
8927 if (p2 - (p1 + 1) > 255) {
8928 *p2 = '\0';
8929 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8930 return ERR_ALERT | ERR_FATAL;
8931 }
8932
8933 *p1 = p2 - (p1 + 1);
8934 p1 = p2;
8935
8936 if (!*p2)
8937 break;
8938
8939 *(p2++) = '\0';
8940 }
8941 return 0;
8942#else
Tim Duesterhus93128532019-11-23 23:45:10 +01008943 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
Willy Tarreauab861d32013-04-02 02:30:41 +02008944 return ERR_ALERT | ERR_FATAL;
8945#endif
8946}
8947
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008948static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8949{
8950 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
8951}
8952
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008953/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02008954static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008955{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01008956 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02008957 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02008958
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008959 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
8960 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008961#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008962 if (global_ssl.listen_default_ciphersuites && !conf->ssl_conf.ciphersuites)
8963 conf->ssl_conf.ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
8964#endif
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008965 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008966 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
8967 if (!conf->ssl_conf.ssl_methods.min)
8968 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
8969 if (!conf->ssl_conf.ssl_methods.max)
8970 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02008971
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008972 return 0;
8973}
8974
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008975/* parse the "prefer-client-ciphers" bind keyword */
8976static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8977{
8978 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
8979 return 0;
8980}
8981
Christopher Faulet31af49d2015-06-09 17:29:50 +02008982/* parse the "generate-certificates" bind keyword */
8983static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8984{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008985#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02008986 conf->generate_certs = 1;
8987#else
8988 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
8989 err && *err ? *err : "");
8990#endif
8991 return 0;
8992}
8993
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008994/* parse the "strict-sni" bind keyword */
8995static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8996{
8997 conf->strict_sni = 1;
8998 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008999}
9000
9001/* parse the "tls-ticket-keys" bind keyword */
9002static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
9003{
9004#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Christopher Faulete566f3d2019-10-21 09:55:49 +02009005 FILE *f = NULL;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009006 int i = 0;
9007 char thisline[LINESIZE];
Christopher Faulete566f3d2019-10-21 09:55:49 +02009008 struct tls_keys_ref *keys_ref = NULL;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009009
9010 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009011 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009012 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009013 }
9014
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02009015 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02009016 if (keys_ref) {
9017 keys_ref->refcount++;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02009018 conf->keys_ref = keys_ref;
9019 return 0;
9020 }
9021
Christopher Faulete566f3d2019-10-21 09:55:49 +02009022 keys_ref = calloc(1, sizeof(*keys_ref));
Emeric Brun09852f72019-01-10 10:51:13 +01009023 if (!keys_ref) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009024 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009025 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01009026 }
9027
Emeric Brun9e754772019-01-10 17:51:55 +01009028 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(union tls_sess_key));
Emeric Brun09852f72019-01-10 10:51:13 +01009029 if (!keys_ref->tlskeys) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009030 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009031 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01009032 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009033
9034 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009035 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009036 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009037 }
9038
Nenad Merdanovic146defa2015-05-09 08:46:00 +02009039 keys_ref->filename = strdup(args[cur_arg + 1]);
Emeric Brun09852f72019-01-10 10:51:13 +01009040 if (!keys_ref->filename) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009041 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009042 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01009043 }
Nenad Merdanovic146defa2015-05-09 08:46:00 +02009044
Emeric Brun9e754772019-01-10 17:51:55 +01009045 keys_ref->key_size_bits = 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009046 while (fgets(thisline, sizeof(thisline), f) != NULL) {
9047 int len = strlen(thisline);
Emeric Brun9e754772019-01-10 17:51:55 +01009048 int dec_size;
9049
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009050 /* Strip newline characters from the end */
9051 if(thisline[len - 1] == '\n')
9052 thisline[--len] = 0;
9053
9054 if(thisline[len - 1] == '\r')
9055 thisline[--len] = 0;
9056
Emeric Brun9e754772019-01-10 17:51:55 +01009057 dec_size = base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(union tls_sess_key));
9058 if (dec_size < 0) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009059 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009060 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009061 }
Emeric Brun9e754772019-01-10 17:51:55 +01009062 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_128))) {
9063 keys_ref->key_size_bits = 128;
9064 }
9065 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_256))) {
9066 keys_ref->key_size_bits = 256;
9067 }
9068 else if (((dec_size != sizeof(struct tls_sess_key_128)) && (dec_size != sizeof(struct tls_sess_key_256)))
9069 || ((dec_size == sizeof(struct tls_sess_key_128) && (keys_ref->key_size_bits != 128)))
9070 || ((dec_size == sizeof(struct tls_sess_key_256) && (keys_ref->key_size_bits != 256)))) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009071 memprintf(err, "'%s' : wrong sized key on line %d", args[cur_arg+1], i + 1);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009072 goto fail;
Emeric Brun9e754772019-01-10 17:51:55 +01009073 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009074 i++;
9075 }
9076
9077 if (i < TLS_TICKETS_NO) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009078 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009079 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009080 }
9081
9082 fclose(f);
9083
9084 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01009085 i -= 2;
9086 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02009087 keys_ref->unique_id = -1;
Willy Tarreau17b4aa12018-07-17 10:05:32 +02009088 keys_ref->refcount = 1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01009089 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02009090 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009091
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02009092 LIST_ADD(&tlskeys_reference, &keys_ref->list);
9093
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009094 return 0;
Christopher Faulete566f3d2019-10-21 09:55:49 +02009095
9096 fail:
9097 if (f)
9098 fclose(f);
9099 if (keys_ref) {
9100 free(keys_ref->filename);
9101 free(keys_ref->tlskeys);
9102 free(keys_ref);
9103 }
9104 return ERR_ALERT | ERR_FATAL;
9105
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009106#else
Tim Duesterhus93128532019-11-23 23:45:10 +01009107 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009108 return ERR_ALERT | ERR_FATAL;
9109#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01009110}
9111
Emeric Brund94b3fe2012-09-20 18:23:56 +02009112/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009113static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02009114{
9115 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009116 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
Emeric Brund94b3fe2012-09-20 18:23:56 +02009117 return ERR_ALERT | ERR_FATAL;
9118 }
9119
9120 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009121 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02009122 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009123 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02009124 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009125 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02009126 else {
Tim Duesterhus93128532019-11-23 23:45:10 +01009127 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
9128 args[cur_arg], args[cur_arg + 1]);
Emeric Brund94b3fe2012-09-20 18:23:56 +02009129 return ERR_ALERT | ERR_FATAL;
9130 }
9131
9132 return 0;
9133}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009134static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
9135{
9136 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
9137}
Emeric Brund94b3fe2012-09-20 18:23:56 +02009138
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009139/* parse the "no-ca-names" bind keyword */
9140static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
9141{
9142 conf->no_ca_names = 1;
9143 return 0;
9144}
9145static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
9146{
9147 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
9148}
9149
Willy Tarreau92faadf2012-10-10 23:04:25 +02009150/************** "server" keywords ****************/
9151
Olivier Houchardc7566002018-11-20 23:33:50 +01009152/* parse the "npn" bind keyword */
9153static int srv_parse_npn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9154{
9155#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
9156 char *p1, *p2;
9157
9158 if (!*args[*cur_arg + 1]) {
9159 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[*cur_arg]);
9160 return ERR_ALERT | ERR_FATAL;
9161 }
9162
9163 free(newsrv->ssl_ctx.npn_str);
9164
9165 /* the NPN string is built as a suite of (<len> <name>)*,
9166 * so we reuse each comma to store the next <len> and need
9167 * one more for the end of the string.
9168 */
9169 newsrv->ssl_ctx.npn_len = strlen(args[*cur_arg + 1]) + 1;
9170 newsrv->ssl_ctx.npn_str = calloc(1, newsrv->ssl_ctx.npn_len + 1);
9171 memcpy(newsrv->ssl_ctx.npn_str + 1, args[*cur_arg + 1],
9172 newsrv->ssl_ctx.npn_len);
9173
9174 /* replace commas with the name length */
9175 p1 = newsrv->ssl_ctx.npn_str;
9176 p2 = p1 + 1;
9177 while (1) {
9178 p2 = memchr(p1 + 1, ',', newsrv->ssl_ctx.npn_str +
9179 newsrv->ssl_ctx.npn_len - (p1 + 1));
9180 if (!p2)
9181 p2 = p1 + 1 + strlen(p1 + 1);
9182
9183 if (p2 - (p1 + 1) > 255) {
9184 *p2 = '\0';
9185 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
9186 return ERR_ALERT | ERR_FATAL;
9187 }
9188
9189 *p1 = p2 - (p1 + 1);
9190 p1 = p2;
9191
9192 if (!*p2)
9193 break;
9194
9195 *(p2++) = '\0';
9196 }
9197 return 0;
9198#else
Tim Duesterhus93128532019-11-23 23:45:10 +01009199 memprintf(err, "'%s' : library does not support TLS NPN extension", args[*cur_arg]);
Olivier Houchardc7566002018-11-20 23:33:50 +01009200 return ERR_ALERT | ERR_FATAL;
9201#endif
9202}
9203
Olivier Houchard92150142018-12-21 19:47:01 +01009204/* parse the "alpn" or the "check-alpn" server keyword */
Olivier Houchardc7566002018-11-20 23:33:50 +01009205static int srv_parse_alpn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9206{
9207#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
9208 char *p1, *p2;
Olivier Houchard92150142018-12-21 19:47:01 +01009209 char **alpn_str;
9210 int *alpn_len;
Olivier Houchardc7566002018-11-20 23:33:50 +01009211
Olivier Houchard92150142018-12-21 19:47:01 +01009212 if (*args[*cur_arg] == 'c') {
9213 alpn_str = &newsrv->check.alpn_str;
9214 alpn_len = &newsrv->check.alpn_len;
9215 } else {
9216 alpn_str = &newsrv->ssl_ctx.alpn_str;
9217 alpn_len = &newsrv->ssl_ctx.alpn_len;
9218
9219 }
Olivier Houchardc7566002018-11-20 23:33:50 +01009220 if (!*args[*cur_arg + 1]) {
9221 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[*cur_arg]);
9222 return ERR_ALERT | ERR_FATAL;
9223 }
9224
Olivier Houchard92150142018-12-21 19:47:01 +01009225 free(*alpn_str);
Olivier Houchardc7566002018-11-20 23:33:50 +01009226
9227 /* the ALPN string is built as a suite of (<len> <name>)*,
9228 * so we reuse each comma to store the next <len> and need
9229 * one more for the end of the string.
9230 */
Olivier Houchard92150142018-12-21 19:47:01 +01009231 *alpn_len = strlen(args[*cur_arg + 1]) + 1;
9232 *alpn_str = calloc(1, *alpn_len + 1);
9233 memcpy(*alpn_str + 1, args[*cur_arg + 1], *alpn_len);
Olivier Houchardc7566002018-11-20 23:33:50 +01009234
9235 /* replace commas with the name length */
Olivier Houchard92150142018-12-21 19:47:01 +01009236 p1 = *alpn_str;
Olivier Houchardc7566002018-11-20 23:33:50 +01009237 p2 = p1 + 1;
9238 while (1) {
Olivier Houchard92150142018-12-21 19:47:01 +01009239 p2 = memchr(p1 + 1, ',', *alpn_str + *alpn_len - (p1 + 1));
Olivier Houchardc7566002018-11-20 23:33:50 +01009240 if (!p2)
9241 p2 = p1 + 1 + strlen(p1 + 1);
9242
9243 if (p2 - (p1 + 1) > 255) {
9244 *p2 = '\0';
9245 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
9246 return ERR_ALERT | ERR_FATAL;
9247 }
9248
9249 *p1 = p2 - (p1 + 1);
9250 p1 = p2;
9251
9252 if (!*p2)
9253 break;
9254
9255 *(p2++) = '\0';
9256 }
9257 return 0;
9258#else
Tim Duesterhus93128532019-11-23 23:45:10 +01009259 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[*cur_arg]);
Olivier Houchardc7566002018-11-20 23:33:50 +01009260 return ERR_ALERT | ERR_FATAL;
9261#endif
9262}
9263
Emeric Brunef42d922012-10-11 16:11:36 +02009264/* parse the "ca-file" server keyword */
9265static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9266{
9267 if (!*args[*cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009268 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
Emeric Brunef42d922012-10-11 16:11:36 +02009269 return ERR_ALERT | ERR_FATAL;
9270 }
9271
Willy Tarreauef934602016-12-22 23:12:01 +01009272 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
9273 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02009274 else
9275 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
9276
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +02009277 if (!ssl_store_load_locations_file(newsrv->ssl_ctx.ca_file)) {
9278 memprintf(err, "'%s' : unable to load %s", args[*cur_arg], newsrv->ssl_ctx.ca_file);
9279 return ERR_ALERT | ERR_FATAL;
9280 }
Emeric Brunef42d922012-10-11 16:11:36 +02009281 return 0;
9282}
9283
Olivier Houchard9130a962017-10-17 17:33:43 +02009284/* parse the "check-sni" server keyword */
9285static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9286{
9287 if (!*args[*cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009288 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
Olivier Houchard9130a962017-10-17 17:33:43 +02009289 return ERR_ALERT | ERR_FATAL;
9290 }
9291
9292 newsrv->check.sni = strdup(args[*cur_arg + 1]);
9293 if (!newsrv->check.sni) {
9294 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
9295 return ERR_ALERT | ERR_FATAL;
9296 }
9297 return 0;
9298
9299}
9300
Willy Tarreau92faadf2012-10-10 23:04:25 +02009301/* parse the "check-ssl" server keyword */
9302static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9303{
9304 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01009305 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
9306 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009307#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009308 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
9309 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
9310#endif
Willy Tarreauef934602016-12-22 23:12:01 +01009311 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009312 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
9313 if (!newsrv->ssl_ctx.methods.min)
9314 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
9315 if (!newsrv->ssl_ctx.methods.max)
9316 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
9317
Willy Tarreau92faadf2012-10-10 23:04:25 +02009318 return 0;
9319}
9320
9321/* parse the "ciphers" server keyword */
9322static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9323{
9324 if (!*args[*cur_arg + 1]) {
9325 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
9326 return ERR_ALERT | ERR_FATAL;
9327 }
9328
9329 free(newsrv->ssl_ctx.ciphers);
9330 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
9331 return 0;
9332}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009333
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009334#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009335/* parse the "ciphersuites" server keyword */
9336static int srv_parse_ciphersuites(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9337{
9338 if (!*args[*cur_arg + 1]) {
9339 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
9340 return ERR_ALERT | ERR_FATAL;
9341 }
9342
9343 free(newsrv->ssl_ctx.ciphersuites);
9344 newsrv->ssl_ctx.ciphersuites = strdup(args[*cur_arg + 1]);
9345 return 0;
9346}
9347#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02009348
Emeric Brunef42d922012-10-11 16:11:36 +02009349/* parse the "crl-file" server keyword */
9350static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9351{
9352#ifndef X509_V_FLAG_CRL_CHECK
Tim Duesterhus93128532019-11-23 23:45:10 +01009353 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
Emeric Brunef42d922012-10-11 16:11:36 +02009354 return ERR_ALERT | ERR_FATAL;
9355#else
9356 if (!*args[*cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009357 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
Emeric Brunef42d922012-10-11 16:11:36 +02009358 return ERR_ALERT | ERR_FATAL;
9359 }
9360
Willy Tarreauef934602016-12-22 23:12:01 +01009361 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
9362 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02009363 else
9364 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
9365
Emmanuel Hocdetb270e812019-11-21 19:09:31 +01009366 if (!ssl_store_load_locations_file(newsrv->ssl_ctx.crl_file)) {
9367 memprintf(err, "'%s' : unable to load %s", args[*cur_arg], newsrv->ssl_ctx.crl_file);
9368 return ERR_ALERT | ERR_FATAL;
9369 }
Emeric Brunef42d922012-10-11 16:11:36 +02009370 return 0;
9371#endif
9372}
9373
Emeric Bruna7aa3092012-10-26 12:58:00 +02009374/* parse the "crt" server keyword */
9375static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9376{
9377 if (!*args[*cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009378 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02009379 return ERR_ALERT | ERR_FATAL;
9380 }
9381
Willy Tarreauef934602016-12-22 23:12:01 +01009382 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01009383 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02009384 else
9385 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
9386
9387 return 0;
9388}
Emeric Brunef42d922012-10-11 16:11:36 +02009389
Frédéric Lécaille340ae602017-03-13 10:38:04 +01009390/* parse the "no-check-ssl" server keyword */
9391static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9392{
9393 newsrv->check.use_ssl = 0;
9394 free(newsrv->ssl_ctx.ciphers);
9395 newsrv->ssl_ctx.ciphers = NULL;
9396 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
9397 return 0;
9398}
9399
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01009400/* parse the "no-send-proxy-v2-ssl" server keyword */
9401static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9402{
9403 newsrv->pp_opts &= ~SRV_PP_V2;
9404 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
9405 return 0;
9406}
9407
9408/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
9409static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9410{
9411 newsrv->pp_opts &= ~SRV_PP_V2;
9412 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
9413 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
9414 return 0;
9415}
9416
Frédéric Lécaillee381d762017-03-13 11:54:17 +01009417/* parse the "no-ssl" server keyword */
9418static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9419{
9420 newsrv->use_ssl = 0;
9421 free(newsrv->ssl_ctx.ciphers);
9422 newsrv->ssl_ctx.ciphers = NULL;
9423 return 0;
9424}
9425
Olivier Houchard522eea72017-11-03 16:27:47 +01009426/* parse the "allow-0rtt" server keyword */
9427static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9428{
9429 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
9430 return 0;
9431}
9432
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01009433/* parse the "no-ssl-reuse" server keyword */
9434static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9435{
9436 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
9437 return 0;
9438}
9439
Emeric Brunf9c5c472012-10-11 15:28:34 +02009440/* parse the "no-tls-tickets" server keyword */
9441static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9442{
9443 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
9444 return 0;
9445}
David Safb76832014-05-08 23:42:08 -04009446/* parse the "send-proxy-v2-ssl" server keyword */
9447static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9448{
9449 newsrv->pp_opts |= SRV_PP_V2;
9450 newsrv->pp_opts |= SRV_PP_V2_SSL;
9451 return 0;
9452}
9453
9454/* parse the "send-proxy-v2-ssl-cn" server keyword */
9455static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9456{
9457 newsrv->pp_opts |= SRV_PP_V2;
9458 newsrv->pp_opts |= SRV_PP_V2_SSL;
9459 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
9460 return 0;
9461}
Emeric Brunf9c5c472012-10-11 15:28:34 +02009462
Willy Tarreau732eac42015-07-09 11:40:25 +02009463/* parse the "sni" server keyword */
9464static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9465{
9466#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
9467 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
9468 return ERR_ALERT | ERR_FATAL;
9469#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01009470 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02009471
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01009472 arg = args[*cur_arg + 1];
9473 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02009474 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
9475 return ERR_ALERT | ERR_FATAL;
9476 }
9477
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01009478 free(newsrv->sni_expr);
9479 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02009480
Willy Tarreau732eac42015-07-09 11:40:25 +02009481 return 0;
9482#endif
9483}
9484
Willy Tarreau92faadf2012-10-10 23:04:25 +02009485/* parse the "ssl" server keyword */
9486static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9487{
9488 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01009489 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
9490 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009491#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009492 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
9493 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
9494#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02009495 return 0;
9496}
9497
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01009498/* parse the "ssl-reuse" server keyword */
9499static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9500{
9501 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
9502 return 0;
9503}
9504
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01009505/* parse the "tls-tickets" server keyword */
9506static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9507{
9508 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
9509 return 0;
9510}
9511
Emeric Brunef42d922012-10-11 16:11:36 +02009512/* parse the "verify" server keyword */
9513static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9514{
9515 if (!*args[*cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009516 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
Emeric Brunef42d922012-10-11 16:11:36 +02009517 return ERR_ALERT | ERR_FATAL;
9518 }
9519
9520 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009521 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02009522 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009523 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02009524 else {
Tim Duesterhus93128532019-11-23 23:45:10 +01009525 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
9526 args[*cur_arg], args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02009527 return ERR_ALERT | ERR_FATAL;
9528 }
9529
Evan Broderbe554312013-06-27 00:05:25 -07009530 return 0;
9531}
9532
9533/* parse the "verifyhost" server keyword */
9534static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9535{
9536 if (!*args[*cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009537 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
Evan Broderbe554312013-06-27 00:05:25 -07009538 return ERR_ALERT | ERR_FATAL;
9539 }
9540
Frédéric Lécaille273f3212017-03-13 15:52:01 +01009541 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07009542 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
9543
Emeric Brunef42d922012-10-11 16:11:36 +02009544 return 0;
9545}
9546
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009547/* parse the "ssl-default-bind-options" keyword in global section */
9548static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
9549 struct proxy *defpx, const char *file, int line,
9550 char **err) {
9551 int i = 1;
9552
9553 if (*(args[i]) == 0) {
9554 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
9555 return -1;
9556 }
9557 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009558 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01009559 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00009560 else if (!strcmp(args[i], "prefer-client-ciphers"))
9561 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009562 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
9563 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
9564 i++;
9565 else {
9566 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
9567 return -1;
9568 }
9569 }
9570 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009571 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
9572 return -1;
9573 }
9574 i++;
9575 }
9576 return 0;
9577}
9578
9579/* parse the "ssl-default-server-options" keyword in global section */
9580static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
9581 struct proxy *defpx, const char *file, int line,
9582 char **err) {
9583 int i = 1;
9584
9585 if (*(args[i]) == 0) {
9586 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
9587 return -1;
9588 }
9589 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009590 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01009591 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009592 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
9593 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
9594 i++;
9595 else {
9596 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
9597 return -1;
9598 }
9599 }
9600 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009601 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
9602 return -1;
9603 }
9604 i++;
9605 }
9606 return 0;
9607}
9608
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009609/* parse the "ca-base" / "crt-base" keywords in global section.
9610 * Returns <0 on alert, >0 on warning, 0 on success.
9611 */
9612static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
9613 struct proxy *defpx, const char *file, int line,
9614 char **err)
9615{
9616 char **target;
9617
Willy Tarreauef934602016-12-22 23:12:01 +01009618 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009619
9620 if (too_many_args(1, args, err, NULL))
9621 return -1;
9622
9623 if (*target) {
9624 memprintf(err, "'%s' already specified.", args[0]);
9625 return -1;
9626 }
9627
9628 if (*(args[1]) == 0) {
9629 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
9630 return -1;
9631 }
9632 *target = strdup(args[1]);
9633 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009634}
9635
9636/* parse the "ssl-mode-async" keyword in global section.
9637 * Returns <0 on alert, >0 on warning, 0 on success.
9638 */
9639static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
9640 struct proxy *defpx, const char *file, int line,
9641 char **err)
9642{
Willy Tarreau5db847a2019-05-09 14:13:35 +02009643#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009644 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01009645 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009646 return 0;
9647#else
9648 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
9649 return -1;
9650#endif
9651}
9652
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009653#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009654static int ssl_check_async_engine_count(void) {
9655 int err_code = 0;
9656
Emeric Brun3854e012017-05-17 20:42:48 +02009657 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01009658 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009659 err_code = ERR_ABORT;
9660 }
9661 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009662}
9663
Grant Zhang872f9c22017-01-21 01:10:18 +00009664/* parse the "ssl-engine" keyword in global section.
9665 * Returns <0 on alert, >0 on warning, 0 on success.
9666 */
9667static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
9668 struct proxy *defpx, const char *file, int line,
9669 char **err)
9670{
9671 char *algo;
9672 int ret = -1;
9673
9674 if (*(args[1]) == 0) {
9675 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
9676 return ret;
9677 }
9678
9679 if (*(args[2]) == 0) {
9680 /* if no list of algorithms is given, it defaults to ALL */
9681 algo = strdup("ALL");
9682 goto add_engine;
9683 }
9684
9685 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
9686 if (strcmp(args[2], "algo") != 0) {
9687 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
9688 return ret;
9689 }
9690
9691 if (*(args[3]) == 0) {
9692 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
9693 return ret;
9694 }
9695 algo = strdup(args[3]);
9696
9697add_engine:
9698 if (ssl_init_single_engine(args[1], algo)==0) {
9699 openssl_engines_initialized++;
9700 ret = 0;
9701 }
9702 free(algo);
9703 return ret;
9704}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009705#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00009706
Willy Tarreauf22e9682016-12-21 23:23:19 +01009707/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
9708 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
9709 */
9710static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
9711 struct proxy *defpx, const char *file, int line,
9712 char **err)
9713{
9714 char **target;
9715
Willy Tarreauef934602016-12-22 23:12:01 +01009716 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01009717
9718 if (too_many_args(1, args, err, NULL))
9719 return -1;
9720
9721 if (*(args[1]) == 0) {
9722 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
9723 return -1;
9724 }
9725
9726 free(*target);
9727 *target = strdup(args[1]);
9728 return 0;
9729}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009730
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009731#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009732/* parse the "ssl-default-bind-ciphersuites" / "ssl-default-server-ciphersuites" keywords
9733 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
9734 */
9735static int ssl_parse_global_ciphersuites(char **args, int section_type, struct proxy *curpx,
9736 struct proxy *defpx, const char *file, int line,
9737 char **err)
9738{
9739 char **target;
9740
9741 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphersuites : &global_ssl.connect_default_ciphersuites;
9742
9743 if (too_many_args(1, args, err, NULL))
9744 return -1;
9745
9746 if (*(args[1]) == 0) {
9747 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
9748 return -1;
9749 }
9750
9751 free(*target);
9752 *target = strdup(args[1]);
9753 return 0;
9754}
9755#endif
Willy Tarreauf22e9682016-12-21 23:23:19 +01009756
Willy Tarreau9ceda382016-12-21 23:13:03 +01009757/* parse various global tune.ssl settings consisting in positive integers.
9758 * Returns <0 on alert, >0 on warning, 0 on success.
9759 */
9760static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
9761 struct proxy *defpx, const char *file, int line,
9762 char **err)
9763{
9764 int *target;
9765
9766 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
9767 target = &global.tune.sslcachesize;
9768 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009769 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009770 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009771 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009772 else if (strcmp(args[0], "maxsslconn") == 0)
9773 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009774 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
9775 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009776 else {
9777 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
9778 return -1;
9779 }
9780
9781 if (too_many_args(1, args, err, NULL))
9782 return -1;
9783
9784 if (*(args[1]) == 0) {
9785 memprintf(err, "'%s' expects an integer argument.", args[0]);
9786 return -1;
9787 }
9788
9789 *target = atoi(args[1]);
9790 if (*target < 0) {
9791 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
9792 return -1;
9793 }
9794 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009795}
9796
9797static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
9798 struct proxy *defpx, const char *file, int line,
9799 char **err)
9800{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009801 int ret;
9802
9803 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
9804 if (ret != 0)
9805 return ret;
9806
Willy Tarreaubafbe012017-11-24 17:34:44 +01009807 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009808 memprintf(err, "'%s' is already configured.", args[0]);
9809 return -1;
9810 }
9811
Willy Tarreaubafbe012017-11-24 17:34:44 +01009812 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
9813 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009814 memprintf(err, "Out of memory error.");
9815 return -1;
9816 }
9817 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009818}
9819
9820/* parse "ssl.force-private-cache".
9821 * Returns <0 on alert, >0 on warning, 0 on success.
9822 */
9823static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
9824 struct proxy *defpx, const char *file, int line,
9825 char **err)
9826{
9827 if (too_many_args(0, args, err, NULL))
9828 return -1;
9829
Willy Tarreauef934602016-12-22 23:12:01 +01009830 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009831 return 0;
9832}
9833
9834/* parse "ssl.lifetime".
9835 * Returns <0 on alert, >0 on warning, 0 on success.
9836 */
9837static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
9838 struct proxy *defpx, const char *file, int line,
9839 char **err)
9840{
9841 const char *res;
9842
9843 if (too_many_args(1, args, err, NULL))
9844 return -1;
9845
9846 if (*(args[1]) == 0) {
9847 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
9848 return -1;
9849 }
9850
Willy Tarreauef934602016-12-22 23:12:01 +01009851 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9faebe32019-06-07 19:00:37 +02009852 if (res == PARSE_TIME_OVER) {
9853 memprintf(err, "timer overflow in argument '%s' to <%s> (maximum value is 2147483647 s or ~68 years).",
9854 args[1], args[0]);
9855 return -1;
9856 }
9857 else if (res == PARSE_TIME_UNDER) {
9858 memprintf(err, "timer underflow in argument '%s' to <%s> (minimum non-null value is 1 s).",
9859 args[1], args[0]);
9860 return -1;
9861 }
9862 else if (res) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009863 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
9864 return -1;
9865 }
9866 return 0;
9867}
9868
9869#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01009870/* parse "ssl-dh-param-file".
9871 * Returns <0 on alert, >0 on warning, 0 on success.
9872 */
9873static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
9874 struct proxy *defpx, const char *file, int line,
9875 char **err)
9876{
9877 if (too_many_args(1, args, err, NULL))
9878 return -1;
9879
9880 if (*(args[1]) == 0) {
9881 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
9882 return -1;
9883 }
9884
9885 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
9886 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
9887 return -1;
9888 }
9889 return 0;
9890}
9891
Willy Tarreau9ceda382016-12-21 23:13:03 +01009892/* parse "ssl.default-dh-param".
9893 * Returns <0 on alert, >0 on warning, 0 on success.
9894 */
9895static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
9896 struct proxy *defpx, const char *file, int line,
9897 char **err)
9898{
9899 if (too_many_args(1, args, err, NULL))
9900 return -1;
9901
9902 if (*(args[1]) == 0) {
9903 memprintf(err, "'%s' expects an integer argument.", args[0]);
9904 return -1;
9905 }
9906
Willy Tarreauef934602016-12-22 23:12:01 +01009907 global_ssl.default_dh_param = atoi(args[1]);
9908 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009909 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
9910 return -1;
9911 }
9912 return 0;
9913}
9914#endif
9915
9916
William Lallemand32af2032016-10-29 18:09:35 +02009917/* This function is used with TLS ticket keys management. It permits to browse
9918 * each reference. The variable <getnext> must contain the current node,
9919 * <end> point to the root node.
9920 */
9921#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9922static inline
9923struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
9924{
9925 struct tls_keys_ref *ref = getnext;
9926
9927 while (1) {
9928
9929 /* Get next list entry. */
9930 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
9931
9932 /* If the entry is the last of the list, return NULL. */
9933 if (&ref->list == end)
9934 return NULL;
9935
9936 return ref;
9937 }
9938}
9939
9940static inline
9941struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
9942{
9943 int id;
9944 char *error;
9945
9946 /* If the reference starts by a '#', this is numeric id. */
9947 if (reference[0] == '#') {
9948 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
9949 id = strtol(reference + 1, &error, 10);
9950 if (*error != '\0')
9951 return NULL;
9952
9953 /* Perform the unique id lookup. */
9954 return tlskeys_ref_lookupid(id);
9955 }
9956
9957 /* Perform the string lookup. */
9958 return tlskeys_ref_lookup(reference);
9959}
9960#endif
9961
9962
9963#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9964
9965static int cli_io_handler_tlskeys_files(struct appctx *appctx);
9966
9967static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
9968 return cli_io_handler_tlskeys_files(appctx);
9969}
9970
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009971/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
9972 * (next index to be dumped), and cli.p0 (next key reference).
9973 */
William Lallemand32af2032016-10-29 18:09:35 +02009974static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
9975
9976 struct stream_interface *si = appctx->owner;
9977
9978 switch (appctx->st2) {
9979 case STAT_ST_INIT:
9980 /* Display the column headers. If the message cannot be sent,
Joseph Herlant017b3da2018-11-15 09:07:59 -08009981 * quit the function with returning 0. The function is called
William Lallemand32af2032016-10-29 18:09:35 +02009982 * later and restart at the state "STAT_ST_INIT".
9983 */
9984 chunk_reset(&trash);
9985
9986 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
9987 chunk_appendf(&trash, "# id secret\n");
9988 else
9989 chunk_appendf(&trash, "# id (file)\n");
9990
Willy Tarreau06d80a92017-10-19 14:32:15 +02009991 if (ci_putchk(si_ic(si), &trash) == -1) {
Willy Tarreaudb398432018-11-15 11:08:52 +01009992 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009993 return 0;
9994 }
9995
William Lallemand32af2032016-10-29 18:09:35 +02009996 /* Now, we start the browsing of the references lists.
9997 * Note that the following call to LIST_ELEM return bad pointer. The only
9998 * available field of this pointer is <list>. It is used with the function
9999 * tlskeys_list_get_next() for retruning the first available entry
10000 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010001 if (appctx->ctx.cli.p0 == NULL) {
10002 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
10003 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +020010004 }
10005
10006 appctx->st2 = STAT_ST_LIST;
10007 /* fall through */
10008
10009 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010010 while (appctx->ctx.cli.p0) {
10011 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +020010012
10013 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010014 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +020010015 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010016
10017 if (appctx->ctx.cli.i1 == 0)
10018 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
10019
William Lallemand32af2032016-10-29 18:09:35 +020010020 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +010010021 int head;
10022
10023 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
10024 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010025 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
Willy Tarreau83061a82018-07-13 11:56:34 +020010026 struct buffer *t2 = get_trash_chunk();
William Lallemand32af2032016-10-29 18:09:35 +020010027
10028 chunk_reset(t2);
10029 /* should never fail here because we dump only a key in the t2 buffer */
Emeric Brun9e754772019-01-10 17:51:55 +010010030 if (ref->key_size_bits == 128) {
10031 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
10032 sizeof(struct tls_sess_key_128),
10033 t2->area, t2->size);
10034 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
10035 t2->area);
10036 }
10037 else if (ref->key_size_bits == 256) {
10038 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
10039 sizeof(struct tls_sess_key_256),
10040 t2->area, t2->size);
10041 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
10042 t2->area);
10043 }
10044 else {
10045 /* This case should never happen */
10046 chunk_appendf(&trash, "%d.%d <unknown>\n", ref->unique_id, appctx->ctx.cli.i1);
10047 }
William Lallemand32af2032016-10-29 18:09:35 +020010048
Willy Tarreau06d80a92017-10-19 14:32:15 +020010049 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +020010050 /* let's try again later from this stream. We add ourselves into
10051 * this stream's users so that it can remove us upon termination.
10052 */
Christopher Faulet16f45c82018-02-16 11:23:49 +010010053 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreaudb398432018-11-15 11:08:52 +010010054 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +020010055 return 0;
10056 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010057 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +020010058 }
Christopher Faulet16f45c82018-02-16 11:23:49 +010010059 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010060 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +020010061 }
Willy Tarreau06d80a92017-10-19 14:32:15 +020010062 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +020010063 /* let's try again later from this stream. We add ourselves into
10064 * this stream's users so that it can remove us upon termination.
10065 */
Willy Tarreaudb398432018-11-15 11:08:52 +010010066 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +020010067 return 0;
10068 }
10069
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010070 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +020010071 break;
10072
10073 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010074 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +020010075 }
10076
10077 appctx->st2 = STAT_ST_FIN;
10078 /* fall through */
10079
10080 default:
10081 appctx->st2 = STAT_ST_FIN;
10082 return 1;
10083 }
10084 return 0;
10085}
10086
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010087/* sets cli.i0 to non-zero if only file lists should be dumped */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +020010088static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +020010089{
William Lallemand32af2032016-10-29 18:09:35 +020010090 /* no parameter, shows only file list */
10091 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010092 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +020010093 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +010010094 return 0;
William Lallemand32af2032016-10-29 18:09:35 +020010095 }
10096
10097 if (args[2][0] == '*') {
10098 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010099 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +020010100 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010101 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
Willy Tarreau9d008692019-08-09 11:21:01 +020010102 if (!appctx->ctx.cli.p0)
10103 return cli_err(appctx, "'show tls-keys' unable to locate referenced filename\n");
William Lallemand32af2032016-10-29 18:09:35 +020010104 }
William Lallemand32af2032016-10-29 18:09:35 +020010105 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +010010106 return 0;
William Lallemand32af2032016-10-29 18:09:35 +020010107}
10108
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +020010109static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +020010110{
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010111 struct tls_keys_ref *ref;
Willy Tarreau1c913e42018-08-22 05:26:57 +020010112 int ret;
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010113
William Lallemand32af2032016-10-29 18:09:35 +020010114 /* Expect two parameters: the filename and the new new TLS key in encoding */
Willy Tarreau9d008692019-08-09 11:21:01 +020010115 if (!*args[3] || !*args[4])
10116 return cli_err(appctx, "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010117
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010118 ref = tlskeys_ref_lookup_ref(args[3]);
Willy Tarreau9d008692019-08-09 11:21:01 +020010119 if (!ref)
10120 return cli_err(appctx, "'set ssl tls-key' unable to locate referenced filename\n");
William Lallemand32af2032016-10-29 18:09:35 +020010121
Willy Tarreau1c913e42018-08-22 05:26:57 +020010122 ret = base64dec(args[4], strlen(args[4]), trash.area, trash.size);
Willy Tarreau9d008692019-08-09 11:21:01 +020010123 if (ret < 0)
10124 return cli_err(appctx, "'set ssl tls-key' received invalid base64 encoded TLS key.\n");
Emeric Brun9e754772019-01-10 17:51:55 +010010125
Willy Tarreau1c913e42018-08-22 05:26:57 +020010126 trash.data = ret;
Willy Tarreau9d008692019-08-09 11:21:01 +020010127 if (ssl_sock_update_tlskey_ref(ref, &trash) < 0)
10128 return cli_err(appctx, "'set ssl tls-key' received a key of wrong size.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010129
Willy Tarreau9d008692019-08-09 11:21:01 +020010130 return cli_msg(appctx, LOG_INFO, "TLS ticket key updated!\n");
William Lallemand32af2032016-10-29 18:09:35 +020010131}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +010010132#endif
William Lallemand32af2032016-10-29 18:09:35 +020010133
William Lallemand44b35322019-10-17 16:28:40 +020010134
10135/* Type of SSL payloads that can be updated over the CLI */
10136
10137enum {
10138 CERT_TYPE_PEM = 0,
Emmanuel Hocdetf6ac4fa2019-10-30 17:41:27 +010010139#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
William Lallemand44b35322019-10-17 16:28:40 +020010140 CERT_TYPE_OCSP,
Emmanuel Hocdetf6ac4fa2019-10-30 17:41:27 +010010141#endif
William Lallemand44b35322019-10-17 16:28:40 +020010142 CERT_TYPE_ISSUER,
Emmanuel Hocdetf6ac4fa2019-10-30 17:41:27 +010010143#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
William Lallemand44b35322019-10-17 16:28:40 +020010144 CERT_TYPE_SCTL,
Emmanuel Hocdetf6ac4fa2019-10-30 17:41:27 +010010145#endif
William Lallemand44b35322019-10-17 16:28:40 +020010146 CERT_TYPE_MAX,
10147};
10148
10149struct {
10150 const char *ext;
10151 int type;
10152 int (*load)(const char *path, char *payload, struct cert_key_and_chain *ckch, char **err);
10153 /* add a parsing callback */
William Lallemandf29cdef2019-10-23 15:00:52 +020010154} cert_exts[CERT_TYPE_MAX+1] = {
William Lallemand44b35322019-10-17 16:28:40 +020010155 [CERT_TYPE_PEM] = { "", CERT_TYPE_PEM, &ssl_sock_load_pem_into_ckch }, /* default mode, no extensions */
William Lallemand541a5342019-10-23 14:11:54 +020010156#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
William Lallemand44b35322019-10-17 16:28:40 +020010157 [CERT_TYPE_OCSP] = { "ocsp", CERT_TYPE_OCSP, &ssl_sock_load_ocsp_response_from_file },
William Lallemand541a5342019-10-23 14:11:54 +020010158#endif
10159#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
William Lallemand44b35322019-10-17 16:28:40 +020010160 [CERT_TYPE_SCTL] = { "sctl", CERT_TYPE_SCTL, &ssl_sock_load_sctl_from_file },
William Lallemand541a5342019-10-23 14:11:54 +020010161#endif
William Lallemand44b35322019-10-17 16:28:40 +020010162 [CERT_TYPE_ISSUER] = { "issuer", CERT_TYPE_ISSUER, &ssl_sock_load_issuer_file_into_ckch },
William Lallemandf29cdef2019-10-23 15:00:52 +020010163 [CERT_TYPE_MAX] = { NULL, CERT_TYPE_MAX, NULL },
William Lallemand44b35322019-10-17 16:28:40 +020010164};
10165
William Lallemand430413e2019-10-28 14:30:47 +010010166/* states of the CLI IO handler for 'set ssl cert' */
10167enum {
10168 SETCERT_ST_INIT = 0,
10169 SETCERT_ST_GEN,
10170 SETCERT_ST_INSERT,
10171 SETCERT_ST_FIN,
10172};
William Lallemand8f840d72019-10-23 10:53:05 +020010173
William Lallemandd4f946c2019-12-05 10:26:40 +010010174/* release function of the `show ssl cert' command */
10175static void cli_release_show_cert(struct appctx *appctx)
10176{
10177 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10178}
10179
10180/* IO handler of "show ssl cert <filename>" */
10181static int cli_io_handler_show_cert(struct appctx *appctx)
10182{
10183 struct buffer *trash = alloc_trash_chunk();
10184 struct ebmb_node *node;
10185 struct stream_interface *si = appctx->owner;
10186 struct ckch_store *ckchs;
10187 int n;
10188
10189 if (trash == NULL)
10190 return 1;
10191
10192 if (!appctx->ctx.ssl.old_ckchs) {
10193 if (ckchs_transaction.old_ckchs) {
10194 ckchs = ckchs_transaction.old_ckchs;
10195 chunk_appendf(trash, "# transaction\n");
10196 if (!ckchs->multi) {
10197 chunk_appendf(trash, "*%s\n", ckchs->path);
William Lallemandba22e902019-12-18 20:36:01 +010010198#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
William Lallemandd4f946c2019-12-05 10:26:40 +010010199 } else {
10200 chunk_appendf(trash, "*%s:", ckchs->path);
10201 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
10202 if (ckchs->ckch[n].cert)
10203 chunk_appendf(trash, " %s.%s\n", ckchs->path, SSL_SOCK_KEYTYPE_NAMES[n]);
10204 }
10205 chunk_appendf(trash, "\n");
William Lallemandba22e902019-12-18 20:36:01 +010010206#endif
William Lallemandd4f946c2019-12-05 10:26:40 +010010207 }
10208 }
10209 }
10210
10211 if (!appctx->ctx.cli.p0) {
10212 chunk_appendf(trash, "# filename\n");
10213 node = ebmb_first(&ckchs_tree);
10214 } else {
10215 node = &((struct ckch_store *)appctx->ctx.cli.p0)->node;
10216 }
10217 while (node) {
10218 ckchs = ebmb_entry(node, struct ckch_store, node);
10219 if (!ckchs->multi) {
10220 chunk_appendf(trash, "%s\n", ckchs->path);
William Lallemandba22e902019-12-18 20:36:01 +010010221#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
William Lallemandd4f946c2019-12-05 10:26:40 +010010222 } else {
10223 chunk_appendf(trash, "%s:", ckchs->path);
10224 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
10225 if (ckchs->ckch[n].cert)
10226 chunk_appendf(trash, " %s.%s", ckchs->path, SSL_SOCK_KEYTYPE_NAMES[n]);
10227 }
10228 chunk_appendf(trash, "\n");
William Lallemandba22e902019-12-18 20:36:01 +010010229#endif
William Lallemandd4f946c2019-12-05 10:26:40 +010010230 }
10231
10232 node = ebmb_next(node);
10233 if (ci_putchk(si_ic(si), trash) == -1) {
10234 si_rx_room_blk(si);
10235 goto yield;
10236 }
10237 }
10238
10239 appctx->ctx.cli.p0 = NULL;
10240 free_trash_chunk(trash);
10241 return 1;
10242yield:
10243
10244 free_trash_chunk(trash);
10245 appctx->ctx.cli.p0 = ckchs;
10246 return 0; /* should come back */
10247}
10248
10249/* IO handler of the details "show ssl cert <filename>" */
10250static int cli_io_handler_show_cert_detail(struct appctx *appctx)
10251{
10252 struct stream_interface *si = appctx->owner;
10253 struct ckch_store *ckchs = appctx->ctx.cli.p0;
10254 struct buffer *out = alloc_trash_chunk();
10255 struct buffer *tmp = alloc_trash_chunk();
10256 X509_NAME *name = NULL;
10257 int write = -1;
10258 BIO *bio = NULL;
10259
10260 if (!tmp || !out)
10261 goto end;
10262
10263 if (!ckchs->multi) {
10264 chunk_appendf(out, "Filename: ");
10265 if (ckchs == ckchs_transaction.new_ckchs)
10266 chunk_appendf(out, "*");
10267 chunk_appendf(out, "%s\n", ckchs->path);
10268 chunk_appendf(out, "Serial: ");
10269 if (ssl_sock_get_serial(ckchs->ckch->cert, tmp) == -1)
10270 goto end;
10271 dump_binary(out, tmp->area, tmp->data);
10272 chunk_appendf(out, "\n");
10273
10274 chunk_appendf(out, "notBefore: ");
10275 chunk_reset(tmp);
10276 if ((bio = BIO_new(BIO_s_mem())) == NULL)
10277 goto end;
10278 if (ASN1_TIME_print(bio, X509_getm_notBefore(ckchs->ckch->cert)) == 0)
10279 goto end;
10280 write = BIO_read(bio, tmp->area, tmp->size-1);
10281 tmp->area[write] = '\0';
10282 BIO_free(bio);
10283 chunk_appendf(out, "%s\n", tmp->area);
10284
10285 chunk_appendf(out, "notAfter: ");
10286 chunk_reset(tmp);
10287 if ((bio = BIO_new(BIO_s_mem())) == NULL)
10288 goto end;
10289 if (ASN1_TIME_print(bio, X509_getm_notAfter(ckchs->ckch->cert)) == 0)
10290 goto end;
10291 if ((write = BIO_read(bio, tmp->area, tmp->size-1)) <= 0)
10292 goto end;
10293 tmp->area[write] = '\0';
10294 BIO_free(bio);
10295 chunk_appendf(out, "%s\n", tmp->area);
10296
10297
10298 chunk_appendf(out, "Issuer: ");
10299 if ((name = X509_get_issuer_name(ckchs->ckch->cert)) == NULL)
10300 goto end;
10301 if ((ssl_sock_get_dn_oneline(name, tmp)) == -1)
10302 goto end;
10303 *(tmp->area + tmp->data) = '\0';
10304 chunk_appendf(out, "%s\n", tmp->area);
10305
10306 chunk_appendf(out, "Subject: ");
10307 if ((name = X509_get_subject_name(ckchs->ckch->cert)) == NULL)
10308 goto end;
10309 if ((ssl_sock_get_dn_oneline(name, tmp)) == -1)
10310 goto end;
10311 *(tmp->area + tmp->data) = '\0';
10312 chunk_appendf(out, "%s\n", tmp->area);
10313
10314
10315#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
10316 chunk_appendf(out, "Subject Alternative Name: ");
10317 if (ssl_sock_get_san_oneline(ckchs->ckch->cert, out) == -1)
10318 goto end;
10319 *(out->area + out->data) = '\0';
10320 chunk_appendf(out, "\n");
10321#endif
10322 chunk_reset(tmp);
10323 chunk_appendf(out, "Algorithm: ");
10324 if (cert_get_pkey_algo(ckchs->ckch->cert, tmp) == 0)
10325 goto end;
10326 chunk_appendf(out, "%s\n", tmp->area);
10327
10328 chunk_reset(tmp);
10329 chunk_appendf(out, "SHA1 FingerPrint: ");
10330 if (X509_digest(ckchs->ckch->cert, EVP_sha1(), (unsigned char *) tmp->area,
10331 (unsigned int *)&tmp->data) == 0)
10332 goto end;
10333 dump_binary(out, tmp->area, tmp->data);
10334 chunk_appendf(out, "\n");
10335 }
10336
10337 if (ci_putchk(si_ic(si), out) == -1) {
10338 si_rx_room_blk(si);
10339 goto yield;
10340 }
10341
10342end:
10343 free_trash_chunk(tmp);
10344 free_trash_chunk(out);
10345 return 1;
10346yield:
10347 free_trash_chunk(tmp);
10348 free_trash_chunk(out);
10349 return 0; /* should come back */
10350}
10351
10352/* parsing function for 'show ssl cert [certfile]' */
10353static int cli_parse_show_cert(char **args, char *payload, struct appctx *appctx, void *private)
10354{
10355 struct ckch_store *ckchs;
10356
10357 if (!cli_has_level(appctx, ACCESS_LVL_OPER))
10358 return cli_err(appctx, "Can't allocate memory!\n");
10359
10360 /* The operations on the CKCH architecture are locked so we can
10361 * manipulate ckch_store and ckch_inst */
10362 if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
10363 return cli_err(appctx, "Can't show!\nOperations on certificates are currently locked!\n");
10364
10365 /* check if there is a certificate to lookup */
10366 if (*args[3]) {
10367 if (*args[3] == '*') {
10368 if (!ckchs_transaction.new_ckchs)
10369 goto error;
10370
10371 ckchs = ckchs_transaction.new_ckchs;
10372
10373 if (strcmp(args[3] + 1, ckchs->path))
10374 goto error;
10375
10376 } else {
10377 if ((ckchs = ckchs_lookup(args[3])) == NULL)
10378 goto error;
10379
10380 }
10381
10382 if (ckchs->multi)
10383 goto error;
10384
10385 appctx->ctx.cli.p0 = ckchs;
10386 /* use the IO handler that shows details */
10387 appctx->io_handler = cli_io_handler_show_cert_detail;
10388 }
10389
10390 return 0;
10391
10392error:
10393 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10394 return cli_err(appctx, "Can't display the certificate: Not found or the certificate is a bundle!\n");
10395}
10396
William Lallemand430413e2019-10-28 14:30:47 +010010397/* release function of the `set ssl cert' command, free things and unlock the spinlock */
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010398static void cli_release_commit_cert(struct appctx *appctx)
William Lallemand8f840d72019-10-23 10:53:05 +020010399{
10400 struct ckch_store *new_ckchs;
10401 struct ckch_inst *ckchi, *ckchis;
William Lallemand8f840d72019-10-23 10:53:05 +020010402
William Lallemand430413e2019-10-28 14:30:47 +010010403 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
William Lallemand8f840d72019-10-23 10:53:05 +020010404
William Lallemand430413e2019-10-28 14:30:47 +010010405 if (appctx->st2 != SETCERT_ST_FIN) {
William Lallemand8f840d72019-10-23 10:53:05 +020010406 /* free every new sni_ctx and the new store, which are not in the trees so no spinlock there */
William Lallemandbeea2a42019-10-30 17:45:33 +010010407 new_ckchs = appctx->ctx.ssl.new_ckchs;
William Lallemand8f840d72019-10-23 10:53:05 +020010408
William Lallemandbeea2a42019-10-30 17:45:33 +010010409 if (!new_ckchs)
10410 return;
William Lallemand8f840d72019-10-23 10:53:05 +020010411
William Lallemandbeea2a42019-10-30 17:45:33 +010010412 /* if the allocation failed, we need to free everything from the temporary list */
10413 list_for_each_entry_safe(ckchi, ckchis, &new_ckchs->ckch_inst, by_ckchs) {
10414 struct sni_ctx *sc0, *sc0s;
William Lallemand8f840d72019-10-23 10:53:05 +020010415
William Lallemandbeea2a42019-10-30 17:45:33 +010010416 list_for_each_entry_safe(sc0, sc0s, &ckchi->sni_ctx, by_ckch_inst) {
10417 if (sc0->order == 0) /* we only free if it's the first inserted */
10418 SSL_CTX_free(sc0->ctx);
10419 LIST_DEL(&sc0->by_ckch_inst);
10420 free(sc0);
William Lallemand8f840d72019-10-23 10:53:05 +020010421 }
William Lallemandbeea2a42019-10-30 17:45:33 +010010422 LIST_DEL(&ckchi->by_ckchs);
10423 free(ckchi);
William Lallemand8f840d72019-10-23 10:53:05 +020010424 }
William Lallemandbeea2a42019-10-30 17:45:33 +010010425 ckchs_free(new_ckchs);
William Lallemand8f840d72019-10-23 10:53:05 +020010426 }
10427}
10428
10429
10430/*
10431 * This function tries to create the new ckch_inst and their SNIs
10432 */
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010433static int cli_io_handler_commit_cert(struct appctx *appctx)
William Lallemand8f840d72019-10-23 10:53:05 +020010434{
10435 struct stream_interface *si = appctx->owner;
10436 int y = 0;
10437 char *err = NULL;
10438 int errcode = 0;
10439 struct ckch_store *old_ckchs, *new_ckchs = NULL;
10440 struct ckch_inst *ckchi, *ckchis;
William Lallemand8f840d72019-10-23 10:53:05 +020010441 struct buffer *trash = alloc_trash_chunk();
William Lallemand8ef0c2a2019-11-21 16:30:34 +010010442 struct sni_ctx *sc0, *sc0s;
William Lallemand8f840d72019-10-23 10:53:05 +020010443
William Lallemand33cc76f2019-10-31 11:43:45 +010010444 if (trash == NULL)
10445 goto error;
10446
William Lallemand8f840d72019-10-23 10:53:05 +020010447 if (unlikely(si_ic(si)->flags & (CF_WRITE_ERROR|CF_SHUTW)))
10448 goto error;
10449
William Lallemand430413e2019-10-28 14:30:47 +010010450 while (1) {
10451 switch (appctx->st2) {
10452 case SETCERT_ST_INIT:
10453 /* This state just print the update message */
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010454 chunk_printf(trash, "Committing %s", ckchs_transaction.path);
William Lallemand430413e2019-10-28 14:30:47 +010010455 if (ci_putchk(si_ic(si), trash) == -1) {
10456 si_rx_room_blk(si);
William Lallemand8f840d72019-10-23 10:53:05 +020010457 goto yield;
William Lallemand430413e2019-10-28 14:30:47 +010010458 }
10459 appctx->st2 = SETCERT_ST_GEN;
10460 /* fallthrough */
10461 case SETCERT_ST_GEN:
10462 /*
10463 * This state generates the ckch instances with their
10464 * sni_ctxs and SSL_CTX.
10465 *
William Lallemand430413e2019-10-28 14:30:47 +010010466 * Since the SSL_CTX generation can be CPU consumer, we
10467 * yield every 10 instances.
10468 */
William Lallemand8f840d72019-10-23 10:53:05 +020010469
William Lallemandbeea2a42019-10-30 17:45:33 +010010470 old_ckchs = appctx->ctx.ssl.old_ckchs;
10471 new_ckchs = appctx->ctx.ssl.new_ckchs;
William Lallemand8f840d72019-10-23 10:53:05 +020010472
William Lallemandbeea2a42019-10-30 17:45:33 +010010473 if (!new_ckchs)
10474 continue;
William Lallemand8f840d72019-10-23 10:53:05 +020010475
William Lallemandbeea2a42019-10-30 17:45:33 +010010476 /* get the next ckchi to regenerate */
10477 ckchi = appctx->ctx.ssl.next_ckchi;
10478 /* we didn't start yet, set it to the first elem */
10479 if (ckchi == NULL)
10480 ckchi = LIST_ELEM(old_ckchs->ckch_inst.n, typeof(ckchi), by_ckchs);
William Lallemand8f840d72019-10-23 10:53:05 +020010481
William Lallemandbeea2a42019-10-30 17:45:33 +010010482 /* walk through the old ckch_inst and creates new ckch_inst using the updated ckchs */
10483 list_for_each_entry_from(ckchi, &old_ckchs->ckch_inst, by_ckchs) {
10484 struct ckch_inst *new_inst;
William Lallemand8ef0c2a2019-11-21 16:30:34 +010010485 int verify = 0;
William Lallemand8f840d72019-10-23 10:53:05 +020010486
William Lallemandbeea2a42019-10-30 17:45:33 +010010487 /* it takes a lot of CPU to creates SSL_CTXs, so we yield every 10 CKCH instances */
10488 if (y >= 10) {
10489 /* save the next ckchi to compute */
10490 appctx->ctx.ssl.next_ckchi = ckchi;
10491 goto yield;
10492 }
William Lallemand8f840d72019-10-23 10:53:05 +020010493
William Lallemand8ef0c2a2019-11-21 16:30:34 +010010494 /* prevent ssl_sock_prepare_ctx() to do file access which is only for verify (crl/ca file) */
10495 verify = (ckchi->ssl_conf && ckchi->ssl_conf->verify) ? ckchi->ssl_conf->verify : ckchi->bind_conf->ssl_conf.verify;
10496 if (verify & SSL_VERIFY_PEER) {
10497 memprintf(&err, "%sCan't commit a certificate which use the 'verify' bind SSL option [%s:%d]\n", err ? err : "", ckchi->bind_conf->file, ckchi->bind_conf->line);
10498 errcode |= ERR_FATAL | ERR_ABORT;
10499 goto error;
10500 }
10501
10502
William Lallemandbeea2a42019-10-30 17:45:33 +010010503 if (new_ckchs->multi)
10504 errcode |= ckch_inst_new_load_multi_store(new_ckchs->path, new_ckchs, ckchi->bind_conf, ckchi->ssl_conf, NULL, 0, &new_inst, &err);
10505 else
10506 errcode |= ckch_inst_new_load_store(new_ckchs->path, new_ckchs, ckchi->bind_conf, ckchi->ssl_conf, NULL, 0, &new_inst, &err);
William Lallemand8f840d72019-10-23 10:53:05 +020010507
William Lallemandbeea2a42019-10-30 17:45:33 +010010508 if (errcode & ERR_CODE)
10509 goto error;
William Lallemand8f840d72019-10-23 10:53:05 +020010510
William Lallemand21724f02019-11-04 17:56:13 +010010511 /* if the previous ckchi was used as the default */
10512 if (ckchi->is_default)
10513 new_inst->is_default = 1;
10514
William Lallemand8ef0c2a2019-11-21 16:30:34 +010010515 /* we need to initialize the SSL_CTX generated */
10516 /* TODO: the prepare_ctx function need to be reworked to be safer there */
10517 list_for_each_entry_safe(sc0, sc0s, &ckchi->sni_ctx, by_ckch_inst) {
10518 if (!sc0->order) { /* we initiliazed only the first SSL_CTX because it's the same in the other sni_ctx's */
10519 errcode |= ssl_sock_prepare_ctx(ckchi->bind_conf, ckchi->ssl_conf, sc0->ctx, &err);
10520 if (errcode & ERR_CODE)
10521 goto error;
10522 }
10523 }
10524
10525
William Lallemandbeea2a42019-10-30 17:45:33 +010010526 /* display one dot per new instance */
10527 chunk_appendf(trash, ".");
10528 /* link the new ckch_inst to the duplicate */
10529 LIST_ADDQ(&new_ckchs->ckch_inst, &new_inst->by_ckchs);
10530 y++;
10531 }
William Lallemand430413e2019-10-28 14:30:47 +010010532 appctx->st2 = SETCERT_ST_INSERT;
10533 /* fallthrough */
10534 case SETCERT_ST_INSERT:
10535 /* The generation is finished, we can insert everything */
William Lallemand8f840d72019-10-23 10:53:05 +020010536
William Lallemandbeea2a42019-10-30 17:45:33 +010010537 old_ckchs = appctx->ctx.ssl.old_ckchs;
10538 new_ckchs = appctx->ctx.ssl.new_ckchs;
William Lallemand8f840d72019-10-23 10:53:05 +020010539
William Lallemandbeea2a42019-10-30 17:45:33 +010010540 if (!new_ckchs)
10541 continue;
William Lallemand430413e2019-10-28 14:30:47 +010010542
William Lallemand21724f02019-11-04 17:56:13 +010010543 /* First, we insert every new SNIs in the trees, also replace the default_ctx */
William Lallemandbeea2a42019-10-30 17:45:33 +010010544 list_for_each_entry_safe(ckchi, ckchis, &new_ckchs->ckch_inst, by_ckchs) {
10545 HA_RWLOCK_WRLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10546 ssl_sock_load_cert_sni(ckchi, ckchi->bind_conf);
10547 HA_RWLOCK_WRUNLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10548 }
William Lallemand8f840d72019-10-23 10:53:05 +020010549
William Lallemandbeea2a42019-10-30 17:45:33 +010010550 /* delete the old sni_ctx, the old ckch_insts and the ckch_store */
10551 list_for_each_entry_safe(ckchi, ckchis, &old_ckchs->ckch_inst, by_ckchs) {
William Lallemand430413e2019-10-28 14:30:47 +010010552
William Lallemandbeea2a42019-10-30 17:45:33 +010010553 HA_RWLOCK_WRLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10554 list_for_each_entry_safe(sc0, sc0s, &ckchi->sni_ctx, by_ckch_inst) {
10555 ebmb_delete(&sc0->name);
10556 LIST_DEL(&sc0->by_ckch_inst);
10557 free(sc0);
William Lallemand430413e2019-10-28 14:30:47 +010010558 }
William Lallemandbeea2a42019-10-30 17:45:33 +010010559 HA_RWLOCK_WRUNLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10560 LIST_DEL(&ckchi->by_ckchs);
10561 free(ckchi);
10562 }
William Lallemand8f840d72019-10-23 10:53:05 +020010563
William Lallemandbeea2a42019-10-30 17:45:33 +010010564 /* Replace the old ckchs by the new one */
10565 ebmb_delete(&old_ckchs->node);
10566 ckchs_free(old_ckchs);
10567 ebst_insert(&ckchs_tree, &new_ckchs->node);
William Lallemand430413e2019-10-28 14:30:47 +010010568 appctx->st2 = SETCERT_ST_FIN;
10569 /* fallthrough */
10570 case SETCERT_ST_FIN:
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010571 /* we achieved the transaction, we can set everything to NULL */
10572 free(ckchs_transaction.path);
10573 ckchs_transaction.path = NULL;
10574 ckchs_transaction.new_ckchs = NULL;
10575 ckchs_transaction.old_ckchs = NULL;
William Lallemand430413e2019-10-28 14:30:47 +010010576 goto end;
10577 }
William Lallemand8f840d72019-10-23 10:53:05 +020010578 }
William Lallemand430413e2019-10-28 14:30:47 +010010579end:
William Lallemand8f840d72019-10-23 10:53:05 +020010580
William Lallemanded442432019-11-21 16:41:07 +010010581 chunk_appendf(trash, "\n");
10582 if (errcode & ERR_WARN)
Tim Duesterhusc0e820c2019-11-23 23:52:30 +010010583 chunk_appendf(trash, "%s", err);
William Lallemanded442432019-11-21 16:41:07 +010010584 chunk_appendf(trash, "Success!\n");
William Lallemand430413e2019-10-28 14:30:47 +010010585 if (ci_putchk(si_ic(si), trash) == -1)
10586 si_rx_room_blk(si);
10587 free_trash_chunk(trash);
10588 /* success: call the release function and don't come back */
10589 return 1;
William Lallemand8f840d72019-10-23 10:53:05 +020010590yield:
10591 /* store the state */
10592 if (ci_putchk(si_ic(si), trash) == -1)
10593 si_rx_room_blk(si);
10594 free_trash_chunk(trash);
10595 si_rx_endp_more(si); /* let's come back later */
William Lallemand8f840d72019-10-23 10:53:05 +020010596 return 0; /* should come back */
10597
10598error:
10599 /* spin unlock and free are done in the release function */
William Lallemand33cc76f2019-10-31 11:43:45 +010010600 if (trash) {
10601 chunk_appendf(trash, "\n%sFailed!\n", err);
10602 if (ci_putchk(si_ic(si), trash) == -1)
10603 si_rx_room_blk(si);
10604 free_trash_chunk(trash);
10605 }
William Lallemand430413e2019-10-28 14:30:47 +010010606 /* error: call the release function and don't come back */
10607 return 1;
William Lallemand8f840d72019-10-23 10:53:05 +020010608}
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010609
10610/*
10611 * Parsing function of 'commit ssl cert'
10612 */
10613static int cli_parse_commit_cert(char **args, char *payload, struct appctx *appctx, void *private)
10614{
10615 char *err = NULL;
10616
William Lallemand230662a2019-12-03 13:32:54 +010010617 if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
10618 return 1;
10619
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010620 if (!*args[3])
10621 return cli_err(appctx, "'commit ssl cert expects a filename\n");
10622
10623 /* The operations on the CKCH architecture are locked so we can
10624 * manipulate ckch_store and ckch_inst */
10625 if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
10626 return cli_err(appctx, "Can't commit the certificate!\nOperations on certificates are currently locked!\n");
10627
10628 if (!ckchs_transaction.path) {
10629 memprintf(&err, "No ongoing transaction! !\n");
10630 goto error;
10631 }
10632
10633 if (strcmp(ckchs_transaction.path, args[3]) != 0) {
10634 memprintf(&err, "The ongoing transaction is about '%s' but you are trying to set '%s'\n", ckchs_transaction.path, args[3]);
10635 goto error;
10636 }
10637
10638 /* init the appctx structure */
10639 appctx->st2 = SETCERT_ST_INIT;
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010640 appctx->ctx.ssl.next_ckchi = NULL;
10641 appctx->ctx.ssl.new_ckchs = ckchs_transaction.new_ckchs;
10642 appctx->ctx.ssl.old_ckchs = ckchs_transaction.old_ckchs;
10643
10644 /* we don't unlock there, it will be unlock after the IO handler, in the release handler */
10645 return 0;
10646
10647error:
10648
10649 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10650 err = memprintf(&err, "%sCan't commit %s!\n", err ? err : "", args[3]);
10651
10652 return cli_dynerr(appctx, err);
10653}
10654
10655
William Lallemand8f840d72019-10-23 10:53:05 +020010656/*
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010657 * Parsing function of `set ssl cert`, it updates or creates a temporary ckch.
William Lallemand8f840d72019-10-23 10:53:05 +020010658 */
William Lallemand150bfa82019-09-19 17:12:49 +020010659static int cli_parse_set_cert(char **args, char *payload, struct appctx *appctx, void *private)
10660{
William Lallemand0c3b7d92019-10-18 11:27:07 +020010661 struct ckch_store *new_ckchs = NULL;
William Lallemand8f840d72019-10-23 10:53:05 +020010662 struct ckch_store *old_ckchs = NULL;
William Lallemand150bfa82019-09-19 17:12:49 +020010663 char *err = NULL;
William Lallemand963b2e72019-10-14 11:38:36 +020010664 int i;
William Lallemand849eed62019-10-17 16:23:50 +020010665 int bundle = -1; /* TRUE if >= 0 (ckch index) */
Emeric Brunf69ed1d2019-10-17 11:56:56 +020010666 int errcode = 0;
William Lallemand44b35322019-10-17 16:28:40 +020010667 char *end;
10668 int type = CERT_TYPE_PEM;
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010669 struct cert_key_and_chain *ckch;
10670 struct buffer *buf;
William Lallemand8f840d72019-10-23 10:53:05 +020010671
William Lallemand230662a2019-12-03 13:32:54 +010010672 if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
10673 return 1;
10674
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010675 if ((buf = alloc_trash_chunk()) == NULL)
10676 return cli_err(appctx, "Can't allocate memory\n");
William Lallemand150bfa82019-09-19 17:12:49 +020010677
10678 if (!*args[3] || !payload)
10679 return cli_err(appctx, "'set ssl cert expects a filename and a certificat as a payload\n");
10680
10681 /* The operations on the CKCH architecture are locked so we can
10682 * manipulate ckch_store and ckch_inst */
10683 if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
10684 return cli_err(appctx, "Can't update the certificate!\nOperations on certificates are currently locked!\n");
10685
William Lallemand8f840d72019-10-23 10:53:05 +020010686 if (!chunk_strcpy(buf, args[3])) {
10687 memprintf(&err, "%sCan't allocate memory\n", err ? err : "");
10688 errcode |= ERR_ALERT | ERR_FATAL;
10689 goto end;
10690 }
10691
William Lallemand44b35322019-10-17 16:28:40 +020010692 /* check which type of file we want to update */
William Lallemandf29cdef2019-10-23 15:00:52 +020010693 for (i = 0; cert_exts[i].type < CERT_TYPE_MAX; i++) {
William Lallemand8f840d72019-10-23 10:53:05 +020010694 end = strrchr(buf->area, '.');
William Lallemand44b35322019-10-17 16:28:40 +020010695 if (end && *cert_exts[i].ext && (!strcmp(end + 1, cert_exts[i].ext))) {
10696 *end = '\0';
10697 type = cert_exts[i].type;
10698 break;
10699 }
10700 }
10701
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010702 appctx->ctx.ssl.old_ckchs = NULL;
10703 appctx->ctx.ssl.new_ckchs = NULL;
William Lallemand849eed62019-10-17 16:23:50 +020010704
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010705 /* if there is an ongoing transaction */
10706 if (ckchs_transaction.path) {
10707 /* if the ongoing transaction is a bundle, we need to find which part of the bundle need to be updated */
William Lallemand963b2e72019-10-14 11:38:36 +020010708#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010709 if (ckchs_transaction.new_ckchs->multi) {
Emmanuel Hocdet40f2f1e2019-10-30 17:31:28 +010010710 char *end;
William Lallemand963b2e72019-10-14 11:38:36 +020010711 int j;
William Lallemand150bfa82019-09-19 17:12:49 +020010712
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010713 /* check if it was used in a bundle by removing the
William Lallemand963b2e72019-10-14 11:38:36 +020010714 * .dsa/.rsa/.ecdsa at the end of the filename */
William Lallemand8f840d72019-10-23 10:53:05 +020010715 end = strrchr(buf->area, '.');
Emmanuel Hocdet40f2f1e2019-10-30 17:31:28 +010010716 for (j = 0; end && j < SSL_SOCK_NUM_KEYTYPES; j++) {
William Lallemand963b2e72019-10-14 11:38:36 +020010717 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
10718 bundle = j; /* keep the type of certificate so we insert it at the right place */
10719 *end = '\0'; /* it's a bundle let's end the string*/
10720 break;
10721 }
William Lallemand150bfa82019-09-19 17:12:49 +020010722 }
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010723 if (bundle < 0) {
10724 memprintf(&err, "The ongoing transaction is the '%s' bundle. You need to specify which part of the bundle you want to update ('%s.{rsa,ecdsa,dsa}')\n", ckchs_transaction.path, buf->area);
10725 errcode |= ERR_ALERT | ERR_FATAL;
10726 goto end;
10727 }
10728 }
10729#endif
10730
10731 /* if there is an ongoing transaction, check if this is the same file */
10732 if (strcmp(ckchs_transaction.path, buf->area) != 0) {
10733 memprintf(&err, "The ongoing transaction is about '%s' but you are trying to set '%s'\n", ckchs_transaction.path, buf->area);
10734 errcode |= ERR_ALERT | ERR_FATAL;
10735 goto end;
William Lallemand150bfa82019-09-19 17:12:49 +020010736 }
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010737
10738 appctx->ctx.ssl.old_ckchs = ckchs_transaction.new_ckchs;
10739
10740 } else {
10741 struct ckch_store *find_ckchs[2] = { NULL, NULL };
10742
10743 /* lookup for the certificate in the tree:
10744 * check if this is used as a bundle AND as a unique certificate */
10745 for (i = 0; i < 2; i++) {
10746
10747 if ((find_ckchs[i] = ckchs_lookup(buf->area)) != NULL) {
10748 /* only the bundle name is in the tree and you should
10749 * never update a bundle name, only a filename */
10750 if (bundle < 0 && find_ckchs[i]->multi) {
10751 /* we tried to look for a non-bundle and we found a bundle */
10752 memprintf(&err, "%s%s is a multi-cert bundle. Try updating %s.{dsa,rsa,ecdsa}\n",
10753 err ? err : "", args[3], args[3]);
10754 errcode |= ERR_ALERT | ERR_FATAL;
10755 goto end;
10756 }
William Lallemand3246d942019-11-04 14:02:11 +010010757 /* If we want a bundle but this is not a bundle
10758 * example: When you try to update <file>.rsa, but
10759 * <file> is a regular file */
10760 if (bundle >= 0 && find_ckchs[i]->multi == 0) {
10761 find_ckchs[i] = NULL;
10762 break;
10763 }
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010764 }
10765#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
10766 {
Emmanuel Hocdet40f2f1e2019-10-30 17:31:28 +010010767 char *end;
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010768 int j;
10769
10770 /* check if it was used in a bundle by removing the
10771 * .dsa/.rsa/.ecdsa at the end of the filename */
10772 end = strrchr(buf->area, '.');
Emmanuel Hocdet40f2f1e2019-10-30 17:31:28 +010010773 for (j = 0; end && j < SSL_SOCK_NUM_KEYTYPES; j++) {
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010774 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
10775 bundle = j; /* keep the type of certificate so we insert it at the right place */
10776 *end = '\0'; /* it's a bundle let's end the string*/
10777 break;
10778 }
10779 }
William Lallemand37031b82019-11-04 13:38:53 +010010780 if (bundle < 0) /* we didn't find a bundle extension */
10781 break;
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010782 }
William Lallemand963b2e72019-10-14 11:38:36 +020010783#else
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010784 /* bundles are not supported here, so we don't need to lookup again */
10785 break;
William Lallemand963b2e72019-10-14 11:38:36 +020010786#endif
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010787 }
10788
10789 if (find_ckchs[0] && find_ckchs[1]) {
10790 memprintf(&err, "%sUpdating a certificate which is used in the HAProxy configuration as a bundle and as a unique certificate is not supported. ('%s' and '%s')\n",
10791 err ? err : "", find_ckchs[0]->path, find_ckchs[1]->path);
10792 errcode |= ERR_ALERT | ERR_FATAL;
10793 goto end;
10794 }
10795
10796 appctx->ctx.ssl.old_ckchs = find_ckchs[0] ? find_ckchs[0] : find_ckchs[1];
William Lallemand150bfa82019-09-19 17:12:49 +020010797 }
10798
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010799 if (!appctx->ctx.ssl.old_ckchs) {
10800 memprintf(&err, "%sCan't replace a certificate which is not referenced by the configuration!\n",
William Lallemand150bfa82019-09-19 17:12:49 +020010801 err ? err : "");
Emeric Brunf69ed1d2019-10-17 11:56:56 +020010802 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand8f840d72019-10-23 10:53:05 +020010803 goto end;
William Lallemand150bfa82019-09-19 17:12:49 +020010804 }
10805
William Lallemand8a7fdf02019-11-04 10:59:32 +010010806 if (!appctx->ctx.ssl.path) {
10807 /* this is a new transaction, set the path of the transaction */
10808 appctx->ctx.ssl.path = strdup(appctx->ctx.ssl.old_ckchs->path);
10809 if (!appctx->ctx.ssl.path) {
10810 memprintf(&err, "%sCan't allocate memory\n", err ? err : "");
10811 errcode |= ERR_ALERT | ERR_FATAL;
10812 goto end;
10813 }
10814 }
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010815
10816 old_ckchs = appctx->ctx.ssl.old_ckchs;
10817
10818 /* TODO: handle filters */
10819 if (old_ckchs->filters) {
10820 memprintf(&err, "%sCertificates used in crt-list with filters are not supported!\n",
10821 err ? err : "");
10822 errcode |= ERR_ALERT | ERR_FATAL;
10823 goto end;
10824 }
10825
10826 /* duplicate the ckch store */
10827 new_ckchs = ckchs_dup(old_ckchs);
10828 if (!new_ckchs) {
10829 memprintf(&err, "%sCannot allocate memory!\n",
10830 err ? err : "");
10831 errcode |= ERR_ALERT | ERR_FATAL;
10832 goto end;
10833 }
10834
10835 if (!new_ckchs->multi)
10836 ckch = new_ckchs->ckch;
10837 else
10838 ckch = &new_ckchs->ckch[bundle];
10839
10840 /* appply the change on the duplicate */
10841 if (cert_exts[type].load(buf->area, payload, ckch, &err) != 0) {
10842 memprintf(&err, "%sCan't load the payload\n", err ? err : "");
10843 errcode |= ERR_ALERT | ERR_FATAL;
10844 goto end;
10845 }
10846
10847 appctx->ctx.ssl.new_ckchs = new_ckchs;
10848
10849 /* we succeed, we can save the ckchs in the transaction */
10850
10851 /* if there wasn't a transaction, update the old ckchs */
William Dauchyc8bb1532019-11-24 15:04:20 +010010852 if (!ckchs_transaction.old_ckchs) {
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010853 ckchs_transaction.old_ckchs = appctx->ctx.ssl.old_ckchs;
10854 ckchs_transaction.path = appctx->ctx.ssl.path;
10855 err = memprintf(&err, "Transaction created for certificate %s!\n", ckchs_transaction.path);
10856 } else {
10857 err = memprintf(&err, "Transaction updated for certificate %s!\n", ckchs_transaction.path);
10858
10859 }
10860
10861 /* free the previous ckchs if there was a transaction */
10862 ckchs_free(ckchs_transaction.new_ckchs);
10863
10864 ckchs_transaction.new_ckchs = appctx->ctx.ssl.new_ckchs;
10865
10866
William Lallemand8f840d72019-10-23 10:53:05 +020010867 /* creates the SNI ctxs later in the IO handler */
William Lallemand150bfa82019-09-19 17:12:49 +020010868
William Lallemand8f840d72019-10-23 10:53:05 +020010869end:
10870 free_trash_chunk(buf);
William Lallemand150bfa82019-09-19 17:12:49 +020010871
Emeric Brunf69ed1d2019-10-17 11:56:56 +020010872 if (errcode & ERR_CODE) {
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010873
10874 ckchs_free(appctx->ctx.ssl.new_ckchs);
10875 appctx->ctx.ssl.new_ckchs = NULL;
10876
10877 appctx->ctx.ssl.old_ckchs = NULL;
10878
10879 free(appctx->ctx.ssl.path);
10880 appctx->ctx.ssl.path = NULL;
10881
10882 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
William Lallemand44b35322019-10-17 16:28:40 +020010883 return cli_dynerr(appctx, memprintf(&err, "%sCan't update %s!\n", err ? err : "", args[3]));
William Lallemand430413e2019-10-28 14:30:47 +010010884 } else {
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010885
10886 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10887 return cli_dynmsg(appctx, LOG_NOTICE, err);
William Lallemand430413e2019-10-28 14:30:47 +010010888 }
William Lallemand8f840d72019-10-23 10:53:05 +020010889 /* TODO: handle the ERR_WARN which are not handled because of the io_handler */
William Lallemand150bfa82019-09-19 17:12:49 +020010890}
10891
William Lallemand0bc9c8a2019-11-19 15:51:51 +010010892/* parsing function of 'abort ssl cert' */
10893static int cli_parse_abort_cert(char **args, char *payload, struct appctx *appctx, void *private)
10894{
10895 char *err = NULL;
10896
William Lallemand230662a2019-12-03 13:32:54 +010010897 if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
10898 return 1;
10899
William Lallemand0bc9c8a2019-11-19 15:51:51 +010010900 if (!*args[3])
10901 return cli_err(appctx, "'abort ssl cert' expects a filename\n");
10902
10903 /* The operations on the CKCH architecture are locked so we can
10904 * manipulate ckch_store and ckch_inst */
10905 if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
10906 return cli_err(appctx, "Can't abort!\nOperations on certificates are currently locked!\n");
10907
10908 if (!ckchs_transaction.path) {
10909 memprintf(&err, "No ongoing transaction!\n");
10910 goto error;
10911 }
10912
10913 if (strcmp(ckchs_transaction.path, args[3]) != 0) {
10914 memprintf(&err, "The ongoing transaction is about '%s' but you are trying to abort a transaction for '%s'\n", ckchs_transaction.path, args[3]);
10915 goto error;
10916 }
10917
10918 /* Only free the ckchs there, because the SNI and instances were not generated yet */
10919 ckchs_free(ckchs_transaction.new_ckchs);
10920 ckchs_transaction.new_ckchs = NULL;
10921 ckchs_free(ckchs_transaction.old_ckchs);
10922 ckchs_transaction.old_ckchs = NULL;
10923 free(ckchs_transaction.path);
10924 ckchs_transaction.path = NULL;
10925
10926 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10927
10928 err = memprintf(&err, "Transaction aborted for certificate '%s'!\n", args[3]);
10929 return cli_dynmsg(appctx, LOG_NOTICE, err);
10930
10931error:
10932 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10933
10934 return cli_dynerr(appctx, err);
10935}
10936
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +020010937static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +020010938{
10939#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
10940 char *err = NULL;
Willy Tarreau1c913e42018-08-22 05:26:57 +020010941 int i, j, ret;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +020010942
10943 if (!payload)
10944 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +020010945
10946 /* Expect one parameter: the new response in base64 encoding */
Willy Tarreau9d008692019-08-09 11:21:01 +020010947 if (!*payload)
10948 return cli_err(appctx, "'set ssl ocsp-response' expects response in base64 encoding.\n");
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +020010949
10950 /* remove \r and \n from the payload */
10951 for (i = 0, j = 0; payload[i]; i++) {
10952 if (payload[i] == '\r' || payload[i] == '\n')
10953 continue;
10954 payload[j++] = payload[i];
10955 }
10956 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +020010957
Willy Tarreau1c913e42018-08-22 05:26:57 +020010958 ret = base64dec(payload, j, trash.area, trash.size);
Willy Tarreau9d008692019-08-09 11:21:01 +020010959 if (ret < 0)
10960 return cli_err(appctx, "'set ssl ocsp-response' received invalid base64 encoded response.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010961
Willy Tarreau1c913e42018-08-22 05:26:57 +020010962 trash.data = ret;
William Lallemand32af2032016-10-29 18:09:35 +020010963 if (ssl_sock_update_ocsp_response(&trash, &err)) {
Willy Tarreau9d008692019-08-09 11:21:01 +020010964 if (err)
10965 return cli_dynerr(appctx, memprintf(&err, "%s.\n", err));
10966 else
10967 return cli_err(appctx, "Failed to update OCSP response.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010968 }
Willy Tarreau9d008692019-08-09 11:21:01 +020010969
10970 return cli_msg(appctx, LOG_INFO, "OCSP Response updated!\n");
William Lallemand32af2032016-10-29 18:09:35 +020010971#else
Willy Tarreau9d008692019-08-09 11:21:01 +020010972 return cli_err(appctx, "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010973#endif
10974
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010975}
10976
Willy Tarreau86a394e2019-05-09 14:15:32 +020010977#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010978static inline int sample_conv_var2smp_str(const struct arg *arg, struct sample *smp)
10979{
10980 switch (arg->type) {
10981 case ARGT_STR:
10982 smp->data.type = SMP_T_STR;
10983 smp->data.u.str = arg->data.str;
10984 return 1;
10985 case ARGT_VAR:
10986 if (!vars_get_by_desc(&arg->data.var, smp))
10987 return 0;
10988 if (!sample_casts[smp->data.type][SMP_T_STR])
10989 return 0;
10990 if (!sample_casts[smp->data.type][SMP_T_STR](smp))
10991 return 0;
10992 return 1;
10993 default:
10994 return 0;
10995 }
10996}
10997
10998static int check_aes_gcm(struct arg *args, struct sample_conv *conv,
10999 const char *file, int line, char **err)
11000{
11001 switch(args[0].data.sint) {
11002 case 128:
11003 case 192:
11004 case 256:
11005 break;
11006 default:
11007 memprintf(err, "key size must be 128, 192 or 256 (bits).");
11008 return 0;
11009 }
11010 /* Try to decode a variable. */
11011 vars_check_arg(&args[1], NULL);
11012 vars_check_arg(&args[2], NULL);
11013 vars_check_arg(&args[3], NULL);
11014 return 1;
11015}
11016
11017/* Arguements: AES size in bits, nonce, key, tag. The last three arguments are base64 encoded */
11018static int sample_conv_aes_gcm_dec(const struct arg *arg_p, struct sample *smp, void *private)
11019{
11020 struct sample nonce, key, aead_tag;
11021 struct buffer *smp_trash, *smp_trash_alloc;
11022 EVP_CIPHER_CTX *ctx;
11023 int dec_size, ret;
11024
11025 smp_set_owner(&nonce, smp->px, smp->sess, smp->strm, smp->opt);
11026 if (!sample_conv_var2smp_str(&arg_p[1], &nonce))
11027 return 0;
11028
11029 smp_set_owner(&key, smp->px, smp->sess, smp->strm, smp->opt);
11030 if (!sample_conv_var2smp_str(&arg_p[2], &key))
11031 return 0;
11032
11033 smp_set_owner(&aead_tag, smp->px, smp->sess, smp->strm, smp->opt);
11034 if (!sample_conv_var2smp_str(&arg_p[3], &aead_tag))
11035 return 0;
11036
11037 smp_trash = get_trash_chunk();
11038 smp_trash_alloc = alloc_trash_chunk();
11039 if (!smp_trash_alloc)
11040 return 0;
11041
11042 ctx = EVP_CIPHER_CTX_new();
11043
11044 if (!ctx)
11045 goto err;
11046
11047 dec_size = base64dec(nonce.data.u.str.area, nonce.data.u.str.data, smp_trash->area, smp_trash->size);
11048 if (dec_size < 0)
11049 goto err;
11050 smp_trash->data = dec_size;
11051
11052 /* Set cipher type and mode */
11053 switch(arg_p[0].data.sint) {
11054 case 128:
11055 EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
11056 break;
11057 case 192:
11058 EVP_DecryptInit_ex(ctx, EVP_aes_192_gcm(), NULL, NULL, NULL);
11059 break;
11060 case 256:
11061 EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
11062 break;
11063 }
11064
11065 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, smp_trash->data, NULL);
11066
11067 /* Initialise IV */
11068 if(!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, (unsigned char *) smp_trash->area))
11069 goto err;
11070
11071 dec_size = base64dec(key.data.u.str.area, key.data.u.str.data, smp_trash->area, smp_trash->size);
11072 if (dec_size < 0)
11073 goto err;
11074 smp_trash->data = dec_size;
11075
11076 /* Initialise key */
11077 if (!EVP_DecryptInit_ex(ctx, NULL, NULL, (unsigned char *) smp_trash->area, NULL))
11078 goto err;
11079
11080 if (!EVP_DecryptUpdate(ctx, (unsigned char *) smp_trash->area, (int *) &smp_trash->data,
11081 (unsigned char *) smp->data.u.str.area, (int) smp->data.u.str.data))
11082 goto err;
11083
11084 dec_size = base64dec(aead_tag.data.u.str.area, aead_tag.data.u.str.data, smp_trash_alloc->area, smp_trash_alloc->size);
11085 if (dec_size < 0)
11086 goto err;
11087 smp_trash_alloc->data = dec_size;
11088 dec_size = smp_trash->data;
11089
11090 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, smp_trash_alloc->data, (void *) smp_trash_alloc->area);
11091 ret = EVP_DecryptFinal_ex(ctx, (unsigned char *) smp_trash->area + smp_trash->data, (int *) &smp_trash->data);
11092
11093 if (ret <= 0)
11094 goto err;
11095
11096 smp->data.u.str.data = dec_size + smp_trash->data;
11097 smp->data.u.str.area = smp_trash->area;
11098 smp->data.type = SMP_T_BIN;
11099 smp->flags &= ~SMP_F_CONST;
11100 free_trash_chunk(smp_trash_alloc);
11101 return 1;
11102
11103err:
11104 free_trash_chunk(smp_trash_alloc);
11105 return 0;
William Lallemand32af2032016-10-29 18:09:35 +020011106}
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010011107# endif
William Lallemand32af2032016-10-29 18:09:35 +020011108
11109/* register cli keywords */
11110static struct cli_kw_list cli_kws = {{ },{
11111#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
11112 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +020011113 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +020011114#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +010011115 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemandbc6ca7c2019-10-29 23:48:19 +010011116 { { "set", "ssl", "cert", NULL }, "set ssl cert <certfile> <payload> : replace a certificate file", cli_parse_set_cert, NULL, NULL },
11117 { { "commit", "ssl", "cert", NULL }, "commit ssl cert <certfile> : commit a certificate file", cli_parse_commit_cert, cli_io_handler_commit_cert, cli_release_commit_cert },
William Lallemand0bc9c8a2019-11-19 15:51:51 +010011118 { { "abort", "ssl", "cert", NULL }, "abort ssl cert <certfile> : abort a transaction for a certificate file", cli_parse_abort_cert, NULL, NULL },
William Lallemandd4f946c2019-12-05 10:26:40 +010011119 { { "show", "ssl", "cert", NULL }, "show ssl cert [<certfile>] : display the SSL certificates used in memory, or the details of a <certfile>", cli_parse_show_cert, cli_io_handler_show_cert, cli_release_show_cert },
William Lallemand32af2032016-10-29 18:09:35 +020011120 { { NULL }, NULL, NULL, NULL }
11121}};
11122
Willy Tarreau0108d902018-11-25 19:14:37 +010011123INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);
William Lallemand32af2032016-10-29 18:09:35 +020011124
Willy Tarreau7875d092012-09-10 08:20:03 +020011125/* Note: must not be declared <const> as its list will be overwritten.
11126 * Please take care of keeping this list alphabetically sorted.
11127 */
Willy Tarreaudc13c112013-06-21 23:16:39 +020011128static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +020011129 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020011130 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +010011131#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Jérôme Magnine064a802018-12-03 22:21:04 +010011132 { "ssl_bc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +010011133#endif
Emeric Brun645ae792014-04-30 14:21:06 +020011134 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +010011135#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
11136 { "ssl_bc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
11137#endif
Emeric Brun74f7ffa2018-02-19 16:14:12 +010011138 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +020011139 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +020011140 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020011141 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Willy Tarreau9a1ab082019-05-09 13:26:41 +020011142#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +020011143 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -040011144#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +020011145#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -040011146 { "ssl_bc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
11147 { "ssl_bc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmere0275472018-04-28 19:15:51 -040011148 { "ssl_bc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
11149#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020011150 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
11151 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +010011152 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020011153 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +020011154 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
11155 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11156 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11157 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11158 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11159 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
11160 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
11161 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010011162 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020011163 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
11164 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +010011165 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +020011166 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
11167 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11168 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11169 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11170 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11171 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
11172 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +020011173 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020011174 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010011175 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020011176 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011177 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010011178 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +020011179 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010011180 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +020011181 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Bernard Spil13c53f82018-02-15 13:34:58 +010011182#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011183 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +020011184#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +010011185#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011186 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +020011187#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011188 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +020011189#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brunb73a9b02014-04-30 18:49:19 +020011190 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -040011191#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020011192 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +020011193#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011194 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -040011195#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +020011196#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -040011197 { "ssl_fc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
11198 { "ssl_fc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmere0275472018-04-28 19:15:51 -040011199 { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
11200#endif
Patrick Hemmer41966772018-04-28 19:15:48 -040011201#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011202 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -040011203#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +010011204 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11205 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
11206 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11207 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +020011208 { NULL, NULL, 0, 0, 0 },
11209}};
11210
Willy Tarreau0108d902018-11-25 19:14:37 +010011211INITCALL1(STG_REGISTER, sample_register_fetches, &sample_fetch_keywords);
11212
Willy Tarreau7875d092012-09-10 08:20:03 +020011213/* Note: must not be declared <const> as its list will be overwritten.
11214 * Please take care of keeping this list alphabetically sorted.
11215 */
Willy Tarreaudc13c112013-06-21 23:16:39 +020011216static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010011217 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
11218 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +010011219 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +020011220}};
11221
Willy Tarreau0108d902018-11-25 19:14:37 +010011222INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
11223
Willy Tarreau79eeafa2012-09-14 07:53:05 +020011224/* Note: must not be declared <const> as its list will be overwritten.
11225 * Please take care of keeping this list alphabetically sorted, doing so helps
11226 * all code contributors.
11227 * Optional keywords are also declared with a NULL ->parse() function so that
11228 * the config parser can report an appropriate error when a known keyword was
11229 * not enabled.
11230 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010011231static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +020011232 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010011233 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
11234 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
11235 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +020011236#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020011237 { "ciphersuites", ssl_bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
11238#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +010011239 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +010011240 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010011241 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +020011242 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010011243 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +020011244 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
11245 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010011246 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
11247 { NULL, NULL, 0 },
11248};
11249
Willy Tarreau0108d902018-11-25 19:14:37 +010011250/* no initcall for ssl_bind_kws, these ones are parsed in the parser loop */
11251
Willy Tarreau51fb7652012-09-18 18:24:39 +020011252static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +020011253 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020011254 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
11255 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
11256 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
11257 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
11258 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
11259 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +020011260#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020011261 { "ciphersuites", bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
11262#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020011263 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
11264 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
11265 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
11266 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
11267 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
11268 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
11269 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
11270 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
11271 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
11272 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +020011273 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020011274 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +020011275 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020011276 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
11277 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
11278 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
11279 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +020011280 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020011281 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
11282 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020011283 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
11284 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020011285 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
11286 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
11287 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
11288 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
11289 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +020011290 { NULL, NULL, 0 },
11291}};
Emeric Brun46591952012-05-18 15:47:34 +020011292
Willy Tarreau0108d902018-11-25 19:14:37 +010011293INITCALL1(STG_REGISTER, bind_register_keywords, &bind_kws);
11294
Willy Tarreau92faadf2012-10-10 23:04:25 +020011295/* Note: must not be declared <const> as its list will be overwritten.
11296 * Please take care of keeping this list alphabetically sorted, doing so helps
11297 * all code contributors.
11298 * Optional keywords are also declared with a NULL ->parse() function so that
11299 * the config parser can report an appropriate error when a known keyword was
11300 * not enabled.
11301 */
11302static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +010011303 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Olivier Houchardc7566002018-11-20 23:33:50 +010011304 { "alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020011305 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard92150142018-12-21 19:47:01 +010011306 { "check-alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN used for checks */
Olivier Houchard9130a962017-10-17 17:33:43 +020011307 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020011308 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
11309 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +020011310#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020011311 { "ciphersuites", srv_parse_ciphersuites, 1, 1 }, /* select the cipher suite */
11312#endif
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020011313 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
11314 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
11315 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
11316 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
11317 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
11318 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
11319 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
11320 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
11321 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
11322 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
11323 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
11324 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
11325 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
11326 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
11327 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
11328 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
11329 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
11330 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
Olivier Houchardc7566002018-11-20 23:33:50 +010011331 { "npn", srv_parse_npn, 1, 1 }, /* Set NPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020011332 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
11333 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
11334 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
11335 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
11336 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
11337 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
11338 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
11339 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
11340 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
11341 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +020011342 { NULL, NULL, 0, 0 },
11343}};
11344
Willy Tarreau0108d902018-11-25 19:14:37 +010011345INITCALL1(STG_REGISTER, srv_register_keywords, &srv_kws);
11346
Emeric Brun2c86cbf2014-10-30 15:56:50 +010011347static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +010011348 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
11349 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +010011350 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +010011351 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
11352 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +010011353#ifndef OPENSSL_NO_DH
11354 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
11355#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000011356 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011357#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000011358 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011359#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +010011360 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
11361#ifndef OPENSSL_NO_DH
11362 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
11363#endif
11364 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
11365 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
11366 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
11367 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +010011368 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +010011369 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
11370 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Emmanuel Hocdet839af572019-05-14 16:27:35 +020011371#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020011372 { CFG_GLOBAL, "ssl-default-bind-ciphersuites", ssl_parse_global_ciphersuites },
11373 { CFG_GLOBAL, "ssl-default-server-ciphersuites", ssl_parse_global_ciphersuites },
11374#endif
Emeric Brun2c86cbf2014-10-30 15:56:50 +010011375 { 0, NULL, NULL },
11376}};
11377
Willy Tarreau0108d902018-11-25 19:14:37 +010011378INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws);
11379
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010011380/* Note: must not be declared <const> as its list will be overwritten */
11381static struct sample_conv_kw_list conv_kws = {ILH, {
Willy Tarreau86a394e2019-05-09 14:15:32 +020011382#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010011383 { "aes_gcm_dec", sample_conv_aes_gcm_dec, ARG4(4,SINT,STR,STR,STR), check_aes_gcm, SMP_T_BIN, SMP_T_BIN },
11384#endif
11385 { NULL, NULL, 0, 0, 0 },
11386}};
11387
11388INITCALL1(STG_REGISTER, sample_register_convs, &conv_kws);
11389
Willy Tarreauf7bc57c2012-10-03 00:19:48 +020011390/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +010011391static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +020011392 .snd_buf = ssl_sock_from_buf,
11393 .rcv_buf = ssl_sock_to_buf,
Olivier Houcharddf357842019-03-21 16:30:07 +010011394 .subscribe = ssl_subscribe,
11395 .unsubscribe = ssl_unsubscribe,
Olivier Houchard5149b592019-05-23 17:47:36 +020011396 .remove_xprt = ssl_remove_xprt,
Olivier Houchard2e055482019-05-27 19:50:12 +020011397 .add_xprt = ssl_add_xprt,
Emeric Brun46591952012-05-18 15:47:34 +020011398 .rcv_pipe = NULL,
11399 .snd_pipe = NULL,
11400 .shutr = NULL,
11401 .shutw = ssl_sock_shutw,
11402 .close = ssl_sock_close,
11403 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +010011404 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +010011405 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +010011406 .prepare_srv = ssl_sock_prepare_srv_ctx,
11407 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +010011408 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +010011409 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +020011410};
11411
Olivier Houchardccaa7de2017-10-02 11:51:03 +020011412enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
11413 struct session *sess, struct stream *s, int flags)
11414{
11415 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +010011416 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +020011417
11418 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +010011419 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +020011420
Olivier Houchard6fa63d92017-11-27 18:41:32 +010011421 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +020011422 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +010011423 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +020011424 s->req.flags |= CF_READ_NULL;
11425 return ACT_RET_YIELD;
11426 }
11427 }
11428 return (ACT_RET_CONT);
11429}
11430
11431static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
11432{
11433 rule->action_ptr = ssl_action_wait_for_hs;
11434
11435 return ACT_RET_PRS_OK;
11436}
11437
11438static struct action_kw_list http_req_actions = {ILH, {
11439 { "wait-for-handshake", ssl_parse_wait_for_hs },
11440 { /* END */ }
11441}};
11442
Willy Tarreau0108d902018-11-25 19:14:37 +010011443INITCALL1(STG_REGISTER, http_req_keywords_register, &http_req_actions);
11444
Willy Tarreau5db847a2019-05-09 14:13:35 +020011445#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010011446
11447static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
11448{
11449 if (ptr) {
11450 chunk_destroy(ptr);
11451 free(ptr);
11452 }
11453}
11454
11455#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +010011456static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
11457{
Willy Tarreaubafbe012017-11-24 17:34:44 +010011458 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +010011459}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010011460
Emeric Brun46591952012-05-18 15:47:34 +020011461__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +020011462static void __ssl_sock_init(void)
11463{
Ilya Shipitsin0590f442019-05-25 19:30:50 +050011464#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +020011465 STACK_OF(SSL_COMP)* cm;
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050011466 int n;
Ilya Shipitsin0590f442019-05-25 19:30:50 +050011467#endif
Emeric Brun46591952012-05-18 15:47:34 +020011468
Willy Tarreauef934602016-12-22 23:12:01 +010011469 if (global_ssl.listen_default_ciphers)
11470 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
11471 if (global_ssl.connect_default_ciphers)
11472 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +020011473#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020011474 if (global_ssl.listen_default_ciphersuites)
11475 global_ssl.listen_default_ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
11476 if (global_ssl.connect_default_ciphersuites)
11477 global_ssl.connect_default_ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
11478#endif
Willy Tarreau610f04b2014-02-13 11:36:41 +010011479
Willy Tarreau13e14102016-12-22 20:25:26 +010011480 xprt_register(XPRT_SSL, &ssl_sock);
Willy Tarreau9a1ab082019-05-09 13:26:41 +020011481#if HA_OPENSSL_VERSION_NUMBER < 0x10100000L
Emeric Brun46591952012-05-18 15:47:34 +020011482 SSL_library_init();
Rosen Penev68185952018-12-14 08:47:02 -080011483#endif
Ilya Shipitsin0590f442019-05-25 19:30:50 +050011484#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +020011485 cm = SSL_COMP_get_compression_methods();
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050011486 n = sk_SSL_COMP_num(cm);
11487 while (n--) {
11488 (void) sk_SSL_COMP_pop(cm);
11489 }
Ilya Shipitsin0590f442019-05-25 19:30:50 +050011490#endif
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050011491
Willy Tarreau5db847a2019-05-09 14:13:35 +020011492#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Emeric Brun821bb9b2017-06-15 16:37:39 +020011493 ssl_locking_init();
11494#endif
Willy Tarreau5db847a2019-05-09 14:13:35 +020011495#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010011496 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
11497#endif
Thierry FOURNIER28962c92018-06-17 21:37:05 +020011498 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +020011499 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011500#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000011501 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000011502 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011503#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +010011504#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
11505 hap_register_post_check(tlskeys_finalize_config);
11506#endif
Willy Tarreau80713382018-11-26 10:19:54 +010011507
11508 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
11509 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
11510
11511#ifndef OPENSSL_NO_DH
11512 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
11513 hap_register_post_deinit(ssl_free_dh);
11514#endif
11515#ifndef OPENSSL_NO_ENGINE
11516 hap_register_post_deinit(ssl_free_engines);
11517#endif
11518 /* Load SSL string for the verbose & debug mode. */
11519 ERR_load_SSL_strings();
Olivier Houcharda8955d52019-04-07 22:00:38 +020011520 ha_meth = BIO_meth_new(0x666, "ha methods");
11521 BIO_meth_set_write(ha_meth, ha_ssl_write);
11522 BIO_meth_set_read(ha_meth, ha_ssl_read);
11523 BIO_meth_set_ctrl(ha_meth, ha_ssl_ctrl);
11524 BIO_meth_set_create(ha_meth, ha_ssl_new);
11525 BIO_meth_set_destroy(ha_meth, ha_ssl_free);
11526 BIO_meth_set_puts(ha_meth, ha_ssl_puts);
11527 BIO_meth_set_gets(ha_meth, ha_ssl_gets);
William Lallemand150bfa82019-09-19 17:12:49 +020011528
11529 HA_SPIN_INIT(&ckch_lock);
Willy Tarreau80713382018-11-26 10:19:54 +010011530}
Willy Tarreaud92aa5c2015-01-15 21:34:39 +010011531
Willy Tarreau80713382018-11-26 10:19:54 +010011532/* Compute and register the version string */
11533static void ssl_register_build_options()
11534{
11535 char *ptr = NULL;
11536 int i;
11537
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011538 memprintf(&ptr, "Built with OpenSSL version : "
11539#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010011540 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011541#else /* OPENSSL_IS_BORINGSSL */
11542 OPENSSL_VERSION_TEXT
11543 "\nRunning on OpenSSL version : %s%s",
Rosen Penev68185952018-12-14 08:47:02 -080011544 OpenSSL_version(OPENSSL_VERSION),
Willy Tarreau1d158ab2019-05-09 13:41:45 +020011545 ((OPENSSL_VERSION_NUMBER ^ OpenSSL_version_num()) >> 8) ? " (VERSIONS DIFFER!)" : "");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011546#endif
11547 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
Willy Tarreau9a1ab082019-05-09 13:26:41 +020011548#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011549 "no (library version too old)"
11550#elif defined(OPENSSL_NO_TLSEXT)
11551 "no (disabled via OPENSSL_NO_TLSEXT)"
11552#else
11553 "yes"
11554#endif
11555 "", ptr);
11556
11557 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
11558#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
11559 "yes"
11560#else
11561#ifdef OPENSSL_NO_TLSEXT
11562 "no (because of OPENSSL_NO_TLSEXT)"
11563#else
11564 "no (version might be too old, 0.9.8f min needed)"
11565#endif
11566#endif
11567 "", ptr);
11568
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +020011569 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
11570 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
11571 if (methodVersions[i].option)
11572 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010011573
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011574 hap_register_build_opts(ptr, 1);
Willy Tarreau80713382018-11-26 10:19:54 +010011575}
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011576
Willy Tarreau80713382018-11-26 10:19:54 +010011577INITCALL0(STG_REGISTER, ssl_register_build_options);
Remi Gacogne4f902b82015-05-28 16:23:00 +020011578
Emeric Brun46591952012-05-18 15:47:34 +020011579
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011580#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000011581void ssl_free_engines(void) {
11582 struct ssl_engine_list *wl, *wlb;
11583 /* free up engine list */
11584 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
11585 ENGINE_finish(wl->e);
11586 ENGINE_free(wl->e);
11587 LIST_DEL(&wl->list);
11588 free(wl);
11589 }
11590}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011591#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +020011592
Remi Gacogned3a23c32015-05-28 16:39:47 +020011593#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +000011594void ssl_free_dh(void) {
11595 if (local_dh_1024) {
11596 DH_free(local_dh_1024);
11597 local_dh_1024 = NULL;
11598 }
11599 if (local_dh_2048) {
11600 DH_free(local_dh_2048);
11601 local_dh_2048 = NULL;
11602 }
11603 if (local_dh_4096) {
11604 DH_free(local_dh_4096);
11605 local_dh_4096 = NULL;
11606 }
Remi Gacogne47783ef2015-05-29 15:53:22 +020011607 if (global_dh) {
11608 DH_free(global_dh);
11609 global_dh = NULL;
11610 }
Grant Zhang872f9c22017-01-21 01:10:18 +000011611}
11612#endif
11613
11614__attribute__((destructor))
11615static void __ssl_sock_deinit(void)
11616{
11617#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +020011618 if (ssl_ctx_lru_tree) {
11619 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +010011620 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +020011621 }
Remi Gacogned3a23c32015-05-28 16:39:47 +020011622#endif
11623
Willy Tarreau5db847a2019-05-09 14:13:35 +020011624#if (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020011625 ERR_remove_state(0);
11626 ERR_free_strings();
11627
11628 EVP_cleanup();
Rosen Penev68185952018-12-14 08:47:02 -080011629#endif
Remi Gacogned3a23c32015-05-28 16:39:47 +020011630
Willy Tarreau5db847a2019-05-09 14:13:35 +020011631#if (HA_OPENSSL_VERSION_NUMBER >= 0x00907000L) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020011632 CRYPTO_cleanup_all_ex_data();
11633#endif
Olivier Houcharda8955d52019-04-07 22:00:38 +020011634 BIO_meth_free(ha_meth);
Remi Gacogned3a23c32015-05-28 16:39:47 +020011635}
11636
11637
Emeric Brun46591952012-05-18 15:47:34 +020011638/*
11639 * Local variables:
11640 * c-indent-level: 8
11641 * c-basic-offset: 8
11642 * End:
11643 */