blob: 9153843be82d6ee268036251d5ce246e91874279 [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
26#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020027#include <ctype.h>
28#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020029#include <errno.h>
30#include <fcntl.h>
31#include <stdio.h>
32#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020033#include <string.h>
34#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020035
36#include <sys/socket.h>
37#include <sys/stat.h>
38#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020039#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020040#include <netinet/tcp.h>
41
Rosen Penev68185952018-12-14 08:47:02 -080042#include <openssl/bn.h>
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +020043#include <openssl/crypto.h>
Emeric Brun46591952012-05-18 15:47:34 +020044#include <openssl/ssl.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020045#include <openssl/x509.h>
46#include <openssl/x509v3.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020047#include <openssl/err.h>
Thierry Fournier383085f2013-01-24 14:15:43 +010048#include <openssl/rand.h>
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +020049#include <openssl/hmac.h>
Lukas Tribuse4e30f72014-12-09 16:32:51 +010050#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +020051#include <openssl/ocsp.h>
52#endif
Remi Gacogne4f902b82015-05-28 16:23:00 +020053#ifndef OPENSSL_NO_DH
54#include <openssl/dh.h>
55#endif
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020056#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000057#include <openssl/engine.h>
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020058#endif
Emeric Brun46591952012-05-18 15:47:34 +020059
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +020060#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000061#include <openssl/async.h>
62#endif
63
Rosen Penev68185952018-12-14 08:47:02 -080064#ifndef OPENSSL_VERSION
65#define OPENSSL_VERSION SSLEAY_VERSION
66#define OpenSSL_version(x) SSLeay_version(x)
67#define OpenSSL_version_num SSLeay
68#endif
69
70#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || (LIBRESSL_VERSION_NUMBER < 0x20700000L)
71#define X509_getm_notBefore X509_get_notBefore
72#define X509_getm_notAfter X509_get_notAfter
73#endif
74
Christopher Faulet31af49d2015-06-09 17:29:50 +020075#include <import/lru.h>
76#include <import/xxhash.h>
77
Emeric Brun46591952012-05-18 15:47:34 +020078#include <common/buffer.h>
Willy Tarreau843b7cb2018-07-13 10:54:26 +020079#include <common/chunk.h>
Emeric Brun46591952012-05-18 15:47:34 +020080#include <common/compat.h>
81#include <common/config.h>
82#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020083#include <common/errors.h>
Willy Tarreau0108d902018-11-25 19:14:37 +010084#include <common/initcall.h>
Emeric Brun46591952012-05-18 15:47:34 +020085#include <common/standard.h>
86#include <common/ticks.h>
87#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010088#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010089#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020090
Emeric Brunfc0421f2012-09-07 17:30:07 +020091#include <ebsttree.h>
92
William Lallemand32af2032016-10-29 18:09:35 +020093#include <types/applet.h>
94#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020095#include <types/global.h>
96#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +020097#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020098
Willy Tarreau7875d092012-09-10 08:20:03 +020099#include <proto/acl.h>
100#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +0200101#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +0200102#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +0200103#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +0200104#include <proto/fd.h>
105#include <proto/freq_ctr.h>
106#include <proto/frontend.h>
Willy Tarreau61c112a2018-10-02 16:43:32 +0200107#include <proto/http_rules.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +0200108#include <proto/listener.h>
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200109#include <proto/openssl-compat.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +0100110#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +0200111#include <proto/proto_tcp.h>
Olivier Houchardccaa7de2017-10-02 11:51:03 +0200112#include <proto/proto_http.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +0200113#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +0200114#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +0200115#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +0200116#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +0200117#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +0200118#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +0200119#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +0200120#include <proto/task.h>
121
Willy Tarreau518cedd2014-02-17 15:43:01 +0100122/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200123#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100124#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100125#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200126#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
127
Emeric Brunf282a812012-09-21 15:27:54 +0200128/* bits 0xFFFF0000 are reserved to store verify errors */
129
130/* Verify errors macros */
131#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
132#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
133#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
134
135#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
136#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
137#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200138
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100139/* Supported hash function for TLS tickets */
140#ifdef OPENSSL_NO_SHA256
141#define HASH_FUNCT EVP_sha1
142#else
143#define HASH_FUNCT EVP_sha256
144#endif /* OPENSSL_NO_SHA256 */
145
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200146/* ssl_methods flags for ssl options */
147#define MC_SSL_O_ALL 0x0000
148#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
149#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
150#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
151#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200152#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200153
154/* ssl_methods versions */
155enum {
156 CONF_TLSV_NONE = 0,
157 CONF_TLSV_MIN = 1,
158 CONF_SSLV3 = 1,
159 CONF_TLSV10 = 2,
160 CONF_TLSV11 = 3,
161 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200162 CONF_TLSV13 = 5,
163 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200164};
165
Emeric Brun850efd52014-01-29 12:24:34 +0100166/* server and bind verify method, it uses a global value as default */
167enum {
168 SSL_SOCK_VERIFY_DEFAULT = 0,
169 SSL_SOCK_VERIFY_REQUIRED = 1,
170 SSL_SOCK_VERIFY_OPTIONAL = 2,
171 SSL_SOCK_VERIFY_NONE = 3,
172};
173
William Lallemand3f85c9a2017-10-09 16:30:50 +0200174
Willy Tarreau71b734c2014-01-28 15:19:44 +0100175int sslconns = 0;
176int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100177static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100178int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200179
Willy Tarreauef934602016-12-22 23:12:01 +0100180static struct {
181 char *crt_base; /* base directory path for certificates */
182 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000183 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100184
185 char *listen_default_ciphers;
186 char *connect_default_ciphers;
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200187#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
188 char *listen_default_ciphersuites;
189 char *connect_default_ciphersuites;
190#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100191 int listen_default_ssloptions;
192 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200193 struct tls_version_filter listen_default_sslmethods;
194 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100195
196 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
197 unsigned int life_time; /* SSL session lifetime in seconds */
198 unsigned int max_record; /* SSL max record size */
199 unsigned int default_dh_param; /* SSL maximum DH parameter size */
200 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100201 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100202} global_ssl = {
203#ifdef LISTEN_DEFAULT_CIPHERS
204 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
205#endif
206#ifdef CONNECT_DEFAULT_CIPHERS
207 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
208#endif
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200209#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
210#ifdef LISTEN_DEFAULT_CIPHERSUITES
211 .listen_default_ciphersuites = LISTEN_DEFAULT_CIPHERSUITES,
212#endif
213#ifdef CONNECT_DEFAULT_CIPHERSUITES
214 .connect_default_ciphersuites = CONNECT_DEFAULT_CIPHERSUITES,
215#endif
216#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100217 .listen_default_ssloptions = BC_SSL_O_NONE,
218 .connect_default_ssloptions = SRV_SSL_O_NONE,
219
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200220 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
221 .listen_default_sslmethods.min = CONF_TLSV_NONE,
222 .listen_default_sslmethods.max = CONF_TLSV_NONE,
223 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
224 .connect_default_sslmethods.min = CONF_TLSV_NONE,
225 .connect_default_sslmethods.max = CONF_TLSV_NONE,
226
Willy Tarreauef934602016-12-22 23:12:01 +0100227#ifdef DEFAULT_SSL_MAX_RECORD
228 .max_record = DEFAULT_SSL_MAX_RECORD,
229#endif
230 .default_dh_param = SSL_DEFAULT_DH_PARAM,
231 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100232 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100233};
234
Rosen Penev68185952018-12-14 08:47:02 -0800235#if defined(USE_THREAD) && ((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER))
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100236
Emeric Brun821bb9b2017-06-15 16:37:39 +0200237static HA_RWLOCK_T *ssl_rwlocks;
238
239
240unsigned long ssl_id_function(void)
241{
242 return (unsigned long)tid;
243}
244
245void ssl_locking_function(int mode, int n, const char * file, int line)
246{
247 if (mode & CRYPTO_LOCK) {
248 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100249 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200250 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100251 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200252 }
253 else {
254 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100255 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200256 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100257 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200258 }
259}
260
261static int ssl_locking_init(void)
262{
263 int i;
264
265 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
266 if (!ssl_rwlocks)
267 return -1;
268
269 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100270 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200271
272 CRYPTO_set_id_callback(ssl_id_function);
273 CRYPTO_set_locking_callback(ssl_locking_function);
274
275 return 0;
276}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100277
Emeric Brun821bb9b2017-06-15 16:37:39 +0200278#endif
279
280
281
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100282/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100283struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100284 unsigned long long int xxh64;
285 unsigned char ciphersuite_len;
286 char ciphersuite[0];
287};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100288struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100289static int ssl_capture_ptr_index = -1;
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200290static int ssl_app_data_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100291
Emmanuel Hocdet96b78342017-10-31 15:46:07 +0100292static int ssl_pkey_info_index = -1;
293
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200294#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
295struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
296#endif
297
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200298#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000299static unsigned int openssl_engines_initialized;
300struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
301struct ssl_engine_list {
302 struct list list;
303 ENGINE *e;
304};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200305#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000306
Remi Gacogne8de54152014-07-15 11:36:40 +0200307#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200308static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200309static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200310static DH *local_dh_1024 = NULL;
311static DH *local_dh_2048 = NULL;
312static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100313static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200314#endif /* OPENSSL_NO_DH */
315
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100316#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200317/* X509V3 Extensions that will be added on generated certificates */
318#define X509V3_EXT_SIZE 5
319static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
320 "basicConstraints",
321 "nsComment",
322 "subjectKeyIdentifier",
323 "authorityKeyIdentifier",
324 "keyUsage",
325};
326static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
327 "CA:FALSE",
328 "\"OpenSSL Generated Certificate\"",
329 "hash",
330 "keyid,issuer:always",
331 "nonRepudiation,digitalSignature,keyEncipherment"
332};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200333/* LRU cache to store generated certificate */
334static struct lru64_head *ssl_ctx_lru_tree = NULL;
335static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200336static unsigned int ssl_ctx_serial;
Willy Tarreau86abe442018-11-25 20:12:18 +0100337__decl_rwlock(ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200338
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200339#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
340
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100341static struct ssl_bind_kw ssl_bind_kws[];
342
yanbzhube2774d2015-12-10 15:07:30 -0500343#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
344/* The order here matters for picking a default context,
345 * keep the most common keytype at the bottom of the list
346 */
347const char *SSL_SOCK_KEYTYPE_NAMES[] = {
348 "dsa",
349 "ecdsa",
350 "rsa"
351};
352#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100353#else
354#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500355#endif
356
William Lallemandc3cd35f2017-11-28 11:04:43 +0100357static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100358static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
359
360#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
361
362#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
363 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
364
365#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
366 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200367
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100368/*
369 * This function gives the detail of the SSL error. It is used only
370 * if the debug mode and the verbose mode are activated. It dump all
371 * the SSL error until the stack was empty.
372 */
373static forceinline void ssl_sock_dump_errors(struct connection *conn)
374{
375 unsigned long ret;
376
377 if (unlikely(global.mode & MODE_DEBUG)) {
378 while(1) {
379 ret = ERR_get_error();
380 if (ret == 0)
381 return;
382 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200383 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100384 ERR_func_error_string(ret), ERR_reason_error_string(ret));
385 }
386 }
387}
388
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200389#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
yanbzhube2774d2015-12-10 15:07:30 -0500390/*
391 * struct alignment works here such that the key.key is the same as key_data
392 * Do not change the placement of key_data
393 */
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200394struct certificate_ocsp {
395 struct ebmb_node key;
396 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
Willy Tarreau83061a82018-07-13 11:56:34 +0200397 struct buffer response;
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200398 long expire;
399};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200400
yanbzhube2774d2015-12-10 15:07:30 -0500401struct ocsp_cbk_arg {
402 int is_single;
403 int single_kt;
404 union {
405 struct certificate_ocsp *s_ocsp;
406 /*
407 * m_ocsp will have multiple entries dependent on key type
408 * Entry 0 - DSA
409 * Entry 1 - ECDSA
410 * Entry 2 - RSA
411 */
412 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
413 };
414};
415
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200416#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000417static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
418{
419 int err_code = ERR_ABORT;
420 ENGINE *engine;
421 struct ssl_engine_list *el;
422
423 /* grab the structural reference to the engine */
424 engine = ENGINE_by_id(engine_id);
425 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100426 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000427 goto fail_get;
428 }
429
430 if (!ENGINE_init(engine)) {
431 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100432 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000433 goto fail_init;
434 }
435
436 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100437 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000438 goto fail_set_method;
439 }
440
441 el = calloc(1, sizeof(*el));
442 el->e = engine;
443 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100444 nb_engines++;
445 if (global_ssl.async)
446 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000447 return 0;
448
449fail_set_method:
450 /* release the functional reference from ENGINE_init() */
451 ENGINE_finish(engine);
452
453fail_init:
454 /* release the structural reference from ENGINE_by_id() */
455 ENGINE_free(engine);
456
457fail_get:
458 return err_code;
459}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200460#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000461
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +0200462#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200463/*
464 * openssl async fd handler
465 */
466static void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000467{
468 struct connection *conn = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000469
Emeric Brun3854e012017-05-17 20:42:48 +0200470 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000471 * to poll this fd until it is requested
472 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000473 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000474 fd_cant_recv(fd);
475
476 /* crypto engine is available, let's notify the associated
477 * connection that it can pursue its processing.
478 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000479 __conn_sock_want_recv(conn);
480 __conn_sock_want_send(conn);
481 conn_update_sock_polling(conn);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000482}
483
Emeric Brun3854e012017-05-17 20:42:48 +0200484/*
485 * openssl async delayed SSL_free handler
486 */
487static void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000488{
489 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200490 OSSL_ASYNC_FD all_fd[32];
491 size_t num_all_fds = 0;
492 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000493
Emeric Brun3854e012017-05-17 20:42:48 +0200494 /* We suppose that the async job for a same SSL *
495 * are serialized. So if we are awake it is
496 * because the running job has just finished
497 * and we can remove all async fds safely
498 */
499 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
500 if (num_all_fds > 32) {
501 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
502 return;
503 }
504
505 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
506 for (i=0 ; i < num_all_fds ; i++)
507 fd_remove(all_fd[i]);
508
509 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000510 SSL_free(ssl);
Emeric Brun7ad43e72018-10-10 14:51:02 +0200511 HA_ATOMIC_SUB(&sslconns, 1);
Christopher Faulet8d8aa0d2017-05-30 15:36:50 +0200512 HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000513}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000514/*
Emeric Brun3854e012017-05-17 20:42:48 +0200515 * function used to manage a returned SSL_ERROR_WANT_ASYNC
516 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000517 */
Emeric Brun3854e012017-05-17 20:42:48 +0200518static void inline ssl_async_process_fds(struct connection *conn, SSL *ssl)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000519{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100520 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200521 OSSL_ASYNC_FD del_fd[32];
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000522 size_t num_add_fds = 0;
523 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200524 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000525
526 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
527 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200528 if (num_add_fds > 32 || num_del_fds > 32) {
529 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000530 return;
531 }
532
Emeric Brun3854e012017-05-17 20:42:48 +0200533 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000534
Emeric Brun3854e012017-05-17 20:42:48 +0200535 /* We remove unused fds from the fdtab */
536 for (i=0 ; i < num_del_fds ; i++)
537 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000538
Emeric Brun3854e012017-05-17 20:42:48 +0200539 /* We add new fds to the fdtab */
540 for (i=0 ; i < num_add_fds ; i++) {
Willy Tarreaua9786b62018-01-25 07:22:13 +0100541 fd_insert(add_fd[i], conn, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000542 }
543
Emeric Brun3854e012017-05-17 20:42:48 +0200544 num_add_fds = 0;
545 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
546 if (num_add_fds > 32) {
547 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
548 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000549 }
Emeric Brun3854e012017-05-17 20:42:48 +0200550
551 /* We activate the polling for all known async fds */
552 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000553 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200554 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000555 /* To ensure that the fd cache won't be used
556 * We'll prefer to catch a real RD event
557 * because handling an EAGAIN on this fd will
558 * result in a context switch and also
559 * some engines uses a fd in blocking mode.
560 */
561 fd_cant_recv(add_fd[i]);
562 }
Emeric Brun3854e012017-05-17 20:42:48 +0200563
564 /* We must also prevent the conn_handler
565 * to be called until a read event was
566 * polled on an async fd
567 */
568 __conn_sock_stop_both(conn);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000569}
570#endif
571
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200572/*
573 * This function returns the number of seconds elapsed
574 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
575 * date presented un ASN1_GENERALIZEDTIME.
576 *
577 * In parsing error case, it returns -1.
578 */
579static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
580{
581 long epoch;
582 char *p, *end;
583 const unsigned short month_offset[12] = {
584 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
585 };
586 int year, month;
587
588 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
589
590 p = (char *)d->data;
591 end = p + d->length;
592
593 if (end - p < 4) return -1;
594 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
595 p += 4;
596 if (end - p < 2) return -1;
597 month = 10 * (p[0] - '0') + p[1] - '0';
598 if (month < 1 || month > 12) return -1;
599 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
600 We consider leap years and the current month (<marsh or not) */
601 epoch = ( ((year - 1970) * 365)
602 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
603 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
604 + month_offset[month-1]
605 ) * 24 * 60 * 60;
606 p += 2;
607 if (end - p < 2) return -1;
608 /* Add the number of seconds of completed days of current month */
609 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
610 p += 2;
611 if (end - p < 2) return -1;
612 /* Add the completed hours of the current day */
613 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
614 p += 2;
615 if (end - p < 2) return -1;
616 /* Add the completed minutes of the current hour */
617 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
618 p += 2;
619 if (p == end) return -1;
620 /* Test if there is available seconds */
621 if (p[0] < '0' || p[0] > '9')
622 goto nosec;
623 if (end - p < 2) return -1;
624 /* Add the seconds of the current minute */
625 epoch += 10 * (p[0] - '0') + p[1] - '0';
626 p += 2;
627 if (p == end) return -1;
628 /* Ignore seconds float part if present */
629 if (p[0] == '.') {
630 do {
631 if (++p == end) return -1;
632 } while (p[0] >= '0' && p[0] <= '9');
633 }
634
635nosec:
636 if (p[0] == 'Z') {
637 if (end - p != 1) return -1;
638 return epoch;
639 }
640 else if (p[0] == '+') {
641 if (end - p != 5) return -1;
642 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700643 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200644 }
645 else if (p[0] == '-') {
646 if (end - p != 5) return -1;
647 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700648 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200649 }
650
651 return -1;
652}
653
Emeric Brun1d3865b2014-06-20 15:37:32 +0200654static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200655
656/* This function starts to check if the OCSP response (in DER format) contained
657 * in chunk 'ocsp_response' is valid (else exits on error).
658 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
659 * contained in the OCSP Response and exits on error if no match.
660 * If it's a valid OCSP Response:
661 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
662 * pointed by 'ocsp'.
663 * If 'ocsp' is NULL, the function looks up into the OCSP response's
664 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
665 * from the response) and exits on error if not found. Finally, If an OCSP response is
666 * already present in the container, it will be overwritten.
667 *
668 * Note: OCSP response containing more than one OCSP Single response is not
669 * considered valid.
670 *
671 * Returns 0 on success, 1 in error case.
672 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200673static int ssl_sock_load_ocsp_response(struct buffer *ocsp_response,
674 struct certificate_ocsp *ocsp,
675 OCSP_CERTID *cid, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200676{
677 OCSP_RESPONSE *resp;
678 OCSP_BASICRESP *bs = NULL;
679 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200680 OCSP_CERTID *id;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200681 unsigned char *p = (unsigned char *) ocsp_response->area;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200682 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200683 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200684 int reason;
685 int ret = 1;
686
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200687 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p,
688 ocsp_response->data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200689 if (!resp) {
690 memprintf(err, "Unable to parse OCSP response");
691 goto out;
692 }
693
694 rc = OCSP_response_status(resp);
695 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
696 memprintf(err, "OCSP response status not successful");
697 goto out;
698 }
699
700 bs = OCSP_response_get1_basic(resp);
701 if (!bs) {
702 memprintf(err, "Failed to get basic response from OCSP Response");
703 goto out;
704 }
705
706 count_sr = OCSP_resp_count(bs);
707 if (count_sr > 1) {
708 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
709 goto out;
710 }
711
712 sr = OCSP_resp_get0(bs, 0);
713 if (!sr) {
714 memprintf(err, "Failed to get OCSP single response");
715 goto out;
716 }
717
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200718 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
719
Emeric Brun4147b2e2014-06-16 18:36:30 +0200720 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200721 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200722 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200723 goto out;
724 }
725
Emeric Brun13a6b482014-06-20 15:44:34 +0200726 if (!nextupd) {
727 memprintf(err, "OCSP single response: missing nextupdate");
728 goto out;
729 }
730
Emeric Brunc8b27b62014-06-19 14:16:17 +0200731 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200732 if (!rc) {
733 memprintf(err, "OCSP single response: no longer valid.");
734 goto out;
735 }
736
737 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200738 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200739 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
740 goto out;
741 }
742 }
743
744 if (!ocsp) {
745 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
746 unsigned char *p;
747
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200748 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200749 if (!rc) {
750 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
751 goto out;
752 }
753
754 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
755 memprintf(err, "OCSP single response: Certificate ID too long");
756 goto out;
757 }
758
759 p = key;
760 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200761 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200762 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
763 if (!ocsp) {
764 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
765 goto out;
766 }
767 }
768
769 /* According to comments on "chunk_dup", the
770 previous chunk buffer will be freed */
771 if (!chunk_dup(&ocsp->response, ocsp_response)) {
772 memprintf(err, "OCSP response: Memory allocation error");
773 goto out;
774 }
775
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200776 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
777
Emeric Brun4147b2e2014-06-16 18:36:30 +0200778 ret = 0;
779out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +0100780 ERR_clear_error();
781
Emeric Brun4147b2e2014-06-16 18:36:30 +0200782 if (bs)
783 OCSP_BASICRESP_free(bs);
784
785 if (resp)
786 OCSP_RESPONSE_free(resp);
787
788 return ret;
789}
790/*
791 * External function use to update the OCSP response in the OCSP response's
792 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
793 * to update in DER format.
794 *
795 * Returns 0 on success, 1 in error case.
796 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200797int ssl_sock_update_ocsp_response(struct buffer *ocsp_response, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200798{
799 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
800}
801
802/*
803 * This function load the OCSP Resonse in DER format contained in file at
804 * path 'ocsp_path' and call 'ssl_sock_load_ocsp_response'
805 *
806 * Returns 0 on success, 1 in error case.
807 */
808static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
809{
810 int fd = -1;
811 int r = 0;
812 int ret = 1;
813
814 fd = open(ocsp_path, O_RDONLY);
815 if (fd == -1) {
816 memprintf(err, "Error opening OCSP response file");
817 goto end;
818 }
819
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200820 trash.data = 0;
821 while (trash.data < trash.size) {
822 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200823 if (r < 0) {
824 if (errno == EINTR)
825 continue;
826
827 memprintf(err, "Error reading OCSP response from file");
828 goto end;
829 }
830 else if (r == 0) {
831 break;
832 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200833 trash.data += r;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200834 }
835
836 close(fd);
837 fd = -1;
838
839 ret = ssl_sock_load_ocsp_response(&trash, ocsp, cid, err);
840end:
841 if (fd != -1)
842 close(fd);
843
844 return ret;
845}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100846#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +0200847
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100848#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
849static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
850{
Christopher Faulet16f45c82018-02-16 11:23:49 +0100851 struct tls_keys_ref *ref;
Emeric Brun9e754772019-01-10 17:51:55 +0100852 union tls_sess_key *keys;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100853 struct connection *conn;
854 int head;
855 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100856 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100857
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200858 conn = SSL_get_ex_data(s, ssl_app_data_index);
Willy Tarreau07d94e42018-09-20 10:57:52 +0200859 ref = __objt_listener(conn->target)->bind_conf->keys_ref;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100860 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
861
862 keys = ref->tlskeys;
863 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100864
865 if (enc) {
866 memcpy(key_name, keys[head].name, 16);
867
868 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100869 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100870
Emeric Brun9e754772019-01-10 17:51:55 +0100871 if (ref->key_size_bits == 128) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100872
Emeric Brun9e754772019-01-10 17:51:55 +0100873 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].key_128.aes_key, iv))
874 goto end;
875
876 HMAC_Init_ex(hctx, keys[head].key_128.hmac_key, 16, HASH_FUNCT(), NULL);
877 ret = 1;
878 }
879 else if (ref->key_size_bits == 256 ) {
880
881 if(!EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[head].key_256.aes_key, iv))
882 goto end;
883
884 HMAC_Init_ex(hctx, keys[head].key_256.hmac_key, 32, HASH_FUNCT(), NULL);
885 ret = 1;
886 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100887 } else {
888 for (i = 0; i < TLS_TICKETS_NO; i++) {
889 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
890 goto found;
891 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100892 ret = 0;
893 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100894
Christopher Faulet16f45c82018-02-16 11:23:49 +0100895 found:
Emeric Brun9e754772019-01-10 17:51:55 +0100896 if (ref->key_size_bits == 128) {
897 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_128.hmac_key, 16, HASH_FUNCT(), NULL);
898 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_128.aes_key, iv))
899 goto end;
900 /* 2 for key renewal, 1 if current key is still valid */
901 ret = i ? 2 : 1;
902 }
903 else if (ref->key_size_bits == 256) {
904 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_256.hmac_key, 32, HASH_FUNCT(), NULL);
905 if(!EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_256.aes_key, iv))
906 goto end;
907 /* 2 for key renewal, 1 if current key is still valid */
908 ret = i ? 2 : 1;
909 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100910 }
Emeric Brun9e754772019-01-10 17:51:55 +0100911
Christopher Faulet16f45c82018-02-16 11:23:49 +0100912 end:
913 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
914 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200915}
916
917struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
918{
919 struct tls_keys_ref *ref;
920
921 list_for_each_entry(ref, &tlskeys_reference, list)
922 if (ref->filename && strcmp(filename, ref->filename) == 0)
923 return ref;
924 return NULL;
925}
926
927struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
928{
929 struct tls_keys_ref *ref;
930
931 list_for_each_entry(ref, &tlskeys_reference, list)
932 if (ref->unique_id == unique_id)
933 return ref;
934 return NULL;
935}
936
Emeric Brun9e754772019-01-10 17:51:55 +0100937/* Update the key into ref: if keysize doesnt
938 * match existing ones, this function returns -1
939 * else it returns 0 on success.
940 */
941int ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref,
Willy Tarreau83061a82018-07-13 11:56:34 +0200942 struct buffer *tlskey)
Christopher Faulet16f45c82018-02-16 11:23:49 +0100943{
Emeric Brun9e754772019-01-10 17:51:55 +0100944 if (ref->key_size_bits == 128) {
945 if (tlskey->data != sizeof(struct tls_sess_key_128))
946 return -1;
947 }
948 else if (ref->key_size_bits == 256) {
949 if (tlskey->data != sizeof(struct tls_sess_key_256))
950 return -1;
951 }
952 else
953 return -1;
954
Christopher Faulet16f45c82018-02-16 11:23:49 +0100955 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200956 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)),
957 tlskey->area, tlskey->data);
Christopher Faulet16f45c82018-02-16 11:23:49 +0100958 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
959 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Emeric Brun9e754772019-01-10 17:51:55 +0100960
961 return 0;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100962}
963
Willy Tarreau83061a82018-07-13 11:56:34 +0200964int ssl_sock_update_tlskey(char *filename, struct buffer *tlskey, char **err)
Christopher Faulet16f45c82018-02-16 11:23:49 +0100965{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200966 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
967
968 if(!ref) {
969 memprintf(err, "Unable to locate the referenced filename: %s", filename);
970 return 1;
971 }
Emeric Brun9e754772019-01-10 17:51:55 +0100972 if (ssl_sock_update_tlskey_ref(ref, tlskey) < 0) {
973 memprintf(err, "Invalid key size");
974 return 1;
975 }
976
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200977 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100978}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200979
980/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +0100981 * automatic ids. It's called just after the basic checks. It returns
982 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200983 */
Willy Tarreaud1c57502016-12-22 22:46:15 +0100984static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200985{
986 int i = 0;
987 struct tls_keys_ref *ref, *ref2, *ref3;
988 struct list tkr = LIST_HEAD_INIT(tkr);
989
990 list_for_each_entry(ref, &tlskeys_reference, list) {
991 if (ref->unique_id == -1) {
992 /* Look for the first free id. */
993 while (1) {
994 list_for_each_entry(ref2, &tlskeys_reference, list) {
995 if (ref2->unique_id == i) {
996 i++;
997 break;
998 }
999 }
1000 if (&ref2->list == &tlskeys_reference)
1001 break;
1002 }
1003
1004 /* Uses the unique id and increment it for the next entry. */
1005 ref->unique_id = i;
1006 i++;
1007 }
1008 }
1009
1010 /* This sort the reference list by id. */
1011 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
1012 LIST_DEL(&ref->list);
1013 list_for_each_entry(ref3, &tkr, list) {
1014 if (ref->unique_id < ref3->unique_id) {
1015 LIST_ADDQ(&ref3->list, &ref->list);
1016 break;
1017 }
1018 }
1019 if (&ref3->list == &tkr)
1020 LIST_ADDQ(&tkr, &ref->list);
1021 }
1022
1023 /* swap root */
1024 LIST_ADD(&tkr, &tlskeys_reference);
1025 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +01001026 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001027}
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001028#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
1029
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001030#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -05001031int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
1032{
1033 switch (evp_keytype) {
1034 case EVP_PKEY_RSA:
1035 return 2;
1036 case EVP_PKEY_DSA:
1037 return 0;
1038 case EVP_PKEY_EC:
1039 return 1;
1040 }
1041
1042 return -1;
1043}
1044
Emeric Brun4147b2e2014-06-16 18:36:30 +02001045/*
1046 * Callback used to set OCSP status extension content in server hello.
1047 */
1048int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
1049{
yanbzhube2774d2015-12-10 15:07:30 -05001050 struct certificate_ocsp *ocsp;
1051 struct ocsp_cbk_arg *ocsp_arg;
1052 char *ssl_buf;
1053 EVP_PKEY *ssl_pkey;
1054 int key_type;
1055 int index;
1056
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001057 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -05001058
1059 ssl_pkey = SSL_get_privatekey(ssl);
1060 if (!ssl_pkey)
1061 return SSL_TLSEXT_ERR_NOACK;
1062
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001063 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001064
1065 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
1066 ocsp = ocsp_arg->s_ocsp;
1067 else {
1068 /* For multiple certs per context, we have to find the correct OCSP response based on
1069 * the certificate type
1070 */
1071 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
1072
1073 if (index < 0)
1074 return SSL_TLSEXT_ERR_NOACK;
1075
1076 ocsp = ocsp_arg->m_ocsp[index];
1077
1078 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001079
1080 if (!ocsp ||
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001081 !ocsp->response.area ||
1082 !ocsp->response.data ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001083 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001084 return SSL_TLSEXT_ERR_NOACK;
1085
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001086 ssl_buf = OPENSSL_malloc(ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001087 if (!ssl_buf)
1088 return SSL_TLSEXT_ERR_NOACK;
1089
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001090 memcpy(ssl_buf, ocsp->response.area, ocsp->response.data);
1091 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001092
1093 return SSL_TLSEXT_ERR_OK;
1094}
1095
1096/*
1097 * This function enables the handling of OCSP status extension on 'ctx' if a
1098 * file name 'cert_path' suffixed using ".ocsp" is present.
1099 * To enable OCSP status extension, the issuer's certificate is mandatory.
1100 * It should be present in the certificate's extra chain builded from file
1101 * 'cert_path'. If not found, the issuer certificate is loaded from a file
1102 * named 'cert_path' suffixed using '.issuer'.
1103 *
1104 * In addition, ".ocsp" file content is loaded as a DER format of an OCSP
1105 * response. If file is empty or content is not a valid OCSP response,
1106 * OCSP status extension is enabled but OCSP response is ignored (a warning
1107 * is displayed).
1108 *
1109 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
Joseph Herlant017b3da2018-11-15 09:07:59 -08001110 * successfully enabled, or -1 in other error case.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001111 */
1112static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
1113{
1114
1115 BIO *in = NULL;
1116 X509 *x, *xi = NULL, *issuer = NULL;
1117 STACK_OF(X509) *chain = NULL;
1118 OCSP_CERTID *cid = NULL;
1119 SSL *ssl;
1120 char ocsp_path[MAXPATHLEN+1];
1121 int i, ret = -1;
1122 struct stat st;
1123 struct certificate_ocsp *ocsp = NULL, *iocsp;
1124 char *warn = NULL;
1125 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001126 pem_password_cb *passwd_cb;
1127 void *passwd_cb_userdata;
1128 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001129
1130 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1131
1132 if (stat(ocsp_path, &st))
1133 return 1;
1134
1135 ssl = SSL_new(ctx);
1136 if (!ssl)
1137 goto out;
1138
1139 x = SSL_get_certificate(ssl);
1140 if (!x)
1141 goto out;
1142
1143 /* Try to lookup for issuer in certificate extra chain */
1144#ifdef SSL_CTRL_GET_EXTRA_CHAIN_CERTS
1145 SSL_CTX_get_extra_chain_certs(ctx, &chain);
1146#else
1147 chain = ctx->extra_certs;
1148#endif
1149 for (i = 0; i < sk_X509_num(chain); i++) {
1150 issuer = sk_X509_value(chain, i);
1151 if (X509_check_issued(issuer, x) == X509_V_OK)
1152 break;
1153 else
1154 issuer = NULL;
1155 }
1156
1157 /* If not found try to load issuer from a suffixed file */
1158 if (!issuer) {
1159 char issuer_path[MAXPATHLEN+1];
1160
1161 in = BIO_new(BIO_s_file());
1162 if (!in)
1163 goto out;
1164
1165 snprintf(issuer_path, MAXPATHLEN+1, "%s.issuer", cert_path);
1166 if (BIO_read_filename(in, issuer_path) <= 0)
1167 goto out;
1168
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001169 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
1170 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
1171
1172 xi = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001173 if (!xi)
1174 goto out;
1175
1176 if (X509_check_issued(xi, x) != X509_V_OK)
1177 goto out;
1178
1179 issuer = xi;
1180 }
1181
1182 cid = OCSP_cert_to_id(0, x, issuer);
1183 if (!cid)
1184 goto out;
1185
1186 i = i2d_OCSP_CERTID(cid, NULL);
1187 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1188 goto out;
1189
Vincent Bernat02779b62016-04-03 13:48:43 +02001190 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001191 if (!ocsp)
1192 goto out;
1193
1194 p = ocsp->key_data;
1195 i2d_OCSP_CERTID(cid, &p);
1196
1197 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1198 if (iocsp == ocsp)
1199 ocsp = NULL;
1200
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001201#ifndef SSL_CTX_get_tlsext_status_cb
1202# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1203 *cb = (void (*) (void))ctx->tlsext_status_cb;
1204#endif
1205 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1206
1207 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001208 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001209 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001210
1211 cb_arg->is_single = 1;
1212 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001213
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001214 pkey = X509_get_pubkey(x);
1215 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1216 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001217
1218 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1219 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1220 } else {
1221 /*
1222 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1223 * Update that cb_arg with the new cert's staple
1224 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001225 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001226 struct certificate_ocsp *tmp_ocsp;
1227 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001228 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001229 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001230
1231#ifdef SSL_CTX_get_tlsext_status_arg
1232 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1233#else
1234 cb_arg = ctx->tlsext_status_arg;
1235#endif
yanbzhube2774d2015-12-10 15:07:30 -05001236
1237 /*
1238 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1239 * the order of operations below matter, take care when changing it
1240 */
1241 tmp_ocsp = cb_arg->s_ocsp;
1242 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1243 cb_arg->s_ocsp = NULL;
1244 cb_arg->m_ocsp[index] = tmp_ocsp;
1245 cb_arg->is_single = 0;
1246 cb_arg->single_kt = 0;
1247
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001248 pkey = X509_get_pubkey(x);
1249 key_type = EVP_PKEY_base_id(pkey);
1250 EVP_PKEY_free(pkey);
1251
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001252 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001253 if (index >= 0 && !cb_arg->m_ocsp[index])
1254 cb_arg->m_ocsp[index] = iocsp;
1255
1256 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001257
1258 ret = 0;
1259
1260 warn = NULL;
1261 if (ssl_sock_load_ocsp_response_from_file(ocsp_path, iocsp, cid, &warn)) {
1262 memprintf(&warn, "Loading '%s': %s. Content will be ignored", ocsp_path, warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001263 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001264 }
1265
1266out:
1267 if (ssl)
1268 SSL_free(ssl);
1269
1270 if (in)
1271 BIO_free(in);
1272
1273 if (xi)
1274 X509_free(xi);
1275
1276 if (cid)
1277 OCSP_CERTID_free(cid);
1278
1279 if (ocsp)
1280 free(ocsp);
1281
1282 if (warn)
1283 free(warn);
1284
1285
1286 return ret;
1287}
1288
1289#endif
1290
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001291#ifdef OPENSSL_IS_BORINGSSL
1292static int ssl_sock_set_ocsp_response_from_file(SSL_CTX *ctx, const char *cert_path)
1293{
1294 char ocsp_path[MAXPATHLEN+1];
1295 struct stat st;
1296 int fd = -1, r = 0;
1297
1298 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1299 if (stat(ocsp_path, &st))
1300 return 0;
1301
1302 fd = open(ocsp_path, O_RDONLY);
1303 if (fd == -1) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01001304 ha_warning("Error opening OCSP response file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001305 return -1;
1306 }
1307
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001308 trash.data = 0;
1309 while (trash.data < trash.size) {
1310 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001311 if (r < 0) {
1312 if (errno == EINTR)
1313 continue;
Christopher Faulet767a84b2017-11-24 16:50:31 +01001314 ha_warning("Error reading OCSP response from file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001315 close(fd);
1316 return -1;
1317 }
1318 else if (r == 0) {
1319 break;
1320 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001321 trash.data += r;
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001322 }
1323 close(fd);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001324 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *) trash.area,
1325 trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001326}
1327#endif
1328
Daniel Jakots54ffb912015-11-06 20:02:41 +01001329#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001330
1331#define CT_EXTENSION_TYPE 18
1332
1333static int sctl_ex_index = -1;
1334
1335/*
1336 * Try to parse Signed Certificate Timestamp List structure. This function
1337 * makes only basic test if the data seems like SCTL. No signature validation
1338 * is performed.
1339 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001340static int ssl_sock_parse_sctl(struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001341{
1342 int ret = 1;
1343 int len, pos, sct_len;
1344 unsigned char *data;
1345
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001346 if (sctl->data < 2)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001347 goto out;
1348
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001349 data = (unsigned char *) sctl->area;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001350 len = (data[0] << 8) | data[1];
1351
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001352 if (len + 2 != sctl->data)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001353 goto out;
1354
1355 data = data + 2;
1356 pos = 0;
1357 while (pos < len) {
1358 if (len - pos < 2)
1359 goto out;
1360
1361 sct_len = (data[pos] << 8) | data[pos + 1];
1362 if (pos + sct_len + 2 > len)
1363 goto out;
1364
1365 pos += sct_len + 2;
1366 }
1367
1368 ret = 0;
1369
1370out:
1371 return ret;
1372}
1373
Willy Tarreau83061a82018-07-13 11:56:34 +02001374static int ssl_sock_load_sctl_from_file(const char *sctl_path,
1375 struct buffer **sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001376{
1377 int fd = -1;
1378 int r = 0;
1379 int ret = 1;
1380
1381 *sctl = NULL;
1382
1383 fd = open(sctl_path, O_RDONLY);
1384 if (fd == -1)
1385 goto end;
1386
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001387 trash.data = 0;
1388 while (trash.data < trash.size) {
1389 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001390 if (r < 0) {
1391 if (errno == EINTR)
1392 continue;
1393
1394 goto end;
1395 }
1396 else if (r == 0) {
1397 break;
1398 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001399 trash.data += r;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001400 }
1401
1402 ret = ssl_sock_parse_sctl(&trash);
1403 if (ret)
1404 goto end;
1405
Vincent Bernat02779b62016-04-03 13:48:43 +02001406 *sctl = calloc(1, sizeof(**sctl));
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001407 if (!chunk_dup(*sctl, &trash)) {
1408 free(*sctl);
1409 *sctl = NULL;
1410 goto end;
1411 }
1412
1413end:
1414 if (fd != -1)
1415 close(fd);
1416
1417 return ret;
1418}
1419
1420int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1421{
Willy Tarreau83061a82018-07-13 11:56:34 +02001422 struct buffer *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001423
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001424 *out = (unsigned char *) sctl->area;
1425 *outlen = sctl->data;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001426
1427 return 1;
1428}
1429
1430int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1431{
1432 return 1;
1433}
1434
1435static int ssl_sock_load_sctl(SSL_CTX *ctx, const char *cert_path)
1436{
1437 char sctl_path[MAXPATHLEN+1];
1438 int ret = -1;
1439 struct stat st;
Willy Tarreau83061a82018-07-13 11:56:34 +02001440 struct buffer *sctl = NULL;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001441
1442 snprintf(sctl_path, MAXPATHLEN+1, "%s.sctl", cert_path);
1443
1444 if (stat(sctl_path, &st))
1445 return 1;
1446
1447 if (ssl_sock_load_sctl_from_file(sctl_path, &sctl))
1448 goto out;
1449
1450 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL)) {
1451 free(sctl);
1452 goto out;
1453 }
1454
1455 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1456
1457 ret = 0;
1458
1459out:
1460 return ret;
1461}
1462
1463#endif
1464
Emeric Brune1f38db2012-09-03 20:36:47 +02001465void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1466{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001467 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brund8b2bb52014-01-28 15:43:53 +01001468 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001469 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001470
1471 if (where & SSL_CB_HANDSHAKE_START) {
1472 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001473 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001474 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001475 conn->err_code = CO_ER_SSL_RENEG;
1476 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001477 }
Emeric Brund8b2bb52014-01-28 15:43:53 +01001478
1479 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
1480 if (!(conn->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
1481 /* Long certificate chains optimz
1482 If write and read bios are differents, we
1483 consider that the buffering was activated,
1484 so we rise the output buffer size from 4k
1485 to 16k */
1486 write_bio = SSL_get_wbio(ssl);
1487 if (write_bio != SSL_get_rbio(ssl)) {
1488 BIO_set_write_buffer_size(write_bio, 16384);
1489 conn->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
1490 }
1491 }
1492 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001493}
1494
Emeric Brune64aef12012-09-21 13:15:06 +02001495/* Callback is called for each certificate of the chain during a verify
1496 ok is set to 1 if preverify detect no error on current certificate.
1497 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001498int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001499{
1500 SSL *ssl;
1501 struct connection *conn;
Emeric Brun81c00f02012-09-21 14:31:21 +02001502 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001503
1504 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001505 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001506
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001507 conn->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001508
Emeric Brun81c00f02012-09-21 14:31:21 +02001509 if (ok) /* no errors */
1510 return ok;
1511
1512 depth = X509_STORE_CTX_get_error_depth(x_store);
1513 err = X509_STORE_CTX_get_error(x_store);
1514
1515 /* check if CA error needs to be ignored */
1516 if (depth > 0) {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001517 if (!SSL_SOCK_ST_TO_CA_ERROR(conn->xprt_st)) {
1518 conn->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1519 conn->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001520 }
1521
Willy Tarreau07d94e42018-09-20 10:57:52 +02001522 if (__objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001523 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001524 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001525 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001526 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001527
Willy Tarreau20879a02012-12-03 16:32:10 +01001528 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001529 return 0;
1530 }
1531
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001532 if (!SSL_SOCK_ST_TO_CRTERROR(conn->xprt_st))
1533 conn->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001534
Emeric Brun81c00f02012-09-21 14:31:21 +02001535 /* check if certificate error needs to be ignored */
Willy Tarreau07d94e42018-09-20 10:57:52 +02001536 if (__objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001537 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001538 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001539 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001540 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001541
Willy Tarreau20879a02012-12-03 16:32:10 +01001542 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001543 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001544}
1545
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001546static inline
1547void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001548 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001549{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001550 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001551 unsigned char *msg;
1552 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001553 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001554
1555 /* This function is called for "from client" and "to server"
1556 * connections. The combination of write_p == 0 and content_type == 22
Joseph Herlant017b3da2018-11-15 09:07:59 -08001557 * is only available during "from client" connection.
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001558 */
1559
1560 /* "write_p" is set to 0 is the bytes are received messages,
1561 * otherwise it is set to 1.
1562 */
1563 if (write_p != 0)
1564 return;
1565
1566 /* content_type contains the type of message received or sent
1567 * according with the SSL/TLS protocol spec. This message is
1568 * encoded with one byte. The value 256 (two bytes) is used
1569 * for designing the SSL/TLS record layer. According with the
1570 * rfc6101, the expected message (other than 256) are:
1571 * - change_cipher_spec(20)
1572 * - alert(21)
1573 * - handshake(22)
1574 * - application_data(23)
1575 * - (255)
1576 * We are interessed by the handshake and specially the client
1577 * hello.
1578 */
1579 if (content_type != 22)
1580 return;
1581
1582 /* The message length is at least 4 bytes, containing the
1583 * message type and the message length.
1584 */
1585 if (len < 4)
1586 return;
1587
1588 /* First byte of the handshake message id the type of
1589 * message. The konwn types are:
1590 * - hello_request(0)
1591 * - client_hello(1)
1592 * - server_hello(2)
1593 * - certificate(11)
1594 * - server_key_exchange (12)
1595 * - certificate_request(13)
1596 * - server_hello_done(14)
1597 * We are interested by the client hello.
1598 */
1599 msg = (unsigned char *)buf;
1600 if (msg[0] != 1)
1601 return;
1602
1603 /* Next three bytes are the length of the message. The total length
1604 * must be this decoded length + 4. If the length given as argument
1605 * is not the same, we abort the protocol dissector.
1606 */
1607 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1608 if (len < rec_len + 4)
1609 return;
1610 msg += 4;
1611 end = msg + rec_len;
1612 if (end < msg)
1613 return;
1614
1615 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1616 * for minor, the random, composed by 4 bytes for the unix time and
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001617 * 28 bytes for unix payload. So we jump 1 + 1 + 4 + 28.
1618 */
1619 msg += 1 + 1 + 4 + 28;
1620 if (msg > end)
1621 return;
1622
1623 /* Next, is session id:
1624 * if present, we have to jump by length + 1 for the size information
1625 * if not present, we have to jump by 1 only
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001626 */
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001627 if (msg[0] > 0)
1628 msg += msg[0];
1629 msg += 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001630 if (msg > end)
1631 return;
1632
1633 /* Next two bytes are the ciphersuite length. */
1634 if (msg + 2 > end)
1635 return;
1636 rec_len = (msg[0] << 8) + msg[1];
1637 msg += 2;
1638 if (msg + rec_len > end || msg + rec_len < msg)
1639 return;
1640
Willy Tarreaubafbe012017-11-24 17:34:44 +01001641 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001642 if (!capture)
1643 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001644 /* Compute the xxh64 of the ciphersuite. */
1645 capture->xxh64 = XXH64(msg, rec_len, 0);
1646
1647 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001648 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1649 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001650 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001651
1652 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001653}
1654
Emeric Brun29f037d2014-04-25 19:05:36 +02001655/* Callback is called for ssl protocol analyse */
1656void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1657{
Emeric Brun29f037d2014-04-25 19:05:36 +02001658#ifdef TLS1_RT_HEARTBEAT
1659 /* test heartbeat received (write_p is set to 0
1660 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001661 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001662 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreauf51c6982014-04-25 20:02:39 +02001663 const unsigned char *p = buf;
1664 unsigned int payload;
1665
Emeric Brun29f037d2014-04-25 19:05:36 +02001666 conn->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001667
1668 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1669 if (*p != TLS1_HB_REQUEST)
1670 return;
1671
Willy Tarreauaeed6722014-04-25 23:59:58 +02001672 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001673 goto kill_it;
1674
1675 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001676 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001677 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001678 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001679 /* We have a clear heartbleed attack (CVE-2014-0160), the
1680 * advertised payload is larger than the advertised packet
1681 * length, so we have garbage in the buffer between the
1682 * payload and the end of the buffer (p+len). We can't know
1683 * if the SSL stack is patched, and we don't know if we can
1684 * safely wipe out the area between p+3+len and payload.
1685 * So instead, we prevent the response from being sent by
1686 * setting the max_send_fragment to 0 and we report an SSL
1687 * error, which will kill this connection. It will be reported
1688 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001689 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1690 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001691 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001692 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1693 return;
1694 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001695#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001696 if (global_ssl.capture_cipherlist > 0)
1697 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001698}
1699
Bernard Spil13c53f82018-02-15 13:34:58 +01001700#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchardc7566002018-11-20 23:33:50 +01001701static int ssl_sock_srv_select_protos(SSL *s, unsigned char **out, unsigned char *outlen,
1702 const unsigned char *in, unsigned int inlen,
1703 void *arg)
1704{
1705 struct server *srv = arg;
1706
1707 if (SSL_select_next_proto(out, outlen, in, inlen, (unsigned char *)srv->ssl_ctx.npn_str,
1708 srv->ssl_ctx.npn_len) == OPENSSL_NPN_NEGOTIATED)
1709 return SSL_TLSEXT_ERR_OK;
1710 return SSL_TLSEXT_ERR_NOACK;
1711}
1712#endif
1713
1714#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001715/* This callback is used so that the server advertises the list of
1716 * negociable protocols for NPN.
1717 */
1718static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1719 unsigned int *len, void *arg)
1720{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001721 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001722
1723 *data = (const unsigned char *)conf->npn_str;
1724 *len = conf->npn_len;
1725 return SSL_TLSEXT_ERR_OK;
1726}
1727#endif
1728
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001729#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001730/* This callback is used so that the server advertises the list of
1731 * negociable protocols for ALPN.
1732 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001733static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1734 unsigned char *outlen,
1735 const unsigned char *server,
1736 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001737{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001738 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001739
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001740 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1741 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1742 return SSL_TLSEXT_ERR_NOACK;
1743 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001744 return SSL_TLSEXT_ERR_OK;
1745}
1746#endif
1747
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001748#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001749#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001750
Christopher Faulet30548802015-06-11 13:39:32 +02001751/* Create a X509 certificate with the specified servername and serial. This
1752 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001753static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001754ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001755{
Christopher Faulet7969a332015-10-09 11:15:03 +02001756 X509 *cacert = bind_conf->ca_sign_cert;
1757 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001758 SSL_CTX *ssl_ctx = NULL;
1759 X509 *newcrt = NULL;
1760 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001761 SSL *tmp_ssl = NULL;
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001762 CONF *ctmp = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001763 X509_NAME *name;
1764 const EVP_MD *digest;
1765 X509V3_CTX ctx;
1766 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001767 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001768
Christopher Faulet48a83322017-07-28 16:56:09 +02001769 /* Get the private key of the default certificate and use it */
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001770#if (OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined LIBRESSL_VERSION_NUMBER)
1771 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1772#else
1773 tmp_ssl = SSL_new(bind_conf->default_ctx);
1774 if (tmp_ssl)
1775 pkey = SSL_get_privatekey(tmp_ssl);
1776#endif
1777 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001778 goto mkcert_error;
1779
1780 /* Create the certificate */
1781 if (!(newcrt = X509_new()))
1782 goto mkcert_error;
1783
1784 /* Set version number for the certificate (X509v3) and the serial
1785 * number */
1786 if (X509_set_version(newcrt, 2L) != 1)
1787 goto mkcert_error;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001788 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001789
1790 /* Set duration for the certificate */
Rosen Penev68185952018-12-14 08:47:02 -08001791 if (!X509_gmtime_adj(X509_getm_notBefore(newcrt), (long)-60*60*24) ||
1792 !X509_gmtime_adj(X509_getm_notAfter(newcrt),(long)60*60*24*365))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001793 goto mkcert_error;
1794
1795 /* set public key in the certificate */
1796 if (X509_set_pubkey(newcrt, pkey) != 1)
1797 goto mkcert_error;
1798
1799 /* Set issuer name from the CA */
1800 if (!(name = X509_get_subject_name(cacert)))
1801 goto mkcert_error;
1802 if (X509_set_issuer_name(newcrt, name) != 1)
1803 goto mkcert_error;
1804
1805 /* Set the subject name using the same, but the CN */
1806 name = X509_NAME_dup(name);
1807 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
1808 (const unsigned char *)servername,
1809 -1, -1, 0) != 1) {
1810 X509_NAME_free(name);
1811 goto mkcert_error;
1812 }
1813 if (X509_set_subject_name(newcrt, name) != 1) {
1814 X509_NAME_free(name);
1815 goto mkcert_error;
1816 }
1817 X509_NAME_free(name);
1818
1819 /* Add x509v3 extensions as specified */
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001820 ctmp = NCONF_new(NULL);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001821 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
1822 for (i = 0; i < X509V3_EXT_SIZE; i++) {
1823 X509_EXTENSION *ext;
1824
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001825 if (!(ext = X509V3_EXT_nconf(ctmp, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001826 goto mkcert_error;
1827 if (!X509_add_ext(newcrt, ext, -1)) {
1828 X509_EXTENSION_free(ext);
1829 goto mkcert_error;
1830 }
1831 X509_EXTENSION_free(ext);
1832 }
1833
1834 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001835
1836 key_type = EVP_PKEY_base_id(capkey);
1837
1838 if (key_type == EVP_PKEY_DSA)
1839 digest = EVP_sha1();
1840 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001841 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001842 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02001843 digest = EVP_sha256();
1844 else {
Emmanuel Hocdet747ca612018-10-01 18:45:19 +02001845#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet7969a332015-10-09 11:15:03 +02001846 int nid;
1847
1848 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
1849 goto mkcert_error;
1850 if (!(digest = EVP_get_digestbynid(nid)))
1851 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02001852#else
1853 goto mkcert_error;
1854#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02001855 }
1856
Christopher Faulet31af49d2015-06-09 17:29:50 +02001857 if (!(X509_sign(newcrt, capkey, digest)))
1858 goto mkcert_error;
1859
1860 /* Create and set the new SSL_CTX */
1861 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
1862 goto mkcert_error;
1863 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1864 goto mkcert_error;
1865 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
1866 goto mkcert_error;
1867 if (!SSL_CTX_check_private_key(ssl_ctx))
1868 goto mkcert_error;
1869
1870 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02001871
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001872#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001873 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001874#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001875#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
1876 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001877 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001878 EC_KEY *ecc;
1879 int nid;
1880
1881 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
1882 goto end;
1883 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
1884 goto end;
1885 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
1886 EC_KEY_free(ecc);
1887 }
1888#endif
1889 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02001890 return ssl_ctx;
1891
1892 mkcert_error:
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001893 if (ctmp) NCONF_free(ctmp);
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001894 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001895 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
1896 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001897 return NULL;
1898}
1899
Christopher Faulet7969a332015-10-09 11:15:03 +02001900SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001901ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02001902{
Willy Tarreau07d94e42018-09-20 10:57:52 +02001903 struct bind_conf *bind_conf = __objt_listener(conn->target)->bind_conf;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001904
1905 return ssl_sock_do_create_cert(servername, bind_conf, conn->xprt_ctx);
Christopher Faulet7969a332015-10-09 11:15:03 +02001906}
1907
Christopher Faulet30548802015-06-11 13:39:32 +02001908/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02001909 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02001910SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02001911ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02001912{
1913 struct lru64 *lru = NULL;
1914
1915 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001916 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001917 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001918 if (lru && lru->domain) {
1919 if (ssl)
1920 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001921 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001922 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001923 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001924 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001925 }
1926 return NULL;
1927}
1928
Emeric Brun821bb9b2017-06-15 16:37:39 +02001929/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
1930 * function is not thread-safe, it should only be used to check if a certificate
1931 * exists in the lru cache (with no warranty it will not be removed by another
1932 * thread). It is kept for backward compatibility. */
1933SSL_CTX *
1934ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
1935{
1936 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
1937}
1938
Christopher Fauletd2cab922015-07-28 16:03:47 +02001939/* Set a certificate int the LRU cache used to store generated
1940 * certificate. Return 0 on success, otherwise -1 */
1941int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001942ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02001943{
1944 struct lru64 *lru = NULL;
1945
1946 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001947 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001948 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001949 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001950 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001951 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001952 }
Christopher Faulet30548802015-06-11 13:39:32 +02001953 if (lru->domain && lru->data)
1954 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02001955 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001956 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001957 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02001958 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02001959 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02001960}
1961
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001962/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02001963unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001964ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02001965{
1966 return XXH32(data, len, ssl_ctx_lru_seed);
1967}
1968
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001969/* Generate a cert and immediately assign it to the SSL session so that the cert's
1970 * refcount is maintained regardless of the cert's presence in the LRU cache.
1971 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001972static int
Christopher Faulet7969a332015-10-09 11:15:03 +02001973ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001974{
1975 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001976 SSL_CTX *ssl_ctx = NULL;
1977 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001978 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001979
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001980 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001981 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001982 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001983 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001984 if (lru && lru->domain)
1985 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02001986 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001987 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001988 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001989 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001990 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001991 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001992 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001993 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001994 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001995 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001996 SSL_set_SSL_CTX(ssl, ssl_ctx);
1997 /* No LRU cache, this CTX will be released as soon as the session dies */
1998 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001999 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002000 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002001 return 0;
2002}
2003static int
2004ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
2005{
2006 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002007 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002008
2009 conn_get_to_addr(conn);
2010 if (conn->flags & CO_FL_ADDR_TO_SET) {
2011 key = ssl_sock_generated_cert_key(&conn->addr.to, get_addr_len(&conn->addr.to));
Emeric Brun821bb9b2017-06-15 16:37:39 +02002012 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002013 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002014 }
2015 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002016}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002017#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002018
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002019
2020#ifndef SSL_OP_CIPHER_SERVER_PREFERENCE /* needs OpenSSL >= 0.9.7 */
2021#define SSL_OP_CIPHER_SERVER_PREFERENCE 0
2022#endif
2023
2024#ifndef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION /* needs OpenSSL >= 0.9.7 */
2025#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0
2026#define SSL_renegotiate_pending(arg) 0
2027#endif
2028#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 0.9.8 */
2029#define SSL_OP_SINGLE_ECDH_USE 0
2030#endif
2031#ifndef SSL_OP_NO_TICKET /* needs OpenSSL >= 0.9.8 */
2032#define SSL_OP_NO_TICKET 0
2033#endif
2034#ifndef SSL_OP_NO_COMPRESSION /* needs OpenSSL >= 0.9.9 */
2035#define SSL_OP_NO_COMPRESSION 0
2036#endif
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002037#ifdef OPENSSL_NO_SSL3 /* SSLv3 support removed */
2038#undef SSL_OP_NO_SSLv3
2039#define SSL_OP_NO_SSLv3 0
2040#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002041#ifndef SSL_OP_NO_TLSv1_1 /* needs OpenSSL >= 1.0.1 */
2042#define SSL_OP_NO_TLSv1_1 0
2043#endif
2044#ifndef SSL_OP_NO_TLSv1_2 /* needs OpenSSL >= 1.0.1 */
2045#define SSL_OP_NO_TLSv1_2 0
2046#endif
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002047#ifndef SSL_OP_NO_TLSv1_3 /* needs OpenSSL >= 1.1.1 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002048#define SSL_OP_NO_TLSv1_3 0
2049#endif
2050#ifndef SSL_OP_SINGLE_DH_USE /* needs OpenSSL >= 0.9.6 */
2051#define SSL_OP_SINGLE_DH_USE 0
2052#endif
2053#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 1.0.0 */
2054#define SSL_OP_SINGLE_ECDH_USE 0
2055#endif
2056#ifndef SSL_MODE_RELEASE_BUFFERS /* needs OpenSSL >= 1.0.0 */
2057#define SSL_MODE_RELEASE_BUFFERS 0
2058#endif
2059#ifndef SSL_MODE_SMALL_BUFFERS /* needs small_records.patch */
2060#define SSL_MODE_SMALL_BUFFERS 0
2061#endif
Lukas Tribus926594f2018-05-18 17:55:57 +02002062#ifndef SSL_OP_PRIORITIZE_CHACHA /* needs OpenSSL >= 1.1.1 */
2063#define SSL_OP_PRIORITIZE_CHACHA 0
2064#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002065
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002066#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002067typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
2068
2069static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002070{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002071#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002072 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002073 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
2074#endif
2075}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002076static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2077 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002078 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
2079}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002080static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002081#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002082 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002083 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
2084#endif
2085}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002086static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002087#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002088 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002089 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
2090#endif
2091}
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002092/* TLSv1.2 is the last supported version in this context. */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002093static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
2094/* Unusable in this context. */
2095static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
2096static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
2097static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
2098static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
2099static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002100#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002101typedef enum { SET_MIN, SET_MAX } set_context_func;
2102
2103static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2104 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002105 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2106}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002107static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2108 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2109 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2110}
2111static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2112 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002113 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2114}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002115static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2116 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2117 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2118}
2119static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2120 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002121 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2122}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002123static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2124 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2125 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2126}
2127static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2128 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002129 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2130}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002131static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2132 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2133 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2134}
2135static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002136#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002137 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002138 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2139#endif
2140}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002141static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2142#if SSL_OP_NO_TLSv1_3
2143 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2144 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002145#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002146}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002147#endif
2148static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2149static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002150
2151static struct {
2152 int option;
2153 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002154 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2155 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002156 const char *name;
2157} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002158 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2159 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2160 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2161 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2162 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2163 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002164};
2165
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002166static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2167{
2168 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2169 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2170 SSL_set_SSL_CTX(ssl, ctx);
2171}
2172
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002173#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002174
2175static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2176{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002177 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002178 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002179
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002180 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2181 return SSL_TLSEXT_ERR_OK;
2182 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002183}
2184
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002185#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002186static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2187{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002188 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002189#else
2190static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2191{
2192#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002193 struct connection *conn;
2194 struct bind_conf *s;
2195 const uint8_t *extension_data;
2196 size_t extension_len;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002197 int has_rsa_sig = 0, has_ecdsa_sig = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002198
2199 char *wildp = NULL;
2200 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002201 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002202 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002203 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002204 int i;
2205
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002206 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreaua8825522018-10-15 13:20:07 +02002207 s = __objt_listener(conn->target)->bind_conf;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002208
Olivier Houchard9679ac92017-10-27 14:58:08 +02002209 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002210 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002211#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002212 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2213 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002214#else
2215 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2216#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002217 /*
2218 * The server_name extension was given too much extensibility when it
2219 * was written, so parsing the normal case is a bit complex.
2220 */
2221 size_t len;
2222 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002223 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002224 /* Extract the length of the supplied list of names. */
2225 len = (*extension_data++) << 8;
2226 len |= *extension_data++;
2227 if (len + 2 != extension_len)
2228 goto abort;
2229 /*
2230 * The list in practice only has a single element, so we only consider
2231 * the first one.
2232 */
2233 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2234 goto abort;
2235 extension_len = len - 1;
2236 /* Now we can finally pull out the byte array with the actual hostname. */
2237 if (extension_len <= 2)
2238 goto abort;
2239 len = (*extension_data++) << 8;
2240 len |= *extension_data++;
2241 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2242 || memchr(extension_data, 0, len) != NULL)
2243 goto abort;
2244 servername = extension_data;
2245 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002246 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002247#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2248 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002249 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002250 }
2251#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002252 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002253 if (!s->strict_sni) {
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002254 ssl_sock_switchctx_set(ssl, s->default_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002255 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002256 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002257 goto abort;
2258 }
2259
2260 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002261#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002262 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002263#else
2264 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2265#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002266 uint8_t sign;
2267 size_t len;
2268 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002269 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002270 len = (*extension_data++) << 8;
2271 len |= *extension_data++;
2272 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002273 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002274 if (len % 2 != 0)
2275 goto abort;
2276 for (; len > 0; len -= 2) {
2277 extension_data++; /* hash */
2278 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002279 switch (sign) {
2280 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002281 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002282 break;
2283 case TLSEXT_signature_ecdsa:
2284 has_ecdsa_sig = 1;
2285 break;
2286 default:
2287 continue;
2288 }
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002289 if (has_ecdsa_sig && has_rsa_sig)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002290 break;
2291 }
2292 } else {
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002293 /* without TLSEXT_TYPE_signature_algorithms extension (< TLSv1.2) */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002294 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002295 }
2296 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002297 const SSL_CIPHER *cipher;
2298 size_t len;
2299 const uint8_t *cipher_suites;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002300 has_ecdsa_sig = 0;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002301#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002302 len = ctx->cipher_suites_len;
2303 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002304#else
2305 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2306#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002307 if (len % 2 != 0)
2308 goto abort;
2309 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002310#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002311 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002312 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002313#else
2314 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2315#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002316 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002317 has_ecdsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002318 break;
2319 }
2320 }
2321 }
2322
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002323 for (i = 0; i < trash.size && i < servername_len; i++) {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002324 trash.area[i] = tolower(servername[i]);
2325 if (!wildp && (trash.area[i] == '.'))
2326 wildp = &trash.area[i];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002327 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002328 trash.area[i] = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002329
2330 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002331 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002332
2333 /* lookup a not neg filter */
2334 for (n = node; n; n = ebmb_next_dup(n)) {
2335 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002336 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002337 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002338 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002339 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002340 break;
2341 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002342 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002343 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002344 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002345 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002346 if (!node_anonymous)
2347 node_anonymous = n;
2348 break;
2349 }
2350 }
2351 }
2352 if (wildp) {
2353 /* lookup in wildcards names */
2354 node = ebst_lookup(&s->sni_w_ctx, wildp);
2355 for (n = node; n; n = ebmb_next_dup(n)) {
2356 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002357 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002358 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002359 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002360 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002361 break;
2362 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002363 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002364 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002365 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002366 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002367 if (!node_anonymous)
2368 node_anonymous = n;
2369 break;
2370 }
2371 }
2372 }
2373 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002374 /* select by key_signature priority order */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002375 node = (has_ecdsa_sig && node_ecdsa) ? node_ecdsa
2376 : ((has_rsa_sig && node_rsa) ? node_rsa
2377 : (node_anonymous ? node_anonymous
2378 : (node_ecdsa ? node_ecdsa /* no ecdsa signature case (< TLSv1.2) */
2379 : node_rsa /* no rsa signature case (far far away) */
2380 )));
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002381 if (node) {
2382 /* switch ctx */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02002383 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002384 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002385 if (conf) {
2386 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2387 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2388 if (conf->early_data)
2389 allow_early = 1;
2390 }
2391 goto allow_early;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002392 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002393#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002394 if (s->generate_certs && ssl_sock_generate_certificate(trash.area, s, ssl)) {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002395 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002396 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002397 }
2398#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002399 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002400 /* no certificate match, is the default_ctx */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002401 ssl_sock_switchctx_set(ssl, s->default_ctx);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002402 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002403allow_early:
2404#ifdef OPENSSL_IS_BORINGSSL
2405 if (allow_early)
2406 SSL_set_early_data_enabled(ssl, 1);
2407#else
2408 if (!allow_early)
2409 SSL_set_max_early_data(ssl, 0);
2410#endif
2411 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002412 abort:
2413 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2414 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002415#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002416 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002417#else
2418 *al = SSL_AD_UNRECOGNIZED_NAME;
2419 return 0;
2420#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002421}
2422
2423#else /* OPENSSL_IS_BORINGSSL */
2424
Emeric Brunfc0421f2012-09-07 17:30:07 +02002425/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2426 * warning when no match is found, which implies the default (first) cert
2427 * will keep being used.
2428 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002429static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002430{
2431 const char *servername;
2432 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002433 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002434 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002435 int i;
2436 (void)al; /* shut gcc stupid warning */
2437
2438 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002439 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002440#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002441 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2442 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002443#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002444 if (s->strict_sni)
2445 return SSL_TLSEXT_ERR_ALERT_FATAL;
2446 ssl_sock_switchctx_set(ssl, s->default_ctx);
2447 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002448 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002449
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002450 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002451 if (!servername[i])
2452 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002453 trash.area[i] = tolower(servername[i]);
2454 if (!wildp && (trash.area[i] == '.'))
2455 wildp = &trash.area[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002456 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002457 trash.area[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002458
2459 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002460 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002461
2462 /* lookup a not neg filter */
2463 for (n = node; n; n = ebmb_next_dup(n)) {
2464 if (!container_of(n, struct sni_ctx, name)->neg) {
2465 node = n;
2466 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002467 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002468 }
2469 if (!node && wildp) {
2470 /* lookup in wildcards names */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002471 node = ebst_lookup(&s->sni_w_ctx, wildp);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002472 }
2473 if (!node || container_of(node, struct sni_ctx, name)->neg) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002474#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002475 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2476 /* switch ctx done in ssl_sock_generate_certificate */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002477 return SSL_TLSEXT_ERR_OK;
2478 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002479#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002480 if (s->strict_sni)
2481 return SSL_TLSEXT_ERR_ALERT_FATAL;
2482 ssl_sock_switchctx_set(ssl, s->default_ctx);
2483 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002484 }
2485
2486 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002487 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002488 return SSL_TLSEXT_ERR_OK;
2489}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002490#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002491#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2492
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002493#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002494
2495static DH * ssl_get_dh_1024(void)
2496{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002497 static unsigned char dh1024_p[]={
2498 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2499 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2500 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2501 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2502 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2503 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2504 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2505 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2506 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2507 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2508 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2509 };
2510 static unsigned char dh1024_g[]={
2511 0x02,
2512 };
2513
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002514 BIGNUM *p;
2515 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002516 DH *dh = DH_new();
2517 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002518 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2519 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002520
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002521 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002522 DH_free(dh);
2523 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002524 } else {
2525 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002526 }
2527 }
2528 return dh;
2529}
2530
2531static DH *ssl_get_dh_2048(void)
2532{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002533 static unsigned char dh2048_p[]={
2534 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2535 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2536 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2537 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2538 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2539 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2540 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2541 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2542 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2543 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2544 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2545 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2546 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2547 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2548 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2549 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2550 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2551 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2552 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2553 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2554 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2555 0xB7,0x1F,0x77,0xF3,
2556 };
2557 static unsigned char dh2048_g[]={
2558 0x02,
2559 };
2560
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002561 BIGNUM *p;
2562 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002563 DH *dh = DH_new();
2564 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002565 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2566 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002567
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002568 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002569 DH_free(dh);
2570 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002571 } else {
2572 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002573 }
2574 }
2575 return dh;
2576}
2577
2578static DH *ssl_get_dh_4096(void)
2579{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002580 static unsigned char dh4096_p[]={
2581 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2582 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2583 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2584 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2585 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2586 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2587 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2588 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2589 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2590 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2591 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2592 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2593 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2594 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2595 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2596 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2597 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2598 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2599 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2600 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2601 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2602 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2603 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2604 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2605 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2606 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2607 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2608 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2609 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2610 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2611 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2612 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2613 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2614 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2615 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2616 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2617 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2618 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2619 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2620 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2621 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2622 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2623 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002624 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002625 static unsigned char dh4096_g[]={
2626 0x02,
2627 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002628
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002629 BIGNUM *p;
2630 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002631 DH *dh = DH_new();
2632 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002633 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2634 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002635
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002636 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002637 DH_free(dh);
2638 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002639 } else {
2640 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002641 }
2642 }
2643 return dh;
2644}
2645
2646/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002647 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002648static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2649{
2650 DH *dh = NULL;
2651 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002652 int type;
2653
2654 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002655
2656 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2657 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2658 */
2659 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2660 keylen = EVP_PKEY_bits(pkey);
2661 }
2662
Willy Tarreauef934602016-12-22 23:12:01 +01002663 if (keylen > global_ssl.default_dh_param) {
2664 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002665 }
2666
Remi Gacogned3a341a2015-05-29 16:26:17 +02002667 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002668 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002669 }
2670 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002671 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002672 }
2673 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002674 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002675 }
2676
2677 return dh;
2678}
2679
Remi Gacogne47783ef2015-05-29 15:53:22 +02002680static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002681{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002682 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002683 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002684
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002685 if (in == NULL)
2686 goto end;
2687
Remi Gacogne47783ef2015-05-29 15:53:22 +02002688 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002689 goto end;
2690
Remi Gacogne47783ef2015-05-29 15:53:22 +02002691 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2692
2693end:
2694 if (in)
2695 BIO_free(in);
2696
Emeric Brune1b4ed42018-08-16 15:14:12 +02002697 ERR_clear_error();
2698
Remi Gacogne47783ef2015-05-29 15:53:22 +02002699 return dh;
2700}
2701
2702int ssl_sock_load_global_dh_param_from_file(const char *filename)
2703{
2704 global_dh = ssl_sock_get_dh_from_file(filename);
2705
2706 if (global_dh) {
2707 return 0;
2708 }
2709
2710 return -1;
2711}
2712
2713/* Loads Diffie-Hellman parameter from a file. Returns 1 if loaded, else -1
Joseph Herlant017b3da2018-11-15 09:07:59 -08002714 if an error occurred, and 0 if parameter not found. */
Remi Gacogne47783ef2015-05-29 15:53:22 +02002715int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file)
2716{
2717 int ret = -1;
2718 DH *dh = ssl_sock_get_dh_from_file(file);
2719
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002720 if (dh) {
2721 ret = 1;
2722 SSL_CTX_set_tmp_dh(ctx, dh);
Remi Gacogne4f902b82015-05-28 16:23:00 +02002723
2724 if (ssl_dh_ptr_index >= 0) {
2725 /* store a pointer to the DH params to avoid complaining about
2726 ssl-default-dh-param not being set for this SSL_CTX */
2727 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
2728 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002729 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02002730 else if (global_dh) {
2731 SSL_CTX_set_tmp_dh(ctx, global_dh);
2732 ret = 0; /* DH params not found */
2733 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002734 else {
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002735 /* Clear openssl global errors stack */
2736 ERR_clear_error();
2737
Willy Tarreauef934602016-12-22 23:12:01 +01002738 if (global_ssl.default_dh_param <= 1024) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002739 /* we are limited to DH parameter of 1024 bits anyway */
Remi Gacognec7e12632016-07-02 16:26:10 +02002740 if (local_dh_1024 == NULL)
2741 local_dh_1024 = ssl_get_dh_1024();
2742
Remi Gacogne8de54152014-07-15 11:36:40 +02002743 if (local_dh_1024 == NULL)
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002744 goto end;
Willy Tarreau6e774b42014-04-25 21:35:23 +02002745
Remi Gacogne8de54152014-07-15 11:36:40 +02002746 SSL_CTX_set_tmp_dh(ctx, local_dh_1024);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002747 }
2748 else {
2749 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
2750 }
Willy Tarreau6e774b42014-04-25 21:35:23 +02002751
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002752 ret = 0; /* DH params not found */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002753 }
Emeric Brun644cde02012-12-14 11:21:13 +01002754
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002755end:
2756 if (dh)
2757 DH_free(dh);
2758
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002759 return ret;
2760}
2761#endif
2762
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002763static int ssl_sock_add_cert_sni(SSL_CTX *ctx, struct bind_conf *s, struct ssl_bind_conf *conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002764 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002765{
2766 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002767 int wild = 0, neg = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002768 struct ebmb_node *node;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002769
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002770 if (*name == '!') {
2771 neg = 1;
2772 name++;
2773 }
2774 if (*name == '*') {
2775 wild = 1;
2776 name++;
2777 }
2778 /* !* filter is a nop */
2779 if (neg && wild)
2780 return order;
2781 if (*name) {
2782 int j, len;
2783 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002784 for (j = 0; j < len && j < trash.size; j++)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002785 trash.area[j] = tolower(name[j]);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002786 if (j >= trash.size)
2787 return order;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002788 trash.area[j] = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002789
2790 /* Check for duplicates. */
2791 if (wild)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002792 node = ebst_lookup(&s->sni_w_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002793 else
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002794 node = ebst_lookup(&s->sni_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002795 for (; node; node = ebmb_next_dup(node)) {
2796 sc = ebmb_entry(node, struct sni_ctx, name);
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002797 if (sc->ctx == ctx && sc->conf == conf && sc->neg == neg)
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002798 return order;
2799 }
2800
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002801 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002802 if (!sc)
2803 return order;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002804 memcpy(sc->name.key, trash.area, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002805 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002806 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002807 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002808 sc->order = order++;
2809 sc->neg = neg;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01002810 if (kinfo.sig != TLSEXT_signature_anonymous)
2811 SSL_CTX_set_ex_data(ctx, ssl_pkey_info_index, &sc->kinfo);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002812 if (wild)
2813 ebst_insert(&s->sni_w_ctx, &sc->name);
2814 else
2815 ebst_insert(&s->sni_ctx, &sc->name);
2816 }
2817 return order;
2818}
2819
yanbzhu488a4d22015-12-01 15:16:07 -05002820
2821/* The following code is used for loading multiple crt files into
2822 * SSL_CTX's based on CN/SAN
2823 */
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01002824#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)
yanbzhu488a4d22015-12-01 15:16:07 -05002825/* This is used to preload the certifcate, private key
2826 * and Cert Chain of a file passed in via the crt
2827 * argument
2828 *
2829 * This way, we do not have to read the file multiple times
2830 */
2831struct cert_key_and_chain {
2832 X509 *cert;
2833 EVP_PKEY *key;
2834 unsigned int num_chain_certs;
2835 /* This is an array of X509 pointers */
2836 X509 **chain_certs;
2837};
2838
yanbzhu08ce6ab2015-12-02 13:01:29 -05002839#define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
2840
2841struct key_combo_ctx {
2842 SSL_CTX *ctx;
2843 int order;
2844};
2845
2846/* Map used for processing multiple keypairs for a single purpose
2847 *
2848 * This maps CN/SNI name to certificate type
2849 */
2850struct sni_keytype {
2851 int keytypes; /* BITMASK for keytypes */
2852 struct ebmb_node name; /* node holding the servername value */
2853};
2854
2855
yanbzhu488a4d22015-12-01 15:16:07 -05002856/* Frees the contents of a cert_key_and_chain
2857 */
2858static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
2859{
2860 int i;
2861
2862 if (!ckch)
2863 return;
2864
2865 /* Free the certificate and set pointer to NULL */
2866 if (ckch->cert)
2867 X509_free(ckch->cert);
2868 ckch->cert = NULL;
2869
2870 /* Free the key and set pointer to NULL */
2871 if (ckch->key)
2872 EVP_PKEY_free(ckch->key);
2873 ckch->key = NULL;
2874
2875 /* Free each certificate in the chain */
2876 for (i = 0; i < ckch->num_chain_certs; i++) {
2877 if (ckch->chain_certs[i])
2878 X509_free(ckch->chain_certs[i]);
2879 }
2880
2881 /* Free the chain obj itself and set to NULL */
2882 if (ckch->num_chain_certs > 0) {
2883 free(ckch->chain_certs);
2884 ckch->num_chain_certs = 0;
2885 ckch->chain_certs = NULL;
2886 }
2887
2888}
2889
2890/* checks if a key and cert exists in the ckch
2891 */
2892static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
2893{
2894 return (ckch->cert != NULL && ckch->key != NULL);
2895}
2896
2897
2898/* Loads the contents of a crt file (path) into a cert_key_and_chain
2899 * This allows us to carry the contents of the file without having to
2900 * read the file multiple times.
2901 *
2902 * returns:
2903 * 0 on Success
2904 * 1 on SSL Failure
2905 * 2 on file not found
2906 */
2907static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
2908{
2909
2910 BIO *in;
2911 X509 *ca = NULL;
2912 int ret = 1;
2913
2914 ssl_sock_free_cert_key_and_chain_contents(ckch);
2915
2916 in = BIO_new(BIO_s_file());
2917 if (in == NULL)
2918 goto end;
2919
2920 if (BIO_read_filename(in, path) <= 0)
2921 goto end;
2922
yanbzhu488a4d22015-12-01 15:16:07 -05002923 /* Read Private Key */
2924 ckch->key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
2925 if (ckch->key == NULL) {
2926 memprintf(err, "%sunable to load private key from file '%s'.\n",
2927 err && *err ? *err : "", path);
2928 goto end;
2929 }
2930
Willy Tarreaubb137a82016-04-06 19:02:38 +02002931 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02002932 if (BIO_reset(in) == -1) {
2933 memprintf(err, "%san error occurred while reading the file '%s'.\n",
2934 err && *err ? *err : "", path);
2935 goto end;
2936 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02002937
2938 /* Read Certificate */
2939 ckch->cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
2940 if (ckch->cert == NULL) {
2941 memprintf(err, "%sunable to load certificate from file '%s'.\n",
2942 err && *err ? *err : "", path);
2943 goto end;
2944 }
2945
yanbzhu488a4d22015-12-01 15:16:07 -05002946 /* Read Certificate Chain */
2947 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
2948 /* Grow the chain certs */
2949 ckch->num_chain_certs++;
2950 ckch->chain_certs = realloc(ckch->chain_certs, (ckch->num_chain_certs * sizeof(X509 *)));
2951
2952 /* use - 1 here since we just incremented it above */
2953 ckch->chain_certs[ckch->num_chain_certs - 1] = ca;
2954 }
2955 ret = ERR_get_error();
2956 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
2957 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
2958 err && *err ? *err : "", path);
2959 ret = 1;
2960 goto end;
2961 }
2962
2963 ret = 0;
2964
2965end:
2966
2967 ERR_clear_error();
2968 if (in)
2969 BIO_free(in);
2970
2971 /* Something went wrong in one of the reads */
2972 if (ret != 0)
2973 ssl_sock_free_cert_key_and_chain_contents(ckch);
2974
2975 return ret;
2976}
2977
2978/* Loads the info in ckch into ctx
2979 * Currently, this does not process any information about ocsp, dhparams or
2980 * sctl
2981 * Returns
2982 * 0 on success
2983 * 1 on failure
2984 */
2985static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
2986{
2987 int i = 0;
2988
2989 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
2990 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
2991 err && *err ? *err : "", path);
2992 return 1;
2993 }
2994
2995 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
2996 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
2997 err && *err ? *err : "", path);
2998 return 1;
2999 }
3000
yanbzhu488a4d22015-12-01 15:16:07 -05003001 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
3002 for (i = 0; i < ckch->num_chain_certs; i++) {
3003 if (!SSL_CTX_add1_chain_cert(ctx, ckch->chain_certs[i])) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003004 memprintf(err, "%sunable to load chain certificate #%d into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
3005 err && *err ? *err : "", (i+1), path);
yanbzhu488a4d22015-12-01 15:16:07 -05003006 return 1;
3007 }
3008 }
3009
3010 if (SSL_CTX_check_private_key(ctx) <= 0) {
3011 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3012 err && *err ? *err : "", path);
3013 return 1;
3014 }
3015
3016 return 0;
3017}
3018
yanbzhu08ce6ab2015-12-02 13:01:29 -05003019
3020static void ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
3021{
3022 struct sni_keytype *s_kt = NULL;
3023 struct ebmb_node *node;
3024 int i;
3025
3026 for (i = 0; i < trash.size; i++) {
3027 if (!str[i])
3028 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003029 trash.area[i] = tolower(str[i]);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003030 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003031 trash.area[i] = 0;
3032 node = ebst_lookup(sni_keytypes, trash.area);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003033 if (!node) {
3034 /* CN not found in tree */
3035 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
3036 /* Using memcpy here instead of strncpy.
3037 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
3038 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
3039 */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003040 memcpy(s_kt->name.key, trash.area, i+1);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003041 s_kt->keytypes = 0;
3042 ebst_insert(sni_keytypes, &s_kt->name);
3043 } else {
3044 /* CN found in tree */
3045 s_kt = container_of(node, struct sni_keytype, name);
3046 }
3047
3048 /* Mark that this CN has the keytype of key_index via keytypes mask */
3049 s_kt->keytypes |= 1<<key_index;
3050
3051}
3052
3053
3054/* Given a path that does not exist, try to check for path.rsa, path.dsa and path.ecdsa files.
3055 * If any are found, group these files into a set of SSL_CTX*
3056 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
3057 *
Joseph Herlant017b3da2018-11-15 09:07:59 -08003058 * This will allow the user to explicitly group multiple cert/keys for a single purpose
yanbzhu08ce6ab2015-12-02 13:01:29 -05003059 *
3060 * Returns
3061 * 0 on success
3062 * 1 on failure
3063 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003064static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3065 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003066{
3067 char fp[MAXPATHLEN+1] = {0};
3068 int n = 0;
3069 int i = 0;
3070 struct cert_key_and_chain certs_and_keys[SSL_SOCK_NUM_KEYTYPES] = { {0} };
3071 struct eb_root sni_keytypes_map = { {0} };
3072 struct ebmb_node *node;
3073 struct ebmb_node *next;
3074 /* Array of SSL_CTX pointers corresponding to each possible combo
3075 * of keytypes
3076 */
3077 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
3078 int rv = 0;
3079 X509_NAME *xname = NULL;
3080 char *str = NULL;
3081#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3082 STACK_OF(GENERAL_NAME) *names = NULL;
3083#endif
3084
3085 /* Load all possible certs and keys */
3086 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3087 struct stat buf;
3088
3089 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3090 if (stat(fp, &buf) == 0) {
3091 if (ssl_sock_load_crt_file_into_ckch(fp, &certs_and_keys[n], err) == 1) {
3092 rv = 1;
3093 goto end;
3094 }
3095 }
3096 }
3097
3098 /* Process each ckch and update keytypes for each CN/SAN
3099 * for example, if CN/SAN www.a.com is associated with
3100 * certs with keytype 0 and 2, then at the end of the loop,
3101 * www.a.com will have:
3102 * keyindex = 0 | 1 | 4 = 5
3103 */
3104 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3105
3106 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3107 continue;
3108
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003109 if (fcount) {
Willy Tarreau24b892f2016-06-20 23:01:57 +02003110 for (i = 0; i < fcount; i++)
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003111 ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3112 } else {
3113 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3114 * so the line that contains logic is marked via comments
3115 */
3116 xname = X509_get_subject_name(certs_and_keys[n].cert);
3117 i = -1;
3118 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3119 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003120 ASN1_STRING *value;
3121 value = X509_NAME_ENTRY_get_data(entry);
3122 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003123 /* Important line is here */
3124 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003125
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003126 OPENSSL_free(str);
3127 str = NULL;
3128 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003129 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003130
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003131 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003132#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003133 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3134 if (names) {
3135 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3136 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003137
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003138 if (name->type == GEN_DNS) {
3139 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3140 /* Important line is here */
3141 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003142
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003143 OPENSSL_free(str);
3144 str = NULL;
3145 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003146 }
3147 }
3148 }
3149 }
3150#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3151 }
3152
3153 /* If no files found, return error */
3154 if (eb_is_empty(&sni_keytypes_map)) {
3155 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3156 err && *err ? *err : "", path);
3157 rv = 1;
3158 goto end;
3159 }
3160
3161 /* We now have a map of CN/SAN to keytypes that are loaded in
3162 * Iterate through the map to create the SSL_CTX's (if needed)
3163 * and add each CTX to the SNI tree
3164 *
3165 * Some math here:
Joseph Herlant017b3da2018-11-15 09:07:59 -08003166 * There are 2^n - 1 possible combinations, each unique
yanbzhu08ce6ab2015-12-02 13:01:29 -05003167 * combination is denoted by the key in the map. Each key
3168 * has a value between 1 and 2^n - 1. Conveniently, the array
3169 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3170 * entry in the array to correspond to the unique combo (key)
3171 * associated with i. This unique key combo (i) will be associated
3172 * with combos[i-1]
3173 */
3174
3175 node = ebmb_first(&sni_keytypes_map);
3176 while (node) {
3177 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003178 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003179 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003180
3181 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3182 i = container_of(node, struct sni_keytype, name)->keytypes;
3183 cur_ctx = key_combos[i-1].ctx;
3184
3185 if (cur_ctx == NULL) {
3186 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003187 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003188 if (cur_ctx == NULL) {
3189 memprintf(err, "%sunable to allocate SSL context.\n",
3190 err && *err ? *err : "");
3191 rv = 1;
3192 goto end;
3193 }
3194
yanbzhube2774d2015-12-10 15:07:30 -05003195 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003196 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3197 if (i & (1<<n)) {
3198 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003199 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3200 if (ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err) != 0) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003201 SSL_CTX_free(cur_ctx);
3202 rv = 1;
3203 goto end;
3204 }
yanbzhube2774d2015-12-10 15:07:30 -05003205
3206#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
3207 /* Load OCSP Info into context */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003208 if (ssl_sock_load_ocsp(cur_ctx, cur_file) < 0) {
yanbzhube2774d2015-12-10 15:07:30 -05003209 if (err)
3210 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
Bertrand Jacquin5424ee02016-11-13 16:37:14 +00003211 *err ? *err : "", cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003212 SSL_CTX_free(cur_ctx);
3213 rv = 1;
3214 goto end;
3215 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003216#elif (defined OPENSSL_IS_BORINGSSL)
3217 ssl_sock_set_ocsp_response_from_file(cur_ctx, cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003218#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05003219 }
3220 }
3221
3222 /* Load DH params into the ctx to support DHE keys */
3223#ifndef OPENSSL_NO_DH
3224 if (ssl_dh_ptr_index >= 0)
3225 SSL_CTX_set_ex_data(cur_ctx, ssl_dh_ptr_index, NULL);
3226
3227 rv = ssl_sock_load_dh_params(cur_ctx, NULL);
3228 if (rv < 0) {
3229 if (err)
3230 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3231 *err ? *err : "", path);
3232 rv = 1;
3233 goto end;
3234 }
3235#endif
3236
3237 /* Update key_combos */
3238 key_combos[i-1].ctx = cur_ctx;
3239 }
3240
3241 /* Update SNI Tree */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003242 key_combos[i-1].order = ssl_sock_add_cert_sni(cur_ctx, bind_conf, ssl_conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003243 kinfo, str, key_combos[i-1].order);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003244 node = ebmb_next(node);
3245 }
3246
3247
3248 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3249 if (!bind_conf->default_ctx) {
3250 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3251 if (key_combos[i].ctx) {
3252 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003253 bind_conf->default_ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003254 break;
3255 }
3256 }
3257 }
3258
3259end:
3260
3261 if (names)
3262 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
3263
3264 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
3265 ssl_sock_free_cert_key_and_chain_contents(&certs_and_keys[n]);
3266
3267 node = ebmb_first(&sni_keytypes_map);
3268 while (node) {
3269 next = ebmb_next(node);
3270 ebmb_delete(node);
3271 node = next;
3272 }
3273
3274 return rv;
3275}
3276#else
3277/* This is a dummy, that just logs an error and returns error */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003278static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3279 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003280{
3281 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3282 err && *err ? *err : "", path, strerror(errno));
3283 return 1;
3284}
3285
yanbzhu488a4d22015-12-01 15:16:07 -05003286#endif /* #if OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
3287
Emeric Brunfc0421f2012-09-07 17:30:07 +02003288/* Loads a certificate key and CA chain from a file. Returns 0 on error, -1 if
3289 * an early error happens and the caller must call SSL_CTX_free() by itelf.
3290 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003291static int ssl_sock_load_cert_chain_file(SSL_CTX *ctx, const char *file, struct bind_conf *s,
3292 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003293{
3294 BIO *in;
3295 X509 *x = NULL, *ca;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003296 int i, err;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003297 int ret = -1;
3298 int order = 0;
3299 X509_NAME *xname;
3300 char *str;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003301 pem_password_cb *passwd_cb;
3302 void *passwd_cb_userdata;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003303 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003304 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003305
Emeric Brunfc0421f2012-09-07 17:30:07 +02003306#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3307 STACK_OF(GENERAL_NAME) *names;
3308#endif
3309
3310 in = BIO_new(BIO_s_file());
3311 if (in == NULL)
3312 goto end;
3313
3314 if (BIO_read_filename(in, file) <= 0)
3315 goto end;
3316
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003317
3318 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
3319 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
3320
3321 x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003322 if (x == NULL)
3323 goto end;
3324
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003325 pkey = X509_get_pubkey(x);
3326 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003327 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003328 switch(EVP_PKEY_base_id(pkey)) {
3329 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003330 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003331 break;
3332 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003333 kinfo.sig = TLSEXT_signature_ecdsa;
3334 break;
3335 case EVP_PKEY_DSA:
3336 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003337 break;
3338 }
3339 EVP_PKEY_free(pkey);
3340 }
3341
Emeric Brun50bcecc2013-04-22 13:05:23 +02003342 if (fcount) {
3343 while (fcount--)
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003344 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, sni_filter[fcount], order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003345 }
3346 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003347#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003348 names = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
3349 if (names) {
3350 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3351 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
3352 if (name->type == GEN_DNS) {
3353 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003354 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003355 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003356 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003357 }
3358 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003359 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003360 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003361#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003362 xname = X509_get_subject_name(x);
3363 i = -1;
3364 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3365 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003366 ASN1_STRING *value;
3367
3368 value = X509_NAME_ENTRY_get_data(entry);
3369 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003370 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003371 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003372 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003373 }
3374 }
3375
3376 ret = 0; /* the caller must not free the SSL_CTX argument anymore */
3377 if (!SSL_CTX_use_certificate(ctx, x))
3378 goto end;
3379
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003380#ifdef SSL_CTX_clear_extra_chain_certs
3381 SSL_CTX_clear_extra_chain_certs(ctx);
3382#else
Emeric Brunfc0421f2012-09-07 17:30:07 +02003383 if (ctx->extra_certs != NULL) {
3384 sk_X509_pop_free(ctx->extra_certs, X509_free);
3385 ctx->extra_certs = NULL;
3386 }
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003387#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003388
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003389 while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_cb_userdata))) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003390 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3391 X509_free(ca);
3392 goto end;
3393 }
3394 }
3395
3396 err = ERR_get_error();
3397 if (!err || (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
3398 /* we successfully reached the last cert in the file */
3399 ret = 1;
3400 }
3401 ERR_clear_error();
3402
3403end:
3404 if (x)
3405 X509_free(x);
3406
3407 if (in)
3408 BIO_free(in);
3409
3410 return ret;
3411}
3412
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003413static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3414 char **sni_filter, int fcount, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003415{
3416 int ret;
3417 SSL_CTX *ctx;
3418
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003419 ctx = SSL_CTX_new(SSLv23_server_method());
Emeric Brunfc0421f2012-09-07 17:30:07 +02003420 if (!ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003421 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3422 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003423 return 1;
3424 }
3425
3426 if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003427 memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n",
3428 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003429 SSL_CTX_free(ctx);
3430 return 1;
3431 }
3432
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003433 ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, ssl_conf, sni_filter, fcount);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003434 if (ret <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003435 memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n",
3436 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003437 if (ret < 0) /* serious error, must do that ourselves */
3438 SSL_CTX_free(ctx);
3439 return 1;
3440 }
Emeric Brun61694ab2012-10-26 13:35:33 +02003441
3442 if (SSL_CTX_check_private_key(ctx) <= 0) {
3443 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3444 err && *err ? *err : "", path);
3445 return 1;
3446 }
3447
Emeric Brunfc0421f2012-09-07 17:30:07 +02003448 /* we must not free the SSL_CTX anymore below, since it's already in
3449 * the tree, so it will be discovered and cleaned in time.
3450 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003451#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +02003452 /* store a NULL pointer to indicate we have not yet loaded
3453 a custom DH param file */
3454 if (ssl_dh_ptr_index >= 0) {
3455 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3456 }
3457
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003458 ret = ssl_sock_load_dh_params(ctx, path);
3459 if (ret < 0) {
3460 if (err)
3461 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3462 *err ? *err : "", path);
3463 return 1;
3464 }
3465#endif
3466
Lukas Tribuse4e30f72014-12-09 16:32:51 +01003467#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +02003468 ret = ssl_sock_load_ocsp(ctx, path);
3469 if (ret < 0) {
3470 if (err)
3471 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3472 *err ? *err : "", path);
3473 return 1;
3474 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003475#elif (defined OPENSSL_IS_BORINGSSL)
3476 ssl_sock_set_ocsp_response_from_file(ctx, path);
Emeric Brun4147b2e2014-06-16 18:36:30 +02003477#endif
3478
Daniel Jakots54ffb912015-11-06 20:02:41 +01003479#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01003480 if (sctl_ex_index >= 0) {
3481 ret = ssl_sock_load_sctl(ctx, path);
3482 if (ret < 0) {
3483 if (err)
3484 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3485 *err ? *err : "", path);
3486 return 1;
3487 }
3488 }
3489#endif
3490
Emeric Brunfc0421f2012-09-07 17:30:07 +02003491#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003492 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003493 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
3494 err && *err ? *err : "");
Emeric Brunfc0421f2012-09-07 17:30:07 +02003495 return 1;
3496 }
3497#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003498 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003499 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003500 bind_conf->default_ssl_conf = ssl_conf;
3501 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003502
3503 return 0;
3504}
3505
Willy Tarreau03209342016-12-22 17:08:28 +01003506int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003507{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003508 struct dirent **de_list;
3509 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003510 DIR *dir;
3511 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01003512 char *end;
3513 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02003514 int cfgerr = 0;
yanbzhu63ea8462015-12-09 13:35:14 -05003515#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
3516 int is_bundle;
3517 int j;
3518#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003519
yanbzhu08ce6ab2015-12-02 13:01:29 -05003520 if (stat(path, &buf) == 0) {
3521 dir = opendir(path);
3522 if (!dir)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003523 return ssl_sock_load_cert_file(path, bind_conf, NULL, NULL, 0, err);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003524
yanbzhu08ce6ab2015-12-02 13:01:29 -05003525 /* strip trailing slashes, including first one */
3526 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
3527 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003528
yanbzhu08ce6ab2015-12-02 13:01:29 -05003529 n = scandir(path, &de_list, 0, alphasort);
3530 if (n < 0) {
3531 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
3532 err && *err ? *err : "", path, strerror(errno));
3533 cfgerr++;
3534 }
3535 else {
3536 for (i = 0; i < n; i++) {
3537 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02003538
yanbzhu08ce6ab2015-12-02 13:01:29 -05003539 end = strrchr(de->d_name, '.');
3540 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
3541 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003542
yanbzhu08ce6ab2015-12-02 13:01:29 -05003543 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
3544 if (stat(fp, &buf) != 0) {
3545 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3546 err && *err ? *err : "", fp, strerror(errno));
3547 cfgerr++;
3548 goto ignore_entry;
3549 }
3550 if (!S_ISREG(buf.st_mode))
3551 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05003552
3553#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
3554 is_bundle = 0;
3555 /* Check if current entry in directory is part of a multi-cert bundle */
3556
3557 if (end) {
3558 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
3559 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
3560 is_bundle = 1;
3561 break;
3562 }
3563 }
3564
3565 if (is_bundle) {
3566 char dp[MAXPATHLEN+1] = {0}; /* this will be the filename w/o the keytype */
3567 int dp_len;
3568
3569 dp_len = end - de->d_name;
3570 snprintf(dp, dp_len + 1, "%s", de->d_name);
3571
3572 /* increment i and free de until we get to a non-bundle cert
3573 * Note here that we look at de_list[i + 1] before freeing de
3574 * this is important since ignore_entry will free de
3575 */
3576 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, dp, dp_len)) {
3577 free(de);
3578 i++;
3579 de = de_list[i];
3580 }
3581
3582 snprintf(fp, sizeof(fp), "%s/%s", path, dp);
Emeric Bruneb155b62018-08-16 15:11:12 +02003583 cfgerr += ssl_sock_load_multi_cert(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05003584
3585 /* Successfully processed the bundle */
3586 goto ignore_entry;
3587 }
3588 }
3589
3590#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003591 cfgerr += ssl_sock_load_cert_file(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003592ignore_entry:
3593 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003594 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003595 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003596 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003597 closedir(dir);
3598 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003599 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003600
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003601 cfgerr = ssl_sock_load_multi_cert(path, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003602
Emeric Brunfc0421f2012-09-07 17:30:07 +02003603 return cfgerr;
3604}
3605
Thierry Fournier383085f2013-01-24 14:15:43 +01003606/* Make sure openssl opens /dev/urandom before the chroot. The work is only
3607 * done once. Zero is returned if the operation fails. No error is returned
3608 * if the random is said as not implemented, because we expect that openssl
3609 * will use another method once needed.
3610 */
3611static int ssl_initialize_random()
3612{
3613 unsigned char random;
3614 static int random_initialized = 0;
3615
3616 if (!random_initialized && RAND_bytes(&random, 1) != 0)
3617 random_initialized = 1;
3618
3619 return random_initialized;
3620}
3621
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003622/* release ssl bind conf */
3623void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003624{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003625 if (conf) {
Bernard Spil13c53f82018-02-15 13:34:58 +01003626#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003627 free(conf->npn_str);
3628 conf->npn_str = NULL;
3629#endif
3630#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
3631 free(conf->alpn_str);
3632 conf->alpn_str = NULL;
3633#endif
3634 free(conf->ca_file);
3635 conf->ca_file = NULL;
3636 free(conf->crl_file);
3637 conf->crl_file = NULL;
3638 free(conf->ciphers);
3639 conf->ciphers = NULL;
Dirkjan Bussink415150f2018-09-14 11:14:21 +02003640#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
3641 free(conf->ciphersuites);
3642 conf->ciphersuites = NULL;
3643#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01003644 free(conf->curves);
3645 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003646 free(conf->ecdhe);
3647 conf->ecdhe = NULL;
3648 }
3649}
3650
3651int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
3652{
3653 char thisline[CRT_LINESIZE];
3654 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003655 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05003656 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003657 int linenum = 0;
3658 int cfgerr = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003659
Willy Tarreauad1731d2013-04-02 17:35:58 +02003660 if ((f = fopen(file, "r")) == NULL) {
3661 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003662 return 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003663 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003664
3665 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003666 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003667 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003668 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003669 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003670 char *crt_path;
3671 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003672
3673 linenum++;
3674 end = line + strlen(line);
3675 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
3676 /* Check if we reached the limit and the last char is not \n.
3677 * Watch out for the last line without the terminating '\n'!
3678 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02003679 memprintf(err, "line %d too long in file '%s', limit is %d characters",
3680 linenum, file, (int)sizeof(thisline)-1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003681 cfgerr = 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003682 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003683 }
3684
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003685 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02003686 newarg = 1;
3687 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003688 if (*line == '#' || *line == '\n' || *line == '\r') {
3689 /* end of string, end of loop */
3690 *line = 0;
3691 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003692 } else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02003693 newarg = 1;
3694 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003695 } else if (*line == '[') {
3696 if (ssl_b) {
3697 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
3698 cfgerr = 1;
3699 break;
3700 }
3701 if (!arg) {
3702 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
3703 cfgerr = 1;
3704 break;
3705 }
3706 ssl_b = arg;
3707 newarg = 1;
3708 *line = 0;
3709 } else if (*line == ']') {
3710 if (ssl_e) {
3711 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Emeric Brun50bcecc2013-04-22 13:05:23 +02003712 cfgerr = 1;
3713 break;
3714 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003715 if (!ssl_b) {
3716 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
3717 cfgerr = 1;
3718 break;
3719 }
3720 ssl_e = arg;
3721 newarg = 1;
3722 *line = 0;
3723 } else if (newarg) {
3724 if (arg == MAX_CRT_ARGS) {
3725 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
3726 cfgerr = 1;
3727 break;
3728 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003729 newarg = 0;
3730 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003731 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003732 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003733 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003734 if (cfgerr)
3735 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003736 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003737
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003738 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003739 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003740 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003741
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003742 crt_path = args[0];
3743 if (*crt_path != '/' && global_ssl.crt_base) {
3744 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
3745 memprintf(err, "'%s' : path too long on line %d in file '%s'",
3746 crt_path, linenum, file);
3747 cfgerr = 1;
3748 break;
3749 }
3750 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
3751 crt_path = path;
3752 }
3753
3754 ssl_conf = calloc(1, sizeof *ssl_conf);
3755 cur_arg = ssl_b ? ssl_b : 1;
3756 while (cur_arg < ssl_e) {
3757 newarg = 0;
3758 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
3759 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
3760 newarg = 1;
3761 cfgerr = ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
3762 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
3763 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
3764 args[cur_arg], linenum, file);
3765 cfgerr = 1;
3766 }
3767 cur_arg += 1 + ssl_bind_kws[i].skip;
3768 break;
3769 }
3770 }
3771 if (!cfgerr && !newarg) {
3772 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
3773 args[cur_arg], linenum, file);
3774 cfgerr = 1;
3775 break;
3776 }
3777 }
3778 if (cfgerr) {
3779 ssl_sock_free_ssl_conf(ssl_conf);
3780 free(ssl_conf);
3781 ssl_conf = NULL;
3782 break;
3783 }
3784
3785 if (stat(crt_path, &buf) == 0) {
3786 cfgerr = ssl_sock_load_cert_file(crt_path, bind_conf, ssl_conf,
3787 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003788 } else {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003789 cfgerr = ssl_sock_load_multi_cert(crt_path, bind_conf, ssl_conf,
3790 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003791 }
3792
Willy Tarreauad1731d2013-04-02 17:35:58 +02003793 if (cfgerr) {
3794 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003795 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003796 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003797 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003798 fclose(f);
3799 return cfgerr;
3800}
3801
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003802/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003803static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003804ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003805{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003806 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003807 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003808 SSL_OP_ALL | /* all known workarounds for bugs */
3809 SSL_OP_NO_SSLv2 |
3810 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003811 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02003812 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003813 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02003814 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003815 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003816 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003817 SSL_MODE_ENABLE_PARTIAL_WRITE |
3818 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01003819 SSL_MODE_RELEASE_BUFFERS |
3820 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02003821 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003822 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003823 int flags = MC_SSL_O_ALL;
3824 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003825
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003826 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003827 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003828
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003829 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01003830 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
3831 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3832 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003833 else
3834 flags = conf_ssl_methods->flags;
3835
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003836 min = conf_ssl_methods->min;
3837 max = conf_ssl_methods->max;
3838 /* start with TLSv10 to remove SSLv3 per default */
3839 if (!min && (!max || max >= CONF_TLSV10))
3840 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003841 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003842 if (min)
3843 flags |= (methodVersions[min].flag - 1);
3844 if (max)
3845 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003846 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003847 min = max = CONF_TLSV_NONE;
3848 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003849 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003850 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003851 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003852 if (min) {
3853 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003854 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
3855 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3856 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
3857 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003858 hole = 0;
3859 }
3860 max = i;
3861 }
3862 else {
3863 min = max = i;
3864 }
3865 }
3866 else {
3867 if (min)
3868 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003869 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003870 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003871 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
3872 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003873 cfgerr += 1;
3874 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02003875 /* save real min/max in bind_conf */
3876 conf_ssl_methods->min = min;
3877 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003878
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02003879#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003880 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08003881 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003882 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003883 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003884 else
3885 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
3886 if (flags & methodVersions[i].flag)
3887 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003888#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003889 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003890 methodVersions[min].ctx_set_version(ctx, SET_MIN);
3891 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02003892#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003893
3894 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
3895 options |= SSL_OP_NO_TICKET;
3896 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
3897 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
3898 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003899
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02003900#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003901 if (global_ssl.async)
3902 mode |= SSL_MODE_ASYNC;
3903#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003904 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003905 if (global_ssl.life_time)
3906 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003907
3908#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3909#ifdef OPENSSL_IS_BORINGSSL
3910 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
3911 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02003912#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard51088ce2019-01-02 18:46:41 +01003913 if (bind_conf->ssl_conf.early_data) {
3914 SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
3915 SSL_CTX_set_max_early_data(ctx, global.tune.bufsize - global.tune.maxrewrite);
3916 }
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02003917 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
3918 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003919#else
3920 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003921#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02003922 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003923#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003924 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003925}
3926
William Lallemand4f45bb92017-10-30 20:08:51 +01003927
3928static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
3929{
3930 if (first == block) {
3931 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
3932 if (first->len > 0)
3933 sh_ssl_sess_tree_delete(sh_ssl_sess);
3934 }
3935}
3936
3937/* return first block from sh_ssl_sess */
3938static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
3939{
3940 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
3941
3942}
3943
3944/* store a session into the cache
3945 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
3946 * data: asn1 encoded session
3947 * data_len: asn1 encoded session length
3948 * Returns 1 id session was stored (else 0)
3949 */
3950static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
3951{
3952 struct shared_block *first;
3953 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
3954
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02003955 first = shctx_row_reserve_hot(ssl_shctx, NULL, data_len + sizeof(struct sh_ssl_sess_hdr));
William Lallemand4f45bb92017-10-30 20:08:51 +01003956 if (!first) {
3957 /* Could not retrieve enough free blocks to store that session */
3958 return 0;
3959 }
3960
3961 /* STORE the key in the first elem */
3962 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
3963 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
3964 first->len = sizeof(struct sh_ssl_sess_hdr);
3965
3966 /* it returns the already existing node
3967 or current node if none, never returns null */
3968 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
3969 if (oldsh_ssl_sess != sh_ssl_sess) {
3970 /* NOTE: Row couldn't be in use because we lock read & write function */
3971 /* release the reserved row */
3972 shctx_row_dec_hot(ssl_shctx, first);
3973 /* replace the previous session already in the tree */
3974 sh_ssl_sess = oldsh_ssl_sess;
3975 /* ignore the previous session data, only use the header */
3976 first = sh_ssl_sess_first_block(sh_ssl_sess);
3977 shctx_row_inc_hot(ssl_shctx, first);
3978 first->len = sizeof(struct sh_ssl_sess_hdr);
3979 }
3980
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02003981 if (shctx_row_data_append(ssl_shctx, first, NULL, data, data_len) < 0) {
William Lallemand99b90af2018-01-03 19:15:51 +01003982 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01003983 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01003984 }
3985
3986 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01003987
3988 return 1;
3989}
William Lallemanded0b5ad2017-10-30 19:36:36 +01003990
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003991/* SSL callback used when a new session is created while connecting to a server */
3992static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
3993{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02003994 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01003995 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003996
Willy Tarreau07d94e42018-09-20 10:57:52 +02003997 s = __objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003998
Olivier Houcharde6060c52017-11-16 17:42:52 +01003999 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
4000 int len;
4001 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004002
Olivier Houcharde6060c52017-11-16 17:42:52 +01004003 len = i2d_SSL_SESSION(sess, NULL);
4004 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
4005 ptr = s->ssl_ctx.reused_sess[tid].ptr;
4006 } else {
4007 free(s->ssl_ctx.reused_sess[tid].ptr);
4008 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
4009 s->ssl_ctx.reused_sess[tid].allocated_size = len;
4010 }
4011 if (s->ssl_ctx.reused_sess[tid].ptr) {
4012 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
4013 &ptr);
4014 }
4015 } else {
4016 free(s->ssl_ctx.reused_sess[tid].ptr);
4017 s->ssl_ctx.reused_sess[tid].ptr = NULL;
4018 }
4019
4020 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004021}
4022
Olivier Houcharde6060c52017-11-16 17:42:52 +01004023
William Lallemanded0b5ad2017-10-30 19:36:36 +01004024/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01004025int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004026{
4027 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
4028 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
4029 unsigned char *p;
4030 int data_len;
4031 unsigned int sid_length, sid_ctx_length;
4032 const unsigned char *sid_data;
4033 const unsigned char *sid_ctx_data;
4034
4035 /* Session id is already stored in to key and session id is known
4036 * so we dont store it to keep size.
4037 */
4038
4039 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4040 sid_ctx_data = SSL_SESSION_get0_id_context(sess, &sid_ctx_length);
4041 SSL_SESSION_set1_id(sess, sid_data, 0);
4042 SSL_SESSION_set1_id_context(sess, sid_ctx_data, 0);
4043
4044 /* check if buffer is large enough for the ASN1 encoded session */
4045 data_len = i2d_SSL_SESSION(sess, NULL);
4046 if (data_len > SHSESS_MAX_DATA_LEN)
4047 goto err;
4048
4049 p = encsess;
4050
4051 /* process ASN1 session encoding before the lock */
4052 i2d_SSL_SESSION(sess, &p);
4053
4054 memcpy(encid, sid_data, sid_length);
4055 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
4056 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
4057
William Lallemanda3c77cf2017-10-30 23:44:40 +01004058 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004059 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004060 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01004061 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004062err:
4063 /* reset original length values */
4064 SSL_SESSION_set1_id(sess, sid_data, sid_length);
4065 SSL_SESSION_set1_id_context(sess, sid_ctx_data, sid_ctx_length);
4066
4067 return 0; /* do not increment session reference count */
4068}
4069
4070/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004071SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004072{
William Lallemand4f45bb92017-10-30 20:08:51 +01004073 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004074 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
4075 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01004076 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01004077 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004078
4079 global.shctx_lookups++;
4080
4081 /* allow the session to be freed automatically by openssl */
4082 *do_copy = 0;
4083
4084 /* tree key is zeros padded sessionid */
4085 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4086 memcpy(tmpkey, key, key_len);
4087 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
4088 key = tmpkey;
4089 }
4090
4091 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004092 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004093
4094 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004095 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
4096 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004097 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004098 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004099 global.shctx_misses++;
4100 return NULL;
4101 }
4102
William Lallemand4f45bb92017-10-30 20:08:51 +01004103 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
4104 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004105
William Lallemand4f45bb92017-10-30 20:08:51 +01004106 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004107
William Lallemanda3c77cf2017-10-30 23:44:40 +01004108 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004109
4110 /* decode ASN1 session */
4111 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004112 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004113 /* Reset session id and session id contenxt */
4114 if (sess) {
4115 SSL_SESSION_set1_id(sess, key, key_len);
4116 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4117 }
4118
4119 return sess;
4120}
4121
William Lallemand4f45bb92017-10-30 20:08:51 +01004122
William Lallemanded0b5ad2017-10-30 19:36:36 +01004123/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004124void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004125{
William Lallemand4f45bb92017-10-30 20:08:51 +01004126 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004127 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4128 unsigned int sid_length;
4129 const unsigned char *sid_data;
4130 (void)ctx;
4131
4132 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4133 /* tree key is zeros padded sessionid */
4134 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4135 memcpy(tmpkey, sid_data, sid_length);
4136 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4137 sid_data = tmpkey;
4138 }
4139
William Lallemanda3c77cf2017-10-30 23:44:40 +01004140 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004141
4142 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004143 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4144 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004145 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004146 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004147 }
4148
4149 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004150 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004151}
4152
4153/* Set session cache mode to server and disable openssl internal cache.
4154 * Set shared cache callbacks on an ssl context.
4155 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004156void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004157{
4158 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4159
4160 if (!ssl_shctx) {
4161 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4162 return;
4163 }
4164
4165 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4166 SSL_SESS_CACHE_NO_INTERNAL |
4167 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4168
4169 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004170 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4171 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4172 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004173}
4174
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004175int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx)
4176{
4177 struct proxy *curproxy = bind_conf->frontend;
4178 int cfgerr = 0;
4179 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004180 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004181 const char *conf_ciphers;
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004182#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
4183 const char *conf_ciphersuites;
4184#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004185 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004186
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004187 if (ssl_conf) {
4188 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4189 int i, min, max;
4190 int flags = MC_SSL_O_ALL;
4191
4192 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004193 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4194 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004195 if (min)
4196 flags |= (methodVersions[min].flag - 1);
4197 if (max)
4198 flags |= ~((methodVersions[max].flag << 1) - 1);
4199 min = max = CONF_TLSV_NONE;
4200 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4201 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4202 if (min)
4203 max = i;
4204 else
4205 min = max = i;
4206 }
4207 /* save real min/max */
4208 conf_ssl_methods->min = min;
4209 conf_ssl_methods->max = max;
4210 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004211 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4212 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004213 cfgerr += 1;
4214 }
4215 }
4216
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004217 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01004218 case SSL_SOCK_VERIFY_NONE:
4219 verify = SSL_VERIFY_NONE;
4220 break;
4221 case SSL_SOCK_VERIFY_OPTIONAL:
4222 verify = SSL_VERIFY_PEER;
4223 break;
4224 case SSL_SOCK_VERIFY_REQUIRED:
4225 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
4226 break;
4227 }
4228 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
4229 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004230 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
4231 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
4232 if (ca_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004233 /* load CAfile to verify */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004234 if (!SSL_CTX_load_verify_locations(ctx, ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004235 ha_alert("Proxy '%s': unable to load CA file '%s' for bind '%s' at [%s:%d].\n",
4236 curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004237 cfgerr++;
4238 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02004239 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
4240 /* set CA names for client cert request, function returns void */
4241 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(ca_file));
4242 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004243 }
Emeric Brun850efd52014-01-29 12:24:34 +01004244 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004245 ha_alert("Proxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
4246 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun850efd52014-01-29 12:24:34 +01004247 cfgerr++;
4248 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004249#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004250 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004251 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
4252
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004253 if (!store || !X509_STORE_load_locations(store, crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004254 ha_alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
4255 curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004256 cfgerr++;
4257 }
Emeric Brun561e5742012-10-02 15:20:55 +02004258 else {
4259 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4260 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004261 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004262#endif
Emeric Brun644cde02012-12-14 11:21:13 +01004263 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02004264 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004265#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02004266 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004267 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004268 ha_alert("Proxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
4269 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004270 cfgerr++;
4271 }
4272 }
4273#endif
4274
William Lallemand4f45bb92017-10-30 20:08:51 +01004275 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004276 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
4277 if (conf_ciphers &&
4278 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004279 ha_alert("Proxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
4280 curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004281 cfgerr++;
4282 }
4283
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004284#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
4285 conf_ciphersuites = (ssl_conf && ssl_conf->ciphersuites) ? ssl_conf->ciphersuites : bind_conf->ssl_conf.ciphersuites;
4286 if (conf_ciphersuites &&
4287 !SSL_CTX_set_ciphersuites(ctx, conf_ciphersuites)) {
4288 ha_alert("Proxy '%s': unable to set TLS 1.3 cipher suites to '%s' for bind '%s' at [%s:%d].\n",
4289 curproxy->id, conf_ciphersuites, bind_conf->arg, bind_conf->file, bind_conf->line);
4290 cfgerr++;
4291 }
4292#endif
4293
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004294#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02004295 /* If tune.ssl.default-dh-param has not been set,
4296 neither has ssl-default-dh-file and no static DH
4297 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01004298 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02004299 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02004300 (ssl_dh_ptr_index == -1 ||
4301 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004302 STACK_OF(SSL_CIPHER) * ciphers = NULL;
4303 const SSL_CIPHER * cipher = NULL;
4304 char cipher_description[128];
4305 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
4306 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
4307 which is not ephemeral DH. */
4308 const char dhe_description[] = " Kx=DH ";
4309 const char dhe_export_description[] = " Kx=DH(";
4310 int idx = 0;
4311 int dhe_found = 0;
4312 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004313
Remi Gacogne23d5d372014-10-10 17:04:26 +02004314 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004315
Remi Gacogne23d5d372014-10-10 17:04:26 +02004316 if (ssl) {
4317 ciphers = SSL_get_ciphers(ssl);
4318
4319 if (ciphers) {
4320 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
4321 cipher = sk_SSL_CIPHER_value(ciphers, idx);
4322 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
4323 if (strstr(cipher_description, dhe_description) != NULL ||
4324 strstr(cipher_description, dhe_export_description) != NULL) {
4325 dhe_found = 1;
4326 break;
4327 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02004328 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004329 }
4330 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02004331 SSL_free(ssl);
4332 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004333 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004334
Lukas Tribus90132722014-08-18 00:56:33 +02004335 if (dhe_found) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004336 ha_warning("Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n");
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004337 }
4338
Willy Tarreauef934602016-12-22 23:12:01 +01004339 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004340 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004341
Willy Tarreauef934602016-12-22 23:12:01 +01004342 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004343 if (local_dh_1024 == NULL) {
4344 local_dh_1024 = ssl_get_dh_1024();
4345 }
Willy Tarreauef934602016-12-22 23:12:01 +01004346 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004347 if (local_dh_2048 == NULL) {
4348 local_dh_2048 = ssl_get_dh_2048();
4349 }
Willy Tarreauef934602016-12-22 23:12:01 +01004350 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004351 if (local_dh_4096 == NULL) {
4352 local_dh_4096 = ssl_get_dh_4096();
4353 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004354 }
4355 }
4356 }
4357#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004358
Emeric Brunfc0421f2012-09-07 17:30:07 +02004359 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004360#if OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02004361 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004362#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02004363
Bernard Spil13c53f82018-02-15 13:34:58 +01004364#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004365 ssl_conf_cur = NULL;
4366 if (ssl_conf && ssl_conf->npn_str)
4367 ssl_conf_cur = ssl_conf;
4368 else if (bind_conf->ssl_conf.npn_str)
4369 ssl_conf_cur = &bind_conf->ssl_conf;
4370 if (ssl_conf_cur)
4371 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004372#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004373#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004374 ssl_conf_cur = NULL;
4375 if (ssl_conf && ssl_conf->alpn_str)
4376 ssl_conf_cur = ssl_conf;
4377 else if (bind_conf->ssl_conf.alpn_str)
4378 ssl_conf_cur = &bind_conf->ssl_conf;
4379 if (ssl_conf_cur)
4380 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02004381#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004382#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
4383 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
4384 if (conf_curves) {
4385 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004386 ha_alert("Proxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
4387 curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004388 cfgerr++;
4389 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01004390#if defined(SSL_CTX_set_ecdh_auto)
4391 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
4392#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004393 }
4394#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004395#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004396 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02004397 int i;
4398 EC_KEY *ecdh;
Olivier Houchardc2aae742017-09-22 18:26:28 +02004399#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004400 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02004401 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4402 NULL);
4403
4404 if (ecdhe == NULL) {
4405 SSL_CTX_set_dh_auto(ctx, 1);
4406 return cfgerr;
4407 }
4408#else
4409 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
4410 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4411 ECDHE_DEFAULT_CURVE);
4412#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004413
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004414 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02004415 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004416 ha_alert("Proxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
4417 curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun2b58d042012-09-20 17:10:03 +02004418 cfgerr++;
4419 }
4420 else {
4421 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
4422 EC_KEY_free(ecdh);
4423 }
4424 }
4425#endif
4426
Emeric Brunfc0421f2012-09-07 17:30:07 +02004427 return cfgerr;
4428}
4429
Evan Broderbe554312013-06-27 00:05:25 -07004430static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
4431{
4432 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
4433 size_t prefixlen, suffixlen;
4434
4435 /* Trivial case */
4436 if (strcmp(pattern, hostname) == 0)
4437 return 1;
4438
Evan Broderbe554312013-06-27 00:05:25 -07004439 /* The rest of this logic is based on RFC 6125, section 6.4.3
4440 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
4441
Emeric Bruna848dae2013-10-08 11:27:28 +02004442 pattern_wildcard = NULL;
4443 pattern_left_label_end = pattern;
4444 while (*pattern_left_label_end != '.') {
4445 switch (*pattern_left_label_end) {
4446 case 0:
4447 /* End of label not found */
4448 return 0;
4449 case '*':
4450 /* If there is more than one wildcards */
4451 if (pattern_wildcard)
4452 return 0;
4453 pattern_wildcard = pattern_left_label_end;
4454 break;
4455 }
4456 pattern_left_label_end++;
4457 }
4458
4459 /* If it's not trivial and there is no wildcard, it can't
4460 * match */
4461 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07004462 return 0;
4463
4464 /* Make sure all labels match except the leftmost */
4465 hostname_left_label_end = strchr(hostname, '.');
4466 if (!hostname_left_label_end
4467 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
4468 return 0;
4469
4470 /* Make sure the leftmost label of the hostname is long enough
4471 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02004472 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07004473 return 0;
4474
4475 /* Finally compare the string on either side of the
4476 * wildcard */
4477 prefixlen = pattern_wildcard - pattern;
4478 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02004479 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
4480 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07004481 return 0;
4482
4483 return 1;
4484}
4485
4486static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
4487{
4488 SSL *ssl;
4489 struct connection *conn;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004490 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02004491 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07004492
4493 int depth;
4494 X509 *cert;
4495 STACK_OF(GENERAL_NAME) *alt_names;
4496 int i;
4497 X509_NAME *cert_subject;
4498 char *str;
4499
4500 if (ok == 0)
4501 return ok;
4502
4503 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004504 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Evan Broderbe554312013-06-27 00:05:25 -07004505
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004506 /* We're checking if the provided hostnames match the desired one. The
4507 * desired hostname comes from the SNI we presented if any, or if not
4508 * provided then it may have been explicitly stated using a "verifyhost"
4509 * directive. If neither is set, we don't care about the name so the
4510 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02004511 */
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004512 servername = SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02004513 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004514 if (!servername) {
Willy Tarreau07d94e42018-09-20 10:57:52 +02004515 servername = __objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004516 if (!servername)
4517 return ok;
4518 }
Evan Broderbe554312013-06-27 00:05:25 -07004519
4520 /* We only need to verify the CN on the actual server cert,
4521 * not the indirect CAs */
4522 depth = X509_STORE_CTX_get_error_depth(ctx);
4523 if (depth != 0)
4524 return ok;
4525
4526 /* At this point, the cert is *not* OK unless we can find a
4527 * hostname match */
4528 ok = 0;
4529
4530 cert = X509_STORE_CTX_get_current_cert(ctx);
4531 /* It seems like this might happen if verify peer isn't set */
4532 if (!cert)
4533 return ok;
4534
4535 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
4536 if (alt_names) {
4537 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
4538 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
4539 if (name->type == GEN_DNS) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004540#if OPENSSL_VERSION_NUMBER < 0x00907000L
4541 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
4542#else
Evan Broderbe554312013-06-27 00:05:25 -07004543 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004544#endif
Evan Broderbe554312013-06-27 00:05:25 -07004545 ok = ssl_sock_srv_hostcheck(str, servername);
4546 OPENSSL_free(str);
4547 }
4548 }
4549 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02004550 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07004551 }
4552
4553 cert_subject = X509_get_subject_name(cert);
4554 i = -1;
4555 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
4556 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02004557 ASN1_STRING *value;
4558 value = X509_NAME_ENTRY_get_data(entry);
4559 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07004560 ok = ssl_sock_srv_hostcheck(str, servername);
4561 OPENSSL_free(str);
4562 }
4563 }
4564
Willy Tarreau71d058c2017-07-26 20:09:56 +02004565 /* report the mismatch and indicate if SNI was used or not */
4566 if (!ok && !conn->err_code)
4567 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07004568 return ok;
4569}
4570
Emeric Brun94324a42012-10-11 14:00:19 +02004571/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01004572int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02004573{
Willy Tarreau03209342016-12-22 17:08:28 +01004574 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02004575 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004576 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02004577 SSL_OP_ALL | /* all known workarounds for bugs */
4578 SSL_OP_NO_SSLv2 |
4579 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004580 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02004581 SSL_MODE_ENABLE_PARTIAL_WRITE |
4582 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004583 SSL_MODE_RELEASE_BUFFERS |
4584 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01004585 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004586 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004587 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004588 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004589 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02004590
Thierry Fournier383085f2013-01-24 14:15:43 +01004591 /* Make sure openssl opens /dev/urandom before the chroot */
4592 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004593 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01004594 cfgerr++;
4595 }
4596
Willy Tarreaufce03112015-01-15 21:32:40 +01004597 /* Automatic memory computations need to know we use SSL there */
4598 global.ssl_used_backend = 1;
4599
4600 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02004601 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01004602 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004603 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
4604 curproxy->id, srv->id,
4605 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004606 cfgerr++;
4607 return cfgerr;
4608 }
4609 }
Emeric Brun94324a42012-10-11 14:00:19 +02004610 if (srv->use_ssl)
4611 srv->xprt = &ssl_sock;
4612 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01004613 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02004614
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004615 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004616 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004617 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
4618 proxy_type_str(curproxy), curproxy->id,
4619 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02004620 cfgerr++;
4621 return cfgerr;
4622 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004623
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004624 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004625 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
4626 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4627 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004628 else
4629 flags = conf_ssl_methods->flags;
4630
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004631 /* Real min and max should be determinate with configuration and openssl's capabilities */
4632 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004633 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004634 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004635 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004636
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004637 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004638 min = max = CONF_TLSV_NONE;
4639 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004640 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004641 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004642 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004643 if (min) {
4644 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004645 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
4646 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4647 proxy_type_str(curproxy), curproxy->id, srv->id,
4648 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004649 hole = 0;
4650 }
4651 max = i;
4652 }
4653 else {
4654 min = max = i;
4655 }
4656 }
4657 else {
4658 if (min)
4659 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004660 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004661 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004662 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
4663 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004664 cfgerr += 1;
4665 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004666
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02004667#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004668 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08004669 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004670 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004671 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004672 else
4673 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4674 if (flags & methodVersions[i].flag)
4675 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004676#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004677 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004678 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4679 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004680#endif
4681
4682 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
4683 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004684 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004685
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02004686#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004687 if (global_ssl.async)
4688 mode |= SSL_MODE_ASYNC;
4689#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004690 SSL_CTX_set_mode(ctx, mode);
4691 srv->ssl_ctx.ctx = ctx;
4692
Emeric Bruna7aa3092012-10-26 12:58:00 +02004693 if (srv->ssl_ctx.client_crt) {
4694 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004695 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
4696 proxy_type_str(curproxy), curproxy->id,
4697 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004698 cfgerr++;
4699 }
4700 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004701 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
4702 proxy_type_str(curproxy), curproxy->id,
4703 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004704 cfgerr++;
4705 }
4706 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004707 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
4708 proxy_type_str(curproxy), curproxy->id,
4709 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004710 cfgerr++;
4711 }
4712 }
Emeric Brun94324a42012-10-11 14:00:19 +02004713
Emeric Brun850efd52014-01-29 12:24:34 +01004714 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
4715 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01004716 switch (srv->ssl_ctx.verify) {
4717 case SSL_SOCK_VERIFY_NONE:
4718 verify = SSL_VERIFY_NONE;
4719 break;
4720 case SSL_SOCK_VERIFY_REQUIRED:
4721 verify = SSL_VERIFY_PEER;
4722 break;
4723 }
Evan Broderbe554312013-06-27 00:05:25 -07004724 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01004725 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02004726 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01004727 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02004728 if (srv->ssl_ctx.ca_file) {
4729 /* load CAfile to verify */
4730 if (!SSL_CTX_load_verify_locations(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004731 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to load CA file '%s'.\n",
4732 curproxy->id, srv->id,
4733 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004734 cfgerr++;
4735 }
4736 }
Emeric Brun850efd52014-01-29 12:24:34 +01004737 else {
4738 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01004739 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
4740 curproxy->id, srv->id,
4741 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004742 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01004743 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
4744 curproxy->id, srv->id,
4745 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004746 cfgerr++;
4747 }
Emeric Brunef42d922012-10-11 16:11:36 +02004748#ifdef X509_V_FLAG_CRL_CHECK
4749 if (srv->ssl_ctx.crl_file) {
4750 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
4751
4752 if (!store || !X509_STORE_load_locations(store, srv->ssl_ctx.crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004753 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
4754 curproxy->id, srv->id,
4755 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004756 cfgerr++;
4757 }
4758 else {
4759 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4760 }
4761 }
4762#endif
4763 }
4764
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004765 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
4766 SSL_SESS_CACHE_NO_INTERNAL_STORE);
4767 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02004768 if (srv->ssl_ctx.ciphers &&
4769 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004770 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
4771 curproxy->id, srv->id,
4772 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02004773 cfgerr++;
4774 }
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004775
4776#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
4777 if (srv->ssl_ctx.ciphersuites &&
4778 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphersuites)) {
4779 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set TLS 1.3 cipher suites to '%s'.\n",
4780 curproxy->id, srv->id,
4781 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphersuites);
4782 cfgerr++;
4783 }
4784#endif
Olivier Houchardc7566002018-11-20 23:33:50 +01004785#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
4786 if (srv->ssl_ctx.npn_str)
4787 SSL_CTX_set_next_proto_select_cb(ctx, ssl_sock_srv_select_protos, srv);
4788#endif
4789#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4790 if (srv->ssl_ctx.alpn_str)
4791 SSL_CTX_set_alpn_protos(ctx, (unsigned char *)srv->ssl_ctx.alpn_str, srv->ssl_ctx.alpn_len);
4792#endif
4793
Emeric Brun94324a42012-10-11 14:00:19 +02004794
4795 return cfgerr;
4796}
4797
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004798/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004799 * be NULL, in which case nothing is done. Returns the number of errors
4800 * encountered.
4801 */
Willy Tarreau03209342016-12-22 17:08:28 +01004802int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004803{
4804 struct ebmb_node *node;
4805 struct sni_ctx *sni;
4806 int err = 0;
4807
Willy Tarreaufce03112015-01-15 21:32:40 +01004808 /* Automatic memory computations need to know we use SSL there */
4809 global.ssl_used_frontend = 1;
4810
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004811 /* Make sure openssl opens /dev/urandom before the chroot */
4812 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004813 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004814 err++;
4815 }
4816 /* Create initial_ctx used to start the ssl connection before do switchctx */
4817 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004818 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004819 /* It should not be necessary to call this function, but it's
4820 necessary first to check and move all initialisation related
4821 to initial_ctx in ssl_sock_initial_ctx. */
4822 err += ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx);
4823 }
Emeric Brun0bed9942014-10-30 19:25:24 +01004824 if (bind_conf->default_ctx)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004825 err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx);
Emeric Brun0bed9942014-10-30 19:25:24 +01004826
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004827 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004828 while (node) {
4829 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004830 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4831 /* only initialize the CTX on its first occurrence and
4832 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004833 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004834 node = ebmb_next(node);
4835 }
4836
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004837 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004838 while (node) {
4839 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004840 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4841 /* only initialize the CTX on its first occurrence and
4842 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004843 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004844 node = ebmb_next(node);
4845 }
4846 return err;
4847}
4848
Willy Tarreau55d37912016-12-21 23:38:39 +01004849/* Prepares all the contexts for a bind_conf and allocates the shared SSL
4850 * context if needed. Returns < 0 on error, 0 on success. The warnings and
4851 * alerts are directly emitted since the rest of the stack does it below.
4852 */
4853int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
4854{
4855 struct proxy *px = bind_conf->frontend;
4856 int alloc_ctx;
4857 int err;
4858
4859 if (!bind_conf->is_ssl) {
4860 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004861 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
4862 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01004863 }
4864 return 0;
4865 }
4866 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004867 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004868 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
4869 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004870 }
4871 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004872 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
4873 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004874 return -1;
4875 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004876 }
William Lallemandc61c0b32017-12-04 18:46:39 +01004877 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01004878 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
Frédéric Lécailleb7838af2018-10-22 16:21:39 +02004879 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE, -1,
William Lallemandc3cd35f2017-11-28 11:04:43 +01004880 sizeof(*sh_ssl_sess_tree),
4881 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
Frédéric Lécaille4c8aa112018-10-25 20:22:46 +02004882 if (alloc_ctx <= 0) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01004883 if (alloc_ctx == SHCTX_E_INIT_LOCK)
4884 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
4885 else
4886 ha_alert("Unable to allocate SSL session cache.\n");
4887 return -1;
4888 }
4889 /* free block callback */
4890 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
4891 /* init the root tree within the extra space */
4892 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
4893 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01004894 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004895 err = 0;
4896 /* initialize all certificate contexts */
4897 err += ssl_sock_prepare_all_ctx(bind_conf);
4898
4899 /* initialize CA variables if the certificates generation is enabled */
4900 err += ssl_sock_load_ca(bind_conf);
4901
4902 return -err;
4903}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02004904
4905/* release ssl context allocated for servers. */
4906void ssl_sock_free_srv_ctx(struct server *srv)
4907{
Olivier Houchardc7566002018-11-20 23:33:50 +01004908#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4909 if (srv->ssl_ctx.alpn_str)
4910 free(srv->ssl_ctx.alpn_str);
4911#endif
Lukas Tribusda95fd92018-11-25 13:21:27 +01004912#ifdef OPENSSL_NPN_NEGOTIATED
Olivier Houchardc7566002018-11-20 23:33:50 +01004913 if (srv->ssl_ctx.npn_str)
4914 free(srv->ssl_ctx.npn_str);
Lukas Tribus7706b852018-11-26 22:57:17 +01004915#endif
Christopher Faulet77fe80c2015-07-29 13:02:40 +02004916 if (srv->ssl_ctx.ctx)
4917 SSL_CTX_free(srv->ssl_ctx.ctx);
4918}
4919
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004920/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004921 * be NULL, in which case nothing is done. The default_ctx is nullified too.
4922 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004923void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004924{
4925 struct ebmb_node *node, *back;
4926 struct sni_ctx *sni;
4927
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004928 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004929 while (node) {
4930 sni = ebmb_entry(node, struct sni_ctx, name);
4931 back = ebmb_next(node);
4932 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004933 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02004934 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004935 ssl_sock_free_ssl_conf(sni->conf);
4936 free(sni->conf);
4937 sni->conf = NULL;
4938 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004939 free(sni);
4940 node = back;
4941 }
4942
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004943 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004944 while (node) {
4945 sni = ebmb_entry(node, struct sni_ctx, name);
4946 back = ebmb_next(node);
4947 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004948 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02004949 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004950 ssl_sock_free_ssl_conf(sni->conf);
4951 free(sni->conf);
4952 sni->conf = NULL;
4953 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004954 free(sni);
4955 node = back;
4956 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004957 SSL_CTX_free(bind_conf->initial_ctx);
4958 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004959 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004960 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02004961}
4962
Willy Tarreau795cdab2016-12-22 17:30:54 +01004963/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
4964void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
4965{
4966 ssl_sock_free_ca(bind_conf);
4967 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004968 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01004969 free(bind_conf->ca_sign_file);
4970 free(bind_conf->ca_sign_pass);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02004971 if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) {
Willy Tarreau795cdab2016-12-22 17:30:54 +01004972 free(bind_conf->keys_ref->filename);
4973 free(bind_conf->keys_ref->tlskeys);
4974 LIST_DEL(&bind_conf->keys_ref->list);
4975 free(bind_conf->keys_ref);
4976 }
4977 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01004978 bind_conf->ca_sign_pass = NULL;
4979 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01004980}
4981
Christopher Faulet31af49d2015-06-09 17:29:50 +02004982/* Load CA cert file and private key used to generate certificates */
4983int
Willy Tarreau03209342016-12-22 17:08:28 +01004984ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02004985{
Willy Tarreau03209342016-12-22 17:08:28 +01004986 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004987 FILE *fp;
4988 X509 *cacert = NULL;
4989 EVP_PKEY *capkey = NULL;
4990 int err = 0;
4991
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02004992 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02004993 return err;
4994
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01004995#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02004996 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01004997 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004998 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02004999 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005000 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02005001#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02005002
Christopher Faulet31af49d2015-06-09 17:29:50 +02005003 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005004 ha_alert("Proxy '%s': cannot enable certificate generation, "
5005 "no CA certificate File configured at [%s:%d].\n",
5006 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005007 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005008 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005009
5010 /* read in the CA certificate */
5011 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005012 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5013 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005014 goto load_error;
5015 }
5016 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005017 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5018 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005019 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005020 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005021 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005022 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005023 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
5024 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005025 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005026 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005027
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005028 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005029 bind_conf->ca_sign_cert = cacert;
5030 bind_conf->ca_sign_pkey = capkey;
5031 return err;
5032
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005033 read_error:
5034 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005035 if (capkey) EVP_PKEY_free(capkey);
5036 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005037 load_error:
5038 bind_conf->generate_certs = 0;
5039 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005040 return err;
5041}
5042
5043/* Release CA cert and private key used to generate certificated */
5044void
5045ssl_sock_free_ca(struct bind_conf *bind_conf)
5046{
Christopher Faulet31af49d2015-06-09 17:29:50 +02005047 if (bind_conf->ca_sign_pkey)
5048 EVP_PKEY_free(bind_conf->ca_sign_pkey);
5049 if (bind_conf->ca_sign_cert)
5050 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01005051 bind_conf->ca_sign_pkey = NULL;
5052 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005053}
5054
Emeric Brun46591952012-05-18 15:47:34 +02005055/*
5056 * This function is called if SSL * context is not yet allocated. The function
5057 * is designed to be called before any other data-layer operation and sets the
5058 * handshake flag on the connection. It is safe to call it multiple times.
5059 * It returns 0 on success and -1 in error case.
5060 */
5061static int ssl_sock_init(struct connection *conn)
5062{
5063 /* already initialized */
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005064 if (conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005065 return 0;
5066
Willy Tarreau3c728722014-01-23 13:50:42 +01005067 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005068 return 0;
5069
Willy Tarreau20879a02012-12-03 16:32:10 +01005070 if (global.maxsslconn && sslconns >= global.maxsslconn) {
5071 conn->err_code = CO_ER_SSL_TOO_MANY;
Willy Tarreau403edff2012-09-06 11:58:37 +02005072 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01005073 }
Willy Tarreau403edff2012-09-06 11:58:37 +02005074
Emeric Brun46591952012-05-18 15:47:34 +02005075 /* If it is in client mode initiate SSL session
5076 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005077 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005078 int may_retry = 1;
5079
5080 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02005081 /* Alloc a new SSL session ctx */
Willy Tarreau07d94e42018-09-20 10:57:52 +02005082 conn->xprt_ctx = SSL_new(__objt_server(conn->target)->ssl_ctx.ctx);
Willy Tarreau20879a02012-12-03 16:32:10 +01005083 if (!conn->xprt_ctx) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005084 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005085 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005086 goto retry_connect;
5087 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005088 conn->err_code = CO_ER_SSL_NO_MEM;
Emeric Brun46591952012-05-18 15:47:34 +02005089 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01005090 }
Emeric Brun46591952012-05-18 15:47:34 +02005091
Emeric Brun46591952012-05-18 15:47:34 +02005092 /* set fd on SSL session context */
Willy Tarreau585744b2017-08-24 14:31:19 +02005093 if (!SSL_set_fd(conn->xprt_ctx, conn->handle.fd)) {
Emeric Brun55476152014-11-12 17:35:37 +01005094 SSL_free(conn->xprt_ctx);
5095 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005096 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005097 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005098 goto retry_connect;
5099 }
Emeric Brun55476152014-11-12 17:35:37 +01005100 conn->err_code = CO_ER_SSL_NO_MEM;
5101 return -1;
5102 }
Emeric Brun46591952012-05-18 15:47:34 +02005103
Evan Broderbe554312013-06-27 00:05:25 -07005104 /* set connection pointer */
Thierry FOURNIER28962c92018-06-17 21:37:05 +02005105 if (!SSL_set_ex_data(conn->xprt_ctx, ssl_app_data_index, conn)) {
Emeric Brun55476152014-11-12 17:35:37 +01005106 SSL_free(conn->xprt_ctx);
5107 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005108 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005109 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005110 goto retry_connect;
5111 }
Emeric Brun55476152014-11-12 17:35:37 +01005112 conn->err_code = CO_ER_SSL_NO_MEM;
5113 return -1;
5114 }
5115
5116 SSL_set_connect_state(conn->xprt_ctx);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005117 if (__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5118 const unsigned char *ptr = __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
5119 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, __objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
5120 if (sess && !SSL_set_session(conn->xprt_ctx, sess)) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005121 SSL_SESSION_free(sess);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005122 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5123 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Olivier Houcharde6060c52017-11-16 17:42:52 +01005124 } else if (sess) {
5125 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01005126 }
5127 }
Evan Broderbe554312013-06-27 00:05:25 -07005128
Emeric Brun46591952012-05-18 15:47:34 +02005129 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005130 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02005131
Emeric Brun7ad43e72018-10-10 14:51:02 +02005132 HA_ATOMIC_ADD(&sslconns, 1);
5133 HA_ATOMIC_ADD(&totalsslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02005134 return 0;
5135 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005136 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005137 int may_retry = 1;
5138
5139 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02005140 /* Alloc a new SSL session ctx */
Willy Tarreau07d94e42018-09-20 10:57:52 +02005141 conn->xprt_ctx = SSL_new(__objt_listener(conn->target)->bind_conf->initial_ctx);
Willy Tarreau20879a02012-12-03 16:32:10 +01005142 if (!conn->xprt_ctx) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005143 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005144 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005145 goto retry_accept;
5146 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005147 conn->err_code = CO_ER_SSL_NO_MEM;
Emeric Brun46591952012-05-18 15:47:34 +02005148 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01005149 }
Emeric Brun46591952012-05-18 15:47:34 +02005150
Emeric Brun46591952012-05-18 15:47:34 +02005151 /* set fd on SSL session context */
Willy Tarreau585744b2017-08-24 14:31:19 +02005152 if (!SSL_set_fd(conn->xprt_ctx, conn->handle.fd)) {
Emeric Brun55476152014-11-12 17:35:37 +01005153 SSL_free(conn->xprt_ctx);
5154 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005155 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005156 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005157 goto retry_accept;
5158 }
Emeric Brun55476152014-11-12 17:35:37 +01005159 conn->err_code = CO_ER_SSL_NO_MEM;
5160 return -1;
5161 }
Emeric Brun46591952012-05-18 15:47:34 +02005162
Emeric Brune1f38db2012-09-03 20:36:47 +02005163 /* set connection pointer */
Thierry FOURNIER28962c92018-06-17 21:37:05 +02005164 if (!SSL_set_ex_data(conn->xprt_ctx, ssl_app_data_index, conn)) {
Emeric Brun55476152014-11-12 17:35:37 +01005165 SSL_free(conn->xprt_ctx);
5166 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005167 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005168 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005169 goto retry_accept;
5170 }
Emeric Brun55476152014-11-12 17:35:37 +01005171 conn->err_code = CO_ER_SSL_NO_MEM;
5172 return -1;
5173 }
5174
5175 SSL_set_accept_state(conn->xprt_ctx);
Emeric Brune1f38db2012-09-03 20:36:47 +02005176
Emeric Brun46591952012-05-18 15:47:34 +02005177 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005178 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005179#if OPENSSL_VERSION_NUMBER >= 0x10101000L || defined(OPENSSL_IS_BORINGSSL)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005180 conn->flags |= CO_FL_EARLY_SSL_HS;
5181#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02005182
Emeric Brun7ad43e72018-10-10 14:51:02 +02005183 HA_ATOMIC_ADD(&sslconns, 1);
5184 HA_ATOMIC_ADD(&totalsslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02005185 return 0;
5186 }
5187 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01005188 conn->err_code = CO_ER_SSL_NO_TARGET;
Emeric Brun46591952012-05-18 15:47:34 +02005189 return -1;
5190}
5191
5192
5193/* This is the callback which is used when an SSL handshake is pending. It
5194 * updates the FD status if it wants some polling before being called again.
5195 * It returns 0 if it fails in a fatal way or needs to poll to go further,
5196 * otherwise it returns non-zero and removes itself from the connection's
5197 * flags (the bit is provided in <flag> by the caller).
5198 */
5199int ssl_sock_handshake(struct connection *conn, unsigned int flag)
5200{
5201 int ret;
5202
Willy Tarreau3c728722014-01-23 13:50:42 +01005203 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005204 return 0;
5205
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005206 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005207 goto out_error;
5208
Olivier Houchardc2aae742017-09-22 18:26:28 +02005209#if OPENSSL_VERSION_NUMBER >= 0x10101000L
5210 /*
5211 * Check if we have early data. If we do, we have to read them
5212 * before SSL_do_handshake() is called, And there's no way to
5213 * detect early data, except to try to read them
5214 */
5215 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5216 size_t read_data;
5217
5218 ret = SSL_read_early_data(conn->xprt_ctx, &conn->tmp_early_data,
5219 1, &read_data);
5220 if (ret == SSL_READ_EARLY_DATA_ERROR)
5221 goto check_error;
5222 if (ret == SSL_READ_EARLY_DATA_SUCCESS) {
5223 conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
5224 return 1;
5225 } else
5226 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5227 }
5228#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005229 /* If we use SSL_do_handshake to process a reneg initiated by
5230 * the remote peer, it sometimes returns SSL_ERROR_SSL.
5231 * Usually SSL_write and SSL_read are used and process implicitly
5232 * the reneg handshake.
5233 * Here we use SSL_peek as a workaround for reneg.
5234 */
5235 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(conn->xprt_ctx)) {
5236 char c;
5237
5238 ret = SSL_peek(conn->xprt_ctx, &c, 1);
5239 if (ret <= 0) {
5240 /* handshake may have not been completed, let's find why */
5241 ret = SSL_get_error(conn->xprt_ctx, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005242
Emeric Brun674b7432012-11-08 19:21:55 +01005243 if (ret == SSL_ERROR_WANT_WRITE) {
5244 /* SSL handshake needs to write, L4 connection may not be ready */
5245 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005246 __conn_sock_want_send(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005247 fd_cant_send(conn->handle.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01005248 return 0;
5249 }
5250 else if (ret == SSL_ERROR_WANT_READ) {
5251 /* handshake may have been completed but we have
5252 * no more data to read.
5253 */
5254 if (!SSL_renegotiate_pending(conn->xprt_ctx)) {
5255 ret = 1;
5256 goto reneg_ok;
5257 }
5258 /* SSL handshake needs to read, L4 connection is ready */
5259 if (conn->flags & CO_FL_WAIT_L4_CONN)
5260 conn->flags &= ~CO_FL_WAIT_L4_CONN;
5261 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005262 __conn_sock_want_recv(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005263 fd_cant_recv(conn->handle.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01005264 return 0;
5265 }
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005266#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005267 else if (ret == SSL_ERROR_WANT_ASYNC) {
Emeric Brun3854e012017-05-17 20:42:48 +02005268 ssl_async_process_fds(conn, conn->xprt_ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005269 return 0;
5270 }
5271#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005272 else if (ret == SSL_ERROR_SYSCALL) {
5273 /* if errno is null, then connection was successfully established */
5274 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5275 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01005276 if (!conn->err_code) {
Emeric Brun77e89192018-08-16 11:36:40 +02005277#ifdef OPENSSL_IS_BORINGSSL /* BoringSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005278 conn->err_code = CO_ER_SSL_HANDSHAKE;
5279#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005280 int empty_handshake;
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01005281#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005282 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
5283 empty_handshake = state == TLS_ST_BEFORE;
5284#else
5285 empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
5286#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005287 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02005288 if (!errno) {
5289 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5290 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5291 else
5292 conn->err_code = CO_ER_SSL_EMPTY;
5293 }
5294 else {
5295 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5296 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5297 else
5298 conn->err_code = CO_ER_SSL_ABORT;
5299 }
5300 }
5301 else {
5302 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5303 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01005304 else
Emeric Brun29f037d2014-04-25 19:05:36 +02005305 conn->err_code = CO_ER_SSL_HANDSHAKE;
5306 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005307#endif
Willy Tarreau20879a02012-12-03 16:32:10 +01005308 }
Emeric Brun674b7432012-11-08 19:21:55 +01005309 goto out_error;
5310 }
5311 else {
5312 /* Fail on all other handshake errors */
5313 /* Note: OpenSSL may leave unread bytes in the socket's
5314 * buffer, causing an RST to be emitted upon close() on
5315 * TCP sockets. We first try to drain possibly pending
5316 * data to avoid this as much as possible.
5317 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005318 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005319 if (!conn->err_code)
Willy Tarreauf51c6982014-04-25 20:02:39 +02005320 conn->err_code = (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
5321 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01005322 goto out_error;
5323 }
5324 }
5325 /* read some data: consider handshake completed */
5326 goto reneg_ok;
5327 }
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005328 ret = SSL_do_handshake(conn->xprt_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005329check_error:
Emeric Brun46591952012-05-18 15:47:34 +02005330 if (ret != 1) {
5331 /* handshake did not complete, let's find why */
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005332 ret = SSL_get_error(conn->xprt_ctx, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005333
5334 if (ret == SSL_ERROR_WANT_WRITE) {
5335 /* SSL handshake needs to write, L4 connection may not be ready */
5336 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005337 __conn_sock_want_send(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005338 fd_cant_send(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005339 return 0;
5340 }
5341 else if (ret == SSL_ERROR_WANT_READ) {
5342 /* SSL handshake needs to read, L4 connection is ready */
5343 if (conn->flags & CO_FL_WAIT_L4_CONN)
5344 conn->flags &= ~CO_FL_WAIT_L4_CONN;
5345 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005346 __conn_sock_want_recv(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005347 fd_cant_recv(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005348 return 0;
5349 }
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005350#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005351 else if (ret == SSL_ERROR_WANT_ASYNC) {
Emeric Brun3854e012017-05-17 20:42:48 +02005352 ssl_async_process_fds(conn, conn->xprt_ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005353 return 0;
5354 }
5355#endif
Willy Tarreau89230192012-09-28 20:22:13 +02005356 else if (ret == SSL_ERROR_SYSCALL) {
5357 /* if errno is null, then connection was successfully established */
5358 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5359 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005360 if (!conn->err_code) {
Emeric Brun77e89192018-08-16 11:36:40 +02005361#ifdef OPENSSL_IS_BORINGSSL /* BoringSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005362 conn->err_code = CO_ER_SSL_HANDSHAKE;
5363#else
5364 int empty_handshake;
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01005365#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005366 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
5367 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005368#else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005369 empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005370#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005371 if (empty_handshake) {
5372 if (!errno) {
5373 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5374 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5375 else
5376 conn->err_code = CO_ER_SSL_EMPTY;
5377 }
5378 else {
5379 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5380 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5381 else
5382 conn->err_code = CO_ER_SSL_ABORT;
5383 }
Emeric Brun29f037d2014-04-25 19:05:36 +02005384 }
5385 else {
5386 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5387 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5388 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005389 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02005390 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005391#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02005392 }
Willy Tarreau89230192012-09-28 20:22:13 +02005393 goto out_error;
5394 }
Emeric Brun46591952012-05-18 15:47:34 +02005395 else {
5396 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02005397 /* Note: OpenSSL may leave unread bytes in the socket's
5398 * buffer, causing an RST to be emitted upon close() on
5399 * TCP sockets. We first try to drain possibly pending
5400 * data to avoid this as much as possible.
5401 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005402 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005403 if (!conn->err_code)
Willy Tarreauf51c6982014-04-25 20:02:39 +02005404 conn->err_code = (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
5405 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005406 goto out_error;
5407 }
5408 }
Olivier Houchard522eea72017-11-03 16:27:47 +01005409#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5410 else {
5411 /*
5412 * If the server refused the early data, we have to send a
5413 * 425 to the client, as we no longer have the data to sent
5414 * them again.
5415 */
5416 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
5417 if (SSL_get_early_data_status(conn->xprt_ctx) == SSL_EARLY_DATA_REJECTED) {
5418 conn->err_code = CO_ER_SSL_EARLY_FAILED;
5419 goto out_error;
5420 }
5421 }
5422 }
5423#endif
5424
Emeric Brun46591952012-05-18 15:47:34 +02005425
Emeric Brun674b7432012-11-08 19:21:55 +01005426reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00005427
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005428#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005429 /* ASYNC engine API doesn't support moving read/write
5430 * buffers. So we disable ASYNC mode right after
5431 * the handshake to avoid buffer oveflows.
5432 */
5433 if (global_ssl.async)
5434 SSL_clear_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5435#endif
Emeric Brun46591952012-05-18 15:47:34 +02005436 /* Handshake succeeded */
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005437 if (!SSL_session_reused(conn->xprt_ctx)) {
5438 if (objt_server(conn->target)) {
5439 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
5440 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
5441 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02005442 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005443 else {
5444 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
5445 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
5446 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
5447 }
Emeric Brun46591952012-05-18 15:47:34 +02005448 }
5449
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005450#ifdef OPENSSL_IS_BORINGSSL
5451 if ((conn->flags & CO_FL_EARLY_SSL_HS) && !SSL_in_early_data(conn->xprt_ctx))
5452 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5453#endif
Emeric Brun46591952012-05-18 15:47:34 +02005454 /* The connection is now established at both layers, it's time to leave */
5455 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
5456 return 1;
5457
5458 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005459 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005460 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005461 ERR_clear_error();
5462
Emeric Brun9fa89732012-10-04 17:09:56 +02005463 /* free resumed session if exists */
Willy Tarreau07d94e42018-09-20 10:57:52 +02005464 if (objt_server(conn->target) && __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5465 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5466 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02005467 }
5468
Emeric Brun46591952012-05-18 15:47:34 +02005469 /* Fail on all other handshake errors */
5470 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01005471 if (!conn->err_code)
5472 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005473 return 0;
5474}
5475
5476/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01005477 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02005478 * buffer wraps, in which case a second call may be performed. The connection's
5479 * flags are updated with whatever special event is detected (error, read0,
5480 * empty). The caller is responsible for taking care of those events and
5481 * avoiding the call if inappropriate. The function does not call the
5482 * connection's polling update function, so the caller is responsible for this.
5483 */
Willy Tarreau7f3225f2018-06-19 06:15:17 +02005484static size_t ssl_sock_to_buf(struct connection *conn, struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005485{
Willy Tarreaubfc4d772018-07-18 11:22:03 +02005486 ssize_t ret;
5487 size_t try, done = 0;
Emeric Brun46591952012-05-18 15:47:34 +02005488
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005489 conn_refresh_polling_flags(conn);
5490
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005491 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005492 goto out_error;
5493
5494 if (conn->flags & CO_FL_HANDSHAKE)
5495 /* a handshake was requested */
5496 return 0;
5497
Emeric Brun46591952012-05-18 15:47:34 +02005498 /* read the largest possible block. For this, we perform only one call
5499 * to recv() unless the buffer wraps and we exactly fill the first hunk,
5500 * in which case we accept to do it once again. A new attempt is made on
5501 * EINTR too.
5502 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01005503 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005504 int need_out = 0;
5505
Willy Tarreau591d4452018-06-15 17:21:00 +02005506 try = b_contig_space(buf);
5507 if (!try)
5508 break;
5509
Willy Tarreauabf08d92014-01-14 11:31:27 +01005510 if (try > count)
5511 try = count;
Willy Tarreau591d4452018-06-15 17:21:00 +02005512
Olivier Houchardc2aae742017-09-22 18:26:28 +02005513 if (((conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_EARLY_SSL_HS) &&
5514 conn->tmp_early_data != -1) {
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005515 *b_tail(buf) = conn->tmp_early_data;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005516 done++;
5517 try--;
5518 count--;
Olivier Houchardacd14032018-06-28 18:17:23 +02005519 b_add(buf, 1);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005520 conn->tmp_early_data = -1;
5521 continue;
5522 }
Willy Tarreauabf08d92014-01-14 11:31:27 +01005523
Olivier Houchardc2aae742017-09-22 18:26:28 +02005524#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5525 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5526 size_t read_length;
5527
5528 ret = SSL_read_early_data(conn->xprt_ctx,
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005529 b_tail(buf), try, &read_length);
Olivier Houchard522eea72017-11-03 16:27:47 +01005530 if (ret == SSL_READ_EARLY_DATA_SUCCESS &&
5531 read_length > 0)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005532 conn->flags |= CO_FL_EARLY_DATA;
5533 if (ret == SSL_READ_EARLY_DATA_SUCCESS ||
5534 ret == SSL_READ_EARLY_DATA_FINISH) {
5535 if (ret == SSL_READ_EARLY_DATA_FINISH) {
5536 /*
5537 * We're done reading the early data,
5538 * let's make the handshake
5539 */
5540 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5541 conn->flags |= CO_FL_SSL_WAIT_HS;
5542 need_out = 1;
5543 if (read_length == 0)
5544 break;
5545 }
5546 ret = read_length;
5547 }
5548 } else
5549#endif
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005550 ret = SSL_read(conn->xprt_ctx, b_tail(buf), try);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005551#ifdef OPENSSL_IS_BORINGSSL
5552 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5553 if (SSL_in_early_data(conn->xprt_ctx)) {
5554 if (ret > 0)
5555 conn->flags |= CO_FL_EARLY_DATA;
5556 } else {
Emmanuel Hocdetcebd7962017-11-27 16:14:40 +01005557 conn->flags &= ~(CO_FL_EARLY_SSL_HS);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005558 }
5559 }
5560#endif
Emeric Brune1f38db2012-09-03 20:36:47 +02005561 if (conn->flags & CO_FL_ERROR) {
5562 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005563 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005564 }
Emeric Brun46591952012-05-18 15:47:34 +02005565 if (ret > 0) {
Olivier Houchardacd14032018-06-28 18:17:23 +02005566 b_add(buf, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005567 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005568 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005569 }
Emeric Brun46591952012-05-18 15:47:34 +02005570 else {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005571 ret = SSL_get_error(conn->xprt_ctx, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005572 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005573 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02005574 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01005575 __conn_sock_want_send(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005576#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005577 /* Async mode can be re-enabled, because we're leaving data state.*/
5578 if (global_ssl.async)
5579 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5580#endif
Emeric Brun46591952012-05-18 15:47:34 +02005581 break;
5582 }
5583 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005584 if (SSL_renegotiate_pending(conn->xprt_ctx)) {
5585 /* handshake is running, and it may need to re-enable read */
5586 conn->flags |= CO_FL_SSL_WAIT_HS;
5587 __conn_sock_want_recv(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005588#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005589 /* Async mode can be re-enabled, because we're leaving data state.*/
5590 if (global_ssl.async)
5591 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5592#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005593 break;
5594 }
Emeric Brun46591952012-05-18 15:47:34 +02005595 /* we need to poll for retry a read later */
Willy Tarreau585744b2017-08-24 14:31:19 +02005596 fd_cant_recv(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005597 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005598 } else if (ret == SSL_ERROR_ZERO_RETURN)
5599 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005600 /* For SSL_ERROR_SYSCALL, make sure to clear the error
5601 * stack before shutting down the connection for
5602 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005603 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
5604 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02005605 /* otherwise it's a real error */
5606 goto out_error;
5607 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005608 if (need_out)
5609 break;
Emeric Brun46591952012-05-18 15:47:34 +02005610 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005611 leave:
5612 conn_cond_update_sock_polling(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005613 return done;
5614
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005615 clear_ssl_error:
5616 /* Clear openssl global errors stack */
5617 ssl_sock_dump_errors(conn);
5618 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02005619 read0:
5620 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005621 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005622
Emeric Brun46591952012-05-18 15:47:34 +02005623 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005624 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01005625 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005626 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005627 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005628 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005629}
5630
5631
Willy Tarreau787db9a2018-06-14 18:31:46 +02005632/* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s
5633 * socket. <flags> may contain some CO_SFL_* flags to hint the system about
5634 * other pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02005635 * Only one call to send() is performed, unless the buffer wraps, in which case
5636 * a second call may be performed. The connection's flags are updated with
5637 * whatever special event is detected (error, empty). The caller is responsible
5638 * for taking care of those events and avoiding the call if inappropriate. The
5639 * function does not call the connection's polling update function, so the caller
Willy Tarreau787db9a2018-06-14 18:31:46 +02005640 * is responsible for this. The buffer's output is not adjusted, it's up to the
5641 * caller to take care of this. It's up to the caller to update the buffer's
5642 * contents based on the return value.
Emeric Brun46591952012-05-18 15:47:34 +02005643 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02005644static size_t ssl_sock_from_buf(struct connection *conn, const struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005645{
Willy Tarreau787db9a2018-06-14 18:31:46 +02005646 ssize_t ret;
5647 size_t try, done;
Emeric Brun46591952012-05-18 15:47:34 +02005648
5649 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005650 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005651
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005652 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005653 goto out_error;
5654
5655 if (conn->flags & CO_FL_HANDSHAKE)
5656 /* a handshake was requested */
5657 return 0;
5658
5659 /* send the largest possible block. For this we perform only one call
5660 * to send() unless the buffer wraps and we exactly fill the first hunk,
5661 * in which case we accept to do it once again.
5662 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02005663 while (count) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005664#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5665 size_t written_data;
5666#endif
5667
Willy Tarreau787db9a2018-06-14 18:31:46 +02005668 try = b_contig_data(buf, done);
5669 if (try > count)
5670 try = count;
Willy Tarreaubfd59462013-02-21 07:46:09 +01005671
Willy Tarreau7bed9452014-02-02 02:00:24 +01005672 if (!(flags & CO_SFL_STREAMER) &&
Willy Tarreau518cedd2014-02-17 15:43:01 +01005673 !(conn->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01005674 global_ssl.max_record && try > global_ssl.max_record) {
5675 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005676 }
5677 else {
5678 /* we need to keep the information about the fact that
5679 * we're not limiting the upcoming send(), because if it
5680 * fails, we'll have to retry with at least as many data.
5681 */
5682 conn->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
5683 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01005684
Olivier Houchardc2aae742017-09-22 18:26:28 +02005685#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5686 if (!SSL_is_init_finished(conn->xprt_ctx)) {
5687 unsigned int max_early;
5688
Olivier Houchard522eea72017-11-03 16:27:47 +01005689 if (objt_listener(conn->target))
5690 max_early = SSL_get_max_early_data(conn->xprt_ctx);
5691 else {
5692 if (SSL_get0_session(conn->xprt_ctx))
5693 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(conn->xprt_ctx));
5694 else
5695 max_early = 0;
5696 }
5697
Olivier Houchard90084a12017-11-23 18:21:29 +01005698 if (try + conn->sent_early_data > max_early) {
5699 try -= (try + conn->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01005700 if (try <= 0) {
Olivier Houchard90084a12017-11-23 18:21:29 +01005701 if (!(conn->flags & CO_FL_EARLY_SSL_HS))
5702 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005703 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01005704 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005705 }
Willy Tarreau787db9a2018-06-14 18:31:46 +02005706 ret = SSL_write_early_data(conn->xprt_ctx, b_peek(buf, done), try, &written_data);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005707 if (ret == 1) {
5708 ret = written_data;
Olivier Houchard90084a12017-11-23 18:21:29 +01005709 conn->sent_early_data += ret;
Olivier Houchard522eea72017-11-03 16:27:47 +01005710 if (objt_server(conn->target)) {
5711 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5712 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
5713 }
5714
Olivier Houchardc2aae742017-09-22 18:26:28 +02005715 }
5716
5717 } else
5718#endif
Willy Tarreau787db9a2018-06-14 18:31:46 +02005719 ret = SSL_write(conn->xprt_ctx, b_peek(buf, done), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01005720
Emeric Brune1f38db2012-09-03 20:36:47 +02005721 if (conn->flags & CO_FL_ERROR) {
5722 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005723 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005724 }
Emeric Brun46591952012-05-18 15:47:34 +02005725 if (ret > 0) {
Olivier Houchardf24502b2019-01-17 19:09:11 +01005726 /* A send succeeded, so we can consier ourself connected */
5727 conn->flags |= CO_FL_CONNECTED;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005728 conn->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau787db9a2018-06-14 18:31:46 +02005729 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005730 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005731 }
5732 else {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005733 ret = SSL_get_error(conn->xprt_ctx, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005734
Emeric Brun46591952012-05-18 15:47:34 +02005735 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005736 if (SSL_renegotiate_pending(conn->xprt_ctx)) {
5737 /* handshake is running, and it may need to re-enable write */
5738 conn->flags |= CO_FL_SSL_WAIT_HS;
5739 __conn_sock_want_send(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005740#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005741 /* Async mode can be re-enabled, because we're leaving data state.*/
5742 if (global_ssl.async)
5743 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5744#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005745 break;
5746 }
Emeric Brun46591952012-05-18 15:47:34 +02005747 /* we need to poll to retry a write later */
Willy Tarreau585744b2017-08-24 14:31:19 +02005748 fd_cant_send(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005749 break;
5750 }
5751 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005752 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02005753 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01005754 __conn_sock_want_recv(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005755#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005756 /* Async mode can be re-enabled, because we're leaving data state.*/
5757 if (global_ssl.async)
5758 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5759#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005760 break;
5761 }
Emeric Brun46591952012-05-18 15:47:34 +02005762 goto out_error;
5763 }
5764 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005765 leave:
5766 conn_cond_update_sock_polling(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005767 return done;
5768
5769 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005770 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005771 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005772 ERR_clear_error();
5773
Emeric Brun46591952012-05-18 15:47:34 +02005774 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005775 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005776}
5777
Emeric Brun46591952012-05-18 15:47:34 +02005778static void ssl_sock_close(struct connection *conn) {
5779
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005780 if (conn->xprt_ctx) {
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005781#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02005782 if (global_ssl.async) {
5783 OSSL_ASYNC_FD all_fd[32], afd;
5784 size_t num_all_fds = 0;
5785 int i;
5786
5787 SSL_get_all_async_fds(conn->xprt_ctx, NULL, &num_all_fds);
5788 if (num_all_fds > 32) {
5789 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
5790 return;
5791 }
5792
5793 SSL_get_all_async_fds(conn->xprt_ctx, all_fd, &num_all_fds);
5794
5795 /* If an async job is pending, we must try to
5796 to catch the end using polling before calling
5797 SSL_free */
5798 if (num_all_fds && SSL_waiting_for_async(conn->xprt_ctx)) {
5799 for (i=0 ; i < num_all_fds ; i++) {
5800 /* switch on an handler designed to
5801 * handle the SSL_free
5802 */
5803 afd = all_fd[i];
5804 fdtab[afd].iocb = ssl_async_fd_free;
5805 fdtab[afd].owner = conn->xprt_ctx;
5806 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00005807 /* To ensure that the fd cache won't be used
5808 * and we'll catch a real RD event.
5809 */
5810 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02005811 }
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005812 conn->xprt_ctx = NULL;
Christopher Faulet8d8aa0d2017-05-30 15:36:50 +02005813 HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005814 return;
5815 }
Emeric Brun3854e012017-05-17 20:42:48 +02005816 /* Else we can remove the fds from the fdtab
5817 * and call SSL_free.
5818 * note: we do a fd_remove and not a delete
5819 * because the fd is owned by the engine.
5820 * the engine is responsible to close
5821 */
5822 for (i=0 ; i < num_all_fds ; i++)
5823 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005824 }
5825#endif
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005826 SSL_free(conn->xprt_ctx);
5827 conn->xprt_ctx = NULL;
Emeric Brun7ad43e72018-10-10 14:51:02 +02005828 HA_ATOMIC_SUB(&sslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02005829 }
Emeric Brun46591952012-05-18 15:47:34 +02005830}
5831
5832/* This function tries to perform a clean shutdown on an SSL connection, and in
5833 * any case, flags the connection as reusable if no handshake was in progress.
5834 */
5835static void ssl_sock_shutw(struct connection *conn, int clean)
5836{
5837 if (conn->flags & CO_FL_HANDSHAKE)
5838 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01005839 if (!clean)
5840 /* don't sent notify on SSL_shutdown */
Willy Tarreaue3cc3a32017-02-13 11:12:29 +01005841 SSL_set_quiet_shutdown(conn->xprt_ctx, 1);
Emeric Brun46591952012-05-18 15:47:34 +02005842 /* no handshake was in progress, try a clean ssl shutdown */
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01005843 if (SSL_shutdown(conn->xprt_ctx) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01005844 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005845 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005846 ERR_clear_error();
5847 }
Emeric Brun46591952012-05-18 15:47:34 +02005848}
5849
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01005850/* used for ppv2 pkey alog (can be used for logging) */
Willy Tarreau83061a82018-07-13 11:56:34 +02005851int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01005852{
5853 struct pkey_info *pkinfo;
5854 int bits = 0;
5855 int sig = TLSEXT_signature_anonymous;
5856 int len = -1;
5857
5858 if (!ssl_sock_is_ssl(conn))
5859 return 0;
5860
Emmanuel Hocdet3448c492018-06-18 12:44:19 +02005861 pkinfo = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(conn->xprt_ctx), ssl_pkey_info_index);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01005862 if (pkinfo) {
5863 sig = pkinfo->sig;
5864 bits = pkinfo->bits;
5865 } else {
5866 /* multicert and generated cert have no pkey info */
5867 X509 *crt;
5868 EVP_PKEY *pkey;
5869 crt = SSL_get_certificate(conn->xprt_ctx);
5870 if (!crt)
5871 return 0;
5872 pkey = X509_get_pubkey(crt);
5873 if (pkey) {
5874 bits = EVP_PKEY_bits(pkey);
5875 switch(EVP_PKEY_base_id(pkey)) {
5876 case EVP_PKEY_RSA:
5877 sig = TLSEXT_signature_rsa;
5878 break;
5879 case EVP_PKEY_EC:
5880 sig = TLSEXT_signature_ecdsa;
5881 break;
5882 case EVP_PKEY_DSA:
5883 sig = TLSEXT_signature_dsa;
5884 break;
5885 }
5886 EVP_PKEY_free(pkey);
5887 }
5888 }
5889
5890 switch(sig) {
5891 case TLSEXT_signature_rsa:
5892 len = chunk_printf(out, "RSA%d", bits);
5893 break;
5894 case TLSEXT_signature_ecdsa:
5895 len = chunk_printf(out, "EC%d", bits);
5896 break;
5897 case TLSEXT_signature_dsa:
5898 len = chunk_printf(out, "DSA%d", bits);
5899 break;
5900 default:
5901 return 0;
5902 }
5903 if (len < 0)
5904 return 0;
5905 return 1;
5906}
5907
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01005908/* used for ppv2 cert signature (can be used for logging) */
5909const char *ssl_sock_get_cert_sig(struct connection *conn)
5910{
5911 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
5912 X509 *crt;
5913
5914 if (!ssl_sock_is_ssl(conn))
5915 return NULL;
5916 crt = SSL_get_certificate(conn->xprt_ctx);
5917 if (!crt)
5918 return NULL;
5919 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
5920 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
5921}
5922
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01005923/* used for ppv2 authority */
5924const char *ssl_sock_get_sni(struct connection *conn)
5925{
5926#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
5927 if (!ssl_sock_is_ssl(conn))
5928 return NULL;
5929 return SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
5930#else
5931 return 0;
5932#endif
5933}
5934
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005935/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005936const char *ssl_sock_get_cipher_name(struct connection *conn)
5937{
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005938 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005939 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005940
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005941 return SSL_get_cipher_name(conn->xprt_ctx);
5942}
5943
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005944/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005945const char *ssl_sock_get_proto_version(struct connection *conn)
5946{
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005947 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005948 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005949
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005950 return SSL_get_version(conn->xprt_ctx);
5951}
5952
Willy Tarreau8d598402012-10-22 17:58:39 +02005953/* Extract a serial from a cert, and copy it to a chunk.
5954 * Returns 1 if serial is found and copied, 0 if no serial found and
5955 * -1 if output is not large enough.
5956 */
5957static int
Willy Tarreau83061a82018-07-13 11:56:34 +02005958ssl_sock_get_serial(X509 *crt, struct buffer *out)
Willy Tarreau8d598402012-10-22 17:58:39 +02005959{
5960 ASN1_INTEGER *serial;
5961
5962 serial = X509_get_serialNumber(crt);
5963 if (!serial)
5964 return 0;
5965
5966 if (out->size < serial->length)
5967 return -1;
5968
Willy Tarreau843b7cb2018-07-13 10:54:26 +02005969 memcpy(out->area, serial->data, serial->length);
5970 out->data = serial->length;
Willy Tarreau8d598402012-10-22 17:58:39 +02005971 return 1;
5972}
5973
Emeric Brun43e79582014-10-29 19:03:26 +01005974/* Extract a cert to der, and copy it to a chunk.
Joseph Herlant017b3da2018-11-15 09:07:59 -08005975 * Returns 1 if the cert is found and copied, 0 on der conversion failure
5976 * and -1 if the output is not large enough.
Emeric Brun43e79582014-10-29 19:03:26 +01005977 */
5978static int
Willy Tarreau83061a82018-07-13 11:56:34 +02005979ssl_sock_crt2der(X509 *crt, struct buffer *out)
Emeric Brun43e79582014-10-29 19:03:26 +01005980{
5981 int len;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02005982 unsigned char *p = (unsigned char *) out->area;;
Emeric Brun43e79582014-10-29 19:03:26 +01005983
5984 len =i2d_X509(crt, NULL);
5985 if (len <= 0)
5986 return 1;
5987
5988 if (out->size < len)
5989 return -1;
5990
5991 i2d_X509(crt,&p);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02005992 out->data = len;
Emeric Brun43e79582014-10-29 19:03:26 +01005993 return 1;
5994}
5995
Emeric Brunce5ad802012-10-22 14:11:22 +02005996
Willy Tarreau83061a82018-07-13 11:56:34 +02005997/* Copy Date in ASN1_UTCTIME format in struct buffer out.
Emeric Brunce5ad802012-10-22 14:11:22 +02005998 * Returns 1 if serial is found and copied, 0 if no valid time found
5999 * and -1 if output is not large enough.
6000 */
6001static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006002ssl_sock_get_time(ASN1_TIME *tm, struct buffer *out)
Emeric Brunce5ad802012-10-22 14:11:22 +02006003{
6004 if (tm->type == V_ASN1_GENERALIZEDTIME) {
6005 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
6006
6007 if (gentm->length < 12)
6008 return 0;
6009 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
6010 return 0;
6011 if (out->size < gentm->length-2)
6012 return -1;
6013
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006014 memcpy(out->area, gentm->data+2, gentm->length-2);
6015 out->data = gentm->length-2;
Emeric Brunce5ad802012-10-22 14:11:22 +02006016 return 1;
6017 }
6018 else if (tm->type == V_ASN1_UTCTIME) {
6019 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
6020
6021 if (utctm->length < 10)
6022 return 0;
6023 if (utctm->data[0] >= 0x35)
6024 return 0;
6025 if (out->size < utctm->length)
6026 return -1;
6027
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006028 memcpy(out->area, utctm->data, utctm->length);
6029 out->data = utctm->length;
Emeric Brunce5ad802012-10-22 14:11:22 +02006030 return 1;
6031 }
6032
6033 return 0;
6034}
6035
Emeric Brun87855892012-10-17 17:39:35 +02006036/* Extract an entry from a X509_NAME and copy its value to an output chunk.
6037 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
6038 */
6039static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006040ssl_sock_get_dn_entry(X509_NAME *a, const struct buffer *entry, int pos,
6041 struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006042{
6043 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006044 ASN1_OBJECT *obj;
6045 ASN1_STRING *data;
6046 const unsigned char *data_ptr;
6047 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006048 int i, j, n;
6049 int cur = 0;
6050 const char *s;
6051 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006052 int name_count;
6053
6054 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006055
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006056 out->data = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006057 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02006058 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006059 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02006060 else
6061 j = i;
6062
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006063 ne = X509_NAME_get_entry(a, j);
6064 obj = X509_NAME_ENTRY_get_object(ne);
6065 data = X509_NAME_ENTRY_get_data(ne);
6066 data_ptr = ASN1_STRING_get0_data(data);
6067 data_len = ASN1_STRING_length(data);
6068 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006069 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006070 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006071 s = tmp;
6072 }
6073
6074 if (chunk_strcasecmp(entry, s) != 0)
6075 continue;
6076
6077 if (pos < 0)
6078 cur--;
6079 else
6080 cur++;
6081
6082 if (cur != pos)
6083 continue;
6084
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006085 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02006086 return -1;
6087
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006088 memcpy(out->area, data_ptr, data_len);
6089 out->data = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006090 return 1;
6091 }
6092
6093 return 0;
6094
6095}
6096
6097/* Extract and format full DN from a X509_NAME and copy result into a chunk
6098 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
6099 */
6100static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006101ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006102{
6103 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006104 ASN1_OBJECT *obj;
6105 ASN1_STRING *data;
6106 const unsigned char *data_ptr;
6107 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006108 int i, n, ln;
6109 int l = 0;
6110 const char *s;
6111 char *p;
6112 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006113 int name_count;
6114
6115
6116 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006117
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006118 out->data = 0;
6119 p = out->area;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006120 for (i = 0; i < name_count; i++) {
6121 ne = X509_NAME_get_entry(a, i);
6122 obj = X509_NAME_ENTRY_get_object(ne);
6123 data = X509_NAME_ENTRY_get_data(ne);
6124 data_ptr = ASN1_STRING_get0_data(data);
6125 data_len = ASN1_STRING_length(data);
6126 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006127 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006128 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006129 s = tmp;
6130 }
6131 ln = strlen(s);
6132
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006133 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006134 if (l > out->size)
6135 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006136 out->data = l;
Emeric Brun87855892012-10-17 17:39:35 +02006137
6138 *(p++)='/';
6139 memcpy(p, s, ln);
6140 p += ln;
6141 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006142 memcpy(p, data_ptr, data_len);
6143 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006144 }
6145
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006146 if (!out->data)
Emeric Brun87855892012-10-17 17:39:35 +02006147 return 0;
6148
6149 return 1;
6150}
6151
Olivier Houchardab28a322018-12-21 19:45:40 +01006152void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int len)
6153{
6154#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
6155 SSL_set_alpn_protos(conn->xprt_ctx, alpn, len);
6156#endif
6157}
6158
Willy Tarreau119a4082016-12-22 21:58:38 +01006159/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
6160 * to disable SNI.
6161 */
Willy Tarreau63076412015-07-10 11:33:32 +02006162void ssl_sock_set_servername(struct connection *conn, const char *hostname)
6163{
6164#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau119a4082016-12-22 21:58:38 +01006165 char *prev_name;
6166
Willy Tarreau63076412015-07-10 11:33:32 +02006167 if (!ssl_sock_is_ssl(conn))
6168 return;
6169
Willy Tarreau119a4082016-12-22 21:58:38 +01006170 /* if the SNI changes, we must destroy the reusable context so that a
6171 * new connection will present a new SNI. As an optimization we could
6172 * later imagine having a small cache of ssl_ctx to hold a few SNI per
6173 * server.
6174 */
6175 prev_name = (char *)SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
6176 if ((!prev_name && hostname) ||
6177 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
6178 SSL_set_session(conn->xprt_ctx, NULL);
6179
Willy Tarreau63076412015-07-10 11:33:32 +02006180 SSL_set_tlsext_host_name(conn->xprt_ctx, hostname);
6181#endif
6182}
6183
Emeric Brun0abf8362014-06-24 18:26:41 +02006184/* Extract peer certificate's common name into the chunk dest
6185 * Returns
6186 * the len of the extracted common name
6187 * or 0 if no CN found in DN
6188 * or -1 on error case (i.e. no peer certificate)
6189 */
Willy Tarreau83061a82018-07-13 11:56:34 +02006190int ssl_sock_get_remote_common_name(struct connection *conn,
6191 struct buffer *dest)
David Safb76832014-05-08 23:42:08 -04006192{
6193 X509 *crt = NULL;
6194 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04006195 const char find_cn[] = "CN";
Willy Tarreau83061a82018-07-13 11:56:34 +02006196 const struct buffer find_cn_chunk = {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006197 .area = (char *)&find_cn,
6198 .data = sizeof(find_cn)-1
David Safb76832014-05-08 23:42:08 -04006199 };
Emeric Brun0abf8362014-06-24 18:26:41 +02006200 int result = -1;
David Safb76832014-05-08 23:42:08 -04006201
6202 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02006203 goto out;
David Safb76832014-05-08 23:42:08 -04006204
6205 /* SSL_get_peer_certificate, it increase X509 * ref count */
6206 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6207 if (!crt)
6208 goto out;
6209
6210 name = X509_get_subject_name(crt);
6211 if (!name)
6212 goto out;
David Safb76832014-05-08 23:42:08 -04006213
Emeric Brun0abf8362014-06-24 18:26:41 +02006214 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
6215out:
David Safb76832014-05-08 23:42:08 -04006216 if (crt)
6217 X509_free(crt);
6218
6219 return result;
6220}
6221
Dave McCowan328fb582014-07-30 10:39:13 -04006222/* returns 1 if client passed a certificate for this session, 0 if not */
6223int ssl_sock_get_cert_used_sess(struct connection *conn)
6224{
6225 X509 *crt = NULL;
6226
6227 if (!ssl_sock_is_ssl(conn))
6228 return 0;
6229
6230 /* SSL_get_peer_certificate, it increase X509 * ref count */
6231 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6232 if (!crt)
6233 return 0;
6234
6235 X509_free(crt);
6236 return 1;
6237}
6238
6239/* returns 1 if client passed a certificate for this connection, 0 if not */
6240int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04006241{
6242 if (!ssl_sock_is_ssl(conn))
6243 return 0;
6244
6245 return SSL_SOCK_ST_FL_VERIFY_DONE & conn->xprt_st ? 1 : 0;
6246}
6247
6248/* returns result from SSL verify */
6249unsigned int ssl_sock_get_verify_result(struct connection *conn)
6250{
6251 if (!ssl_sock_is_ssl(conn))
6252 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
6253
6254 return (unsigned int)SSL_get_verify_result(conn->xprt_ctx);
6255}
6256
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006257/* Returns the application layer protocol name in <str> and <len> when known.
6258 * Zero is returned if the protocol name was not found, otherwise non-zero is
6259 * returned. The string is allocated in the SSL context and doesn't have to be
6260 * freed by the caller. NPN is also checked if available since older versions
6261 * of openssl (1.0.1) which are more common in field only support this one.
6262 */
6263static int ssl_sock_get_alpn(const struct connection *conn, const char **str, int *len)
6264{
6265 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6266 return 0;
6267
6268 *str = NULL;
6269
6270#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
6271 SSL_get0_alpn_selected(conn->xprt_ctx, (const unsigned char **)str, (unsigned *)len);
6272 if (*str)
6273 return 1;
6274#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01006275#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006276 SSL_get0_next_proto_negotiated(conn->xprt_ctx, (const unsigned char **)str, (unsigned *)len);
6277 if (*str)
6278 return 1;
6279#endif
6280 return 0;
6281}
6282
Willy Tarreau7875d092012-09-10 08:20:03 +02006283/***** Below are some sample fetching functions for ACL/patterns *****/
6284
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006285static int
6286smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
6287{
6288 struct connection *conn;
6289
6290 conn = objt_conn(smp->sess->origin);
6291 if (!conn || conn->xprt != &ssl_sock)
6292 return 0;
6293
6294 smp->flags = 0;
6295 smp->data.type = SMP_T_BOOL;
Olivier Houchard25ae45a2017-11-29 19:51:19 +01006296 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
6297 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_HANDSHAKE))) ? 1 : 0;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006298
6299 return 1;
6300}
6301
Emeric Brune64aef12012-09-21 13:15:06 +02006302/* boolean, returns true if client cert was present */
6303static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006304smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02006305{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006306 struct connection *conn;
6307
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006308 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006309 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02006310 return 0;
6311
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006312 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02006313 smp->flags |= SMP_F_MAY_CHANGE;
6314 return 0;
6315 }
6316
6317 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006318 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006319 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & conn->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02006320
6321 return 1;
6322}
6323
Emeric Brun43e79582014-10-29 19:03:26 +01006324/* binary, returns a certificate in a binary chunk (der/raw).
6325 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6326 * should be use.
6327 */
6328static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006329smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01006330{
6331 int cert_peer = (kw[4] == 'c') ? 1 : 0;
6332 X509 *crt = NULL;
6333 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006334 struct buffer *smp_trash;
Emeric Brun43e79582014-10-29 19:03:26 +01006335 struct connection *conn;
6336
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006337 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01006338 if (!conn || conn->xprt != &ssl_sock)
6339 return 0;
6340
6341 if (!(conn->flags & CO_FL_CONNECTED)) {
6342 smp->flags |= SMP_F_MAY_CHANGE;
6343 return 0;
6344 }
6345
6346 if (cert_peer)
6347 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6348 else
6349 crt = SSL_get_certificate(conn->xprt_ctx);
6350
6351 if (!crt)
6352 goto out;
6353
6354 smp_trash = get_trash_chunk();
6355 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
6356 goto out;
6357
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006358 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006359 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01006360 ret = 1;
6361out:
6362 /* SSL_get_peer_certificate, it increase X509 * ref count */
6363 if (cert_peer && crt)
6364 X509_free(crt);
6365 return ret;
6366}
6367
Emeric Brunba841a12014-04-30 17:05:08 +02006368/* binary, returns serial of certificate in a binary chunk.
6369 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6370 * should be use.
6371 */
Willy Tarreau8d598402012-10-22 17:58:39 +02006372static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006373smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02006374{
Emeric Brunba841a12014-04-30 17:05:08 +02006375 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02006376 X509 *crt = NULL;
6377 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006378 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006379 struct connection *conn;
6380
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006381 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006382 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02006383 return 0;
6384
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006385 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02006386 smp->flags |= SMP_F_MAY_CHANGE;
6387 return 0;
6388 }
6389
Emeric Brunba841a12014-04-30 17:05:08 +02006390 if (cert_peer)
6391 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6392 else
6393 crt = SSL_get_certificate(conn->xprt_ctx);
6394
Willy Tarreau8d598402012-10-22 17:58:39 +02006395 if (!crt)
6396 goto out;
6397
Willy Tarreau47ca5452012-12-23 20:22:19 +01006398 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02006399 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
6400 goto out;
6401
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006402 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006403 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02006404 ret = 1;
6405out:
Emeric Brunba841a12014-04-30 17:05:08 +02006406 /* SSL_get_peer_certificate, it increase X509 * ref count */
6407 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02006408 X509_free(crt);
6409 return ret;
6410}
Emeric Brune64aef12012-09-21 13:15:06 +02006411
Emeric Brunba841a12014-04-30 17:05:08 +02006412/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
6413 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6414 * should be use.
6415 */
James Votha051b4a2013-05-14 20:37:59 +02006416static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006417smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02006418{
Emeric Brunba841a12014-04-30 17:05:08 +02006419 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02006420 X509 *crt = NULL;
6421 const EVP_MD *digest;
6422 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006423 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006424 struct connection *conn;
James Votha051b4a2013-05-14 20:37:59 +02006425
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006426 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006427 if (!conn || conn->xprt != &ssl_sock)
6428 return 0;
6429
6430 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02006431 smp->flags |= SMP_F_MAY_CHANGE;
6432 return 0;
6433 }
6434
Emeric Brunba841a12014-04-30 17:05:08 +02006435 if (cert_peer)
6436 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6437 else
6438 crt = SSL_get_certificate(conn->xprt_ctx);
James Votha051b4a2013-05-14 20:37:59 +02006439 if (!crt)
6440 goto out;
6441
6442 smp_trash = get_trash_chunk();
6443 digest = EVP_sha1();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006444 X509_digest(crt, digest, (unsigned char *) smp_trash->area,
6445 (unsigned int *)&smp_trash->data);
James Votha051b4a2013-05-14 20:37:59 +02006446
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006447 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006448 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02006449 ret = 1;
6450out:
Emeric Brunba841a12014-04-30 17:05:08 +02006451 /* SSL_get_peer_certificate, it increase X509 * ref count */
6452 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02006453 X509_free(crt);
6454 return ret;
6455}
6456
Emeric Brunba841a12014-04-30 17:05:08 +02006457/* string, returns certificate's notafter date in ASN1_UTCTIME format.
6458 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6459 * should be use.
6460 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006461static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006462smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006463{
Emeric Brunba841a12014-04-30 17:05:08 +02006464 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006465 X509 *crt = NULL;
6466 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006467 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006468 struct connection *conn;
Emeric Brunce5ad802012-10-22 14:11:22 +02006469
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006470 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006471 if (!conn || conn->xprt != &ssl_sock)
6472 return 0;
6473
6474 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006475 smp->flags |= SMP_F_MAY_CHANGE;
6476 return 0;
6477 }
6478
Emeric Brunba841a12014-04-30 17:05:08 +02006479 if (cert_peer)
6480 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6481 else
6482 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brunce5ad802012-10-22 14:11:22 +02006483 if (!crt)
6484 goto out;
6485
Willy Tarreau47ca5452012-12-23 20:22:19 +01006486 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08006487 if (ssl_sock_get_time(X509_getm_notAfter(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02006488 goto out;
6489
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006490 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006491 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006492 ret = 1;
6493out:
Emeric Brunba841a12014-04-30 17:05:08 +02006494 /* SSL_get_peer_certificate, it increase X509 * ref count */
6495 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006496 X509_free(crt);
6497 return ret;
6498}
6499
Emeric Brunba841a12014-04-30 17:05:08 +02006500/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
6501 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6502 * should be use.
6503 */
Emeric Brun87855892012-10-17 17:39:35 +02006504static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006505smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006506{
Emeric Brunba841a12014-04-30 17:05:08 +02006507 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006508 X509 *crt = NULL;
6509 X509_NAME *name;
6510 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006511 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006512 struct connection *conn;
Emeric Brun87855892012-10-17 17:39:35 +02006513
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006514 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006515 if (!conn || conn->xprt != &ssl_sock)
6516 return 0;
6517
6518 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006519 smp->flags |= SMP_F_MAY_CHANGE;
6520 return 0;
6521 }
6522
Emeric Brunba841a12014-04-30 17:05:08 +02006523 if (cert_peer)
6524 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6525 else
6526 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun87855892012-10-17 17:39:35 +02006527 if (!crt)
6528 goto out;
6529
6530 name = X509_get_issuer_name(crt);
6531 if (!name)
6532 goto out;
6533
Willy Tarreau47ca5452012-12-23 20:22:19 +01006534 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006535 if (args && args[0].type == ARGT_STR) {
6536 int pos = 1;
6537
6538 if (args[1].type == ARGT_SINT)
6539 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006540
6541 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6542 goto out;
6543 }
6544 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6545 goto out;
6546
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006547 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006548 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006549 ret = 1;
6550out:
Emeric Brunba841a12014-04-30 17:05:08 +02006551 /* SSL_get_peer_certificate, it increase X509 * ref count */
6552 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006553 X509_free(crt);
6554 return ret;
6555}
6556
Emeric Brunba841a12014-04-30 17:05:08 +02006557/* string, returns notbefore date in ASN1_UTCTIME format.
6558 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6559 * should be use.
6560 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006561static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006562smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006563{
Emeric Brunba841a12014-04-30 17:05:08 +02006564 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006565 X509 *crt = NULL;
6566 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006567 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006568 struct connection *conn;
6569
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006570 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006571 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02006572 return 0;
6573
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006574 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006575 smp->flags |= SMP_F_MAY_CHANGE;
6576 return 0;
6577 }
6578
Emeric Brunba841a12014-04-30 17:05:08 +02006579 if (cert_peer)
6580 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6581 else
6582 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brunce5ad802012-10-22 14:11:22 +02006583 if (!crt)
6584 goto out;
6585
Willy Tarreau47ca5452012-12-23 20:22:19 +01006586 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08006587 if (ssl_sock_get_time(X509_getm_notBefore(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02006588 goto out;
6589
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006590 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006591 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006592 ret = 1;
6593out:
Emeric Brunba841a12014-04-30 17:05:08 +02006594 /* SSL_get_peer_certificate, it increase X509 * ref count */
6595 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006596 X509_free(crt);
6597 return ret;
6598}
6599
Emeric Brunba841a12014-04-30 17:05:08 +02006600/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
6601 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6602 * should be use.
6603 */
Emeric Brun87855892012-10-17 17:39:35 +02006604static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006605smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006606{
Emeric Brunba841a12014-04-30 17:05:08 +02006607 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006608 X509 *crt = NULL;
6609 X509_NAME *name;
6610 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006611 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006612 struct connection *conn;
Emeric Brun87855892012-10-17 17:39:35 +02006613
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006614 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006615 if (!conn || conn->xprt != &ssl_sock)
6616 return 0;
6617
6618 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006619 smp->flags |= SMP_F_MAY_CHANGE;
6620 return 0;
6621 }
6622
Emeric Brunba841a12014-04-30 17:05:08 +02006623 if (cert_peer)
6624 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6625 else
6626 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun87855892012-10-17 17:39:35 +02006627 if (!crt)
6628 goto out;
6629
6630 name = X509_get_subject_name(crt);
6631 if (!name)
6632 goto out;
6633
Willy Tarreau47ca5452012-12-23 20:22:19 +01006634 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006635 if (args && args[0].type == ARGT_STR) {
6636 int pos = 1;
6637
6638 if (args[1].type == ARGT_SINT)
6639 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006640
6641 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6642 goto out;
6643 }
6644 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6645 goto out;
6646
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006647 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006648 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006649 ret = 1;
6650out:
Emeric Brunba841a12014-04-30 17:05:08 +02006651 /* SSL_get_peer_certificate, it increase X509 * ref count */
6652 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006653 X509_free(crt);
6654 return ret;
6655}
Emeric Brun9143d372012-12-20 15:44:16 +01006656
6657/* integer, returns true if current session use a client certificate */
6658static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006659smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01006660{
6661 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006662 struct connection *conn;
Emeric Brun9143d372012-12-20 15:44:16 +01006663
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006664 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006665 if (!conn || conn->xprt != &ssl_sock)
6666 return 0;
6667
6668 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01006669 smp->flags |= SMP_F_MAY_CHANGE;
6670 return 0;
6671 }
6672
6673 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006674 crt = SSL_get_peer_certificate(conn->xprt_ctx);
Emeric Brun9143d372012-12-20 15:44:16 +01006675 if (crt) {
6676 X509_free(crt);
6677 }
6678
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006679 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006680 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01006681 return 1;
6682}
6683
Emeric Brunba841a12014-04-30 17:05:08 +02006684/* integer, returns the certificate version
6685 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6686 * should be use.
6687 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02006688static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006689smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006690{
Emeric Brunba841a12014-04-30 17:05:08 +02006691 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006692 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006693 struct connection *conn;
6694
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006695 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006696 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006697 return 0;
6698
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006699 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02006700 smp->flags |= SMP_F_MAY_CHANGE;
6701 return 0;
6702 }
6703
Emeric Brunba841a12014-04-30 17:05:08 +02006704 if (cert_peer)
6705 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6706 else
6707 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Bruna7359fd2012-10-17 15:03:11 +02006708 if (!crt)
6709 return 0;
6710
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006711 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02006712 /* SSL_get_peer_certificate increase X509 * ref count */
6713 if (cert_peer)
6714 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006715 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006716
6717 return 1;
6718}
6719
Emeric Brunba841a12014-04-30 17:05:08 +02006720/* string, returns the certificate's signature algorithm.
6721 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6722 * should be use.
6723 */
Emeric Brun7f56e742012-10-19 18:15:40 +02006724static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006725smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02006726{
Emeric Brunba841a12014-04-30 17:05:08 +02006727 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02006728 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006729 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02006730 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006731 struct connection *conn;
Emeric Brun7f56e742012-10-19 18:15:40 +02006732
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006733 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006734 if (!conn || conn->xprt != &ssl_sock)
6735 return 0;
6736
6737 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02006738 smp->flags |= SMP_F_MAY_CHANGE;
6739 return 0;
6740 }
6741
Emeric Brunba841a12014-04-30 17:05:08 +02006742 if (cert_peer)
6743 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6744 else
6745 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun7f56e742012-10-19 18:15:40 +02006746 if (!crt)
6747 return 0;
6748
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006749 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6750 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02006751
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006752 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
6753 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02006754 /* SSL_get_peer_certificate increase X509 * ref count */
6755 if (cert_peer)
6756 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02006757 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02006758 }
Emeric Brun7f56e742012-10-19 18:15:40 +02006759
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006760 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006761 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006762 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02006763 /* SSL_get_peer_certificate increase X509 * ref count */
6764 if (cert_peer)
6765 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02006766
6767 return 1;
6768}
6769
Emeric Brunba841a12014-04-30 17:05:08 +02006770/* string, returns the certificate's key algorithm.
6771 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6772 * should be use.
6773 */
Emeric Brun521a0112012-10-22 12:22:55 +02006774static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006775smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02006776{
Emeric Brunba841a12014-04-30 17:05:08 +02006777 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02006778 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006779 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02006780 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006781 struct connection *conn;
Emeric Brun521a0112012-10-22 12:22:55 +02006782
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006783 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006784 if (!conn || conn->xprt != &ssl_sock)
6785 return 0;
6786
6787 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02006788 smp->flags |= SMP_F_MAY_CHANGE;
6789 return 0;
6790 }
6791
Emeric Brunba841a12014-04-30 17:05:08 +02006792 if (cert_peer)
6793 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6794 else
6795 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun521a0112012-10-22 12:22:55 +02006796 if (!crt)
6797 return 0;
6798
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006799 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
6800 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02006801
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006802 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
6803 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02006804 /* SSL_get_peer_certificate increase X509 * ref count */
6805 if (cert_peer)
6806 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02006807 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02006808 }
Emeric Brun521a0112012-10-22 12:22:55 +02006809
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006810 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006811 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006812 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02006813 if (cert_peer)
6814 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02006815
6816 return 1;
6817}
6818
Emeric Brun645ae792014-04-30 14:21:06 +02006819/* boolean, returns true if front conn. transport layer is SSL.
6820 * This function is also usable on backend conn if the fetch keyword 5th
6821 * char is 'b'.
6822 */
Willy Tarreau7875d092012-09-10 08:20:03 +02006823static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006824smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006825{
Emeric Bruneb8def92018-02-19 15:59:48 +01006826 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6827 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006828
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006829 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006830 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02006831 return 1;
6832}
6833
Emeric Brun2525b6b2012-10-18 15:59:43 +02006834/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02006835static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006836smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006837{
6838#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006839 struct connection *conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006840
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006841 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006842 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006843 conn->xprt_ctx &&
6844 SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02006845 return 1;
6846#else
6847 return 0;
6848#endif
6849}
6850
Emeric Brun74f7ffa2018-02-19 16:14:12 +01006851/* boolean, returns true if client session has been resumed.
6852 * This function is also usable on backend conn if the fetch keyword 5th
6853 * char is 'b'.
6854 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006855static int
6856smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
6857{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01006858 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6859 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
6860
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006861
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006862 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006863 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006864 conn->xprt_ctx &&
6865 SSL_session_reused(conn->xprt_ctx);
6866 return 1;
6867}
6868
Emeric Brun645ae792014-04-30 14:21:06 +02006869/* string, returns the used cipher if front conn. transport layer is SSL.
6870 * This function is also usable on backend conn if the fetch keyword 5th
6871 * char is 'b'.
6872 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006873static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006874smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006875{
Emeric Bruneb8def92018-02-19 15:59:48 +01006876 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6877 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Emeric Brun589fcad2012-10-16 14:13:26 +02006878
Willy Tarreaube508f12016-03-10 11:47:01 +01006879 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006880 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02006881 return 0;
6882
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006883 smp->data.u.str.area = (char *)SSL_get_cipher_name(conn->xprt_ctx);
6884 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02006885 return 0;
6886
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006887 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006888 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006889 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02006890
6891 return 1;
6892}
6893
Emeric Brun645ae792014-04-30 14:21:06 +02006894/* integer, returns the algoritm's keysize if front conn. transport layer
6895 * is SSL.
6896 * This function is also usable on backend conn if the fetch keyword 5th
6897 * char is 'b'.
6898 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006899static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006900smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006901{
Emeric Bruneb8def92018-02-19 15:59:48 +01006902 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6903 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01006904 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01006905
Emeric Brun589fcad2012-10-16 14:13:26 +02006906 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006907 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02006908 return 0;
6909
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02006910 if (!SSL_get_cipher_bits(conn->xprt_ctx, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006911 return 0;
6912
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006913 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006914 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02006915
6916 return 1;
6917}
6918
Emeric Brun645ae792014-04-30 14:21:06 +02006919/* integer, returns the used keysize if front conn. transport layer is SSL.
6920 * This function is also usable on backend conn if the fetch keyword 5th
6921 * char is 'b'.
6922 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006923static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006924smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006925{
Emeric Bruneb8def92018-02-19 15:59:48 +01006926 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6927 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaube508f12016-03-10 11:47:01 +01006928
Emeric Brun589fcad2012-10-16 14:13:26 +02006929 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006930 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6931 return 0;
6932
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006933 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(conn->xprt_ctx, NULL);
6934 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02006935 return 0;
6936
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006937 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02006938
6939 return 1;
6940}
6941
Bernard Spil13c53f82018-02-15 13:34:58 +01006942#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau7875d092012-09-10 08:20:03 +02006943static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006944smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02006945{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006946 struct connection *conn;
6947
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006948 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006949 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02006950
Olivier Houchard6b77f492018-11-22 18:18:29 +01006951 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
6952 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006953 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6954 return 0;
6955
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006956 smp->data.u.str.area = NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006957 SSL_get0_next_proto_negotiated(conn->xprt_ctx,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006958 (const unsigned char **)&smp->data.u.str.area,
6959 (unsigned *)&smp->data.u.str.data);
Willy Tarreaua33c6542012-10-15 13:19:06 +02006960
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006961 if (!smp->data.u.str.area)
Willy Tarreaua33c6542012-10-15 13:19:06 +02006962 return 0;
6963
6964 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02006965}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02006966#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02006967
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01006968#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02006969static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006970smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02006971{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006972 struct connection *conn;
6973
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006974 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006975 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02006976
Olivier Houchard6b77f492018-11-22 18:18:29 +01006977 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
6978 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
6979
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006980 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02006981 return 0;
6982
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006983 smp->data.u.str.area = NULL;
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01006984 SSL_get0_alpn_selected(conn->xprt_ctx,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006985 (const unsigned char **)&smp->data.u.str.area,
6986 (unsigned *)&smp->data.u.str.data);
Willy Tarreauab861d32013-04-02 02:30:41 +02006987
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006988 if (!smp->data.u.str.area)
Willy Tarreauab861d32013-04-02 02:30:41 +02006989 return 0;
6990
6991 return 1;
6992}
6993#endif
6994
Emeric Brun645ae792014-04-30 14:21:06 +02006995/* string, returns the used protocol if front conn. transport layer is SSL.
6996 * This function is also usable on backend conn if the fetch keyword 5th
6997 * char is 'b'.
6998 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02006999static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007000smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007001{
Emeric Bruneb8def92018-02-19 15:59:48 +01007002 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7003 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaube508f12016-03-10 11:47:01 +01007004
Emeric Brun589fcad2012-10-16 14:13:26 +02007005 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007006 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7007 return 0;
7008
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007009 smp->data.u.str.area = (char *)SSL_get_version(conn->xprt_ctx);
7010 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007011 return 0;
7012
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007013 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007014 smp->flags = SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007015 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007016
7017 return 1;
7018}
7019
Willy Tarreau87b09662015-04-03 00:22:06 +02007020/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02007021 * This function is also usable on backend conn if the fetch keyword 5th
7022 * char is 'b'.
7023 */
Patrick Hemmer41966772018-04-28 19:15:48 -04007024#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun589fcad2012-10-16 14:13:26 +02007025static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007026smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02007027{
Emeric Bruneb8def92018-02-19 15:59:48 +01007028 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7029 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007030 SSL_SESSION *ssl_sess;
Willy Tarreaube508f12016-03-10 11:47:01 +01007031
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007032 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007033 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02007034
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007035 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7036 return 0;
7037
Willy Tarreau192252e2015-04-04 01:47:55 +02007038 ssl_sess = SSL_get_session(conn->xprt_ctx);
7039 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02007040 return 0;
7041
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007042 smp->data.u.str.area = (char *)SSL_SESSION_get_id(ssl_sess,
7043 (unsigned int *)&smp->data.u.str.data);
7044 if (!smp->data.u.str.area || !smp->data.u.str.data)
Emeric Brunfe68f682012-10-16 14:59:28 +02007045 return 0;
7046
7047 return 1;
Emeric Brunfe68f682012-10-16 14:59:28 +02007048}
Patrick Hemmer41966772018-04-28 19:15:48 -04007049#endif
7050
Emeric Brunfe68f682012-10-16 14:59:28 +02007051
Patrick Hemmere0275472018-04-28 19:15:51 -04007052#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
7053static int
7054smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
7055{
7056 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7057 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7058 SSL_SESSION *ssl_sess;
Willy Tarreau83061a82018-07-13 11:56:34 +02007059 struct buffer *data;
Patrick Hemmere0275472018-04-28 19:15:51 -04007060
7061 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7062 return 0;
7063
7064 ssl_sess = SSL_get_session(conn->xprt_ctx);
7065 if (!ssl_sess)
7066 return 0;
7067
7068 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007069 data->data = SSL_SESSION_get_master_key(ssl_sess,
7070 (unsigned char *) data->area,
7071 data->size);
7072 if (!data->data)
Patrick Hemmere0275472018-04-28 19:15:51 -04007073 return 0;
7074
7075 smp->flags = 0;
7076 smp->data.type = SMP_T_BIN;
7077 smp->data.u.str = *data;
7078
7079 return 1;
7080}
7081#endif
7082
Patrick Hemmer41966772018-04-28 19:15:48 -04007083#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emeric Brunfe68f682012-10-16 14:59:28 +02007084static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007085smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007086{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007087 struct connection *conn;
7088
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007089 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007090 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02007091
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007092 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007093 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7094 return 0;
7095
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007096 smp->data.u.str.area = (char *)SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
7097 if (!smp->data.u.str.area)
Willy Tarreau3e394c92012-09-14 23:56:58 +02007098 return 0;
7099
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007100 smp->data.u.str.data = strlen(smp->data.u.str.area);
Willy Tarreau7875d092012-09-10 08:20:03 +02007101 return 1;
Willy Tarreau7875d092012-09-10 08:20:03 +02007102}
Patrick Hemmer41966772018-04-28 19:15:48 -04007103#endif
Willy Tarreau7875d092012-09-10 08:20:03 +02007104
David Sc1ad52e2014-04-08 18:48:47 -04007105static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007106smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
7107{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007108 struct connection *conn;
7109 struct ssl_capture *capture;
7110
7111 conn = objt_conn(smp->sess->origin);
7112 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7113 return 0;
7114
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01007115 capture = SSL_get_ex_data(conn->xprt_ctx, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007116 if (!capture)
7117 return 0;
7118
7119 smp->flags = SMP_F_CONST;
7120 smp->data.type = SMP_T_BIN;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007121 smp->data.u.str.area = capture->ciphersuite;
7122 smp->data.u.str.data = capture->ciphersuite_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007123 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007124}
7125
7126static int
7127smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
7128{
Willy Tarreau83061a82018-07-13 11:56:34 +02007129 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007130
7131 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7132 return 0;
7133
7134 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007135 dump_binary(data, smp->data.u.str.area, smp->data.u.str.data);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007136 smp->data.type = SMP_T_BIN;
7137 smp->data.u.str = *data;
7138 return 1;
7139}
7140
7141static int
7142smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
7143{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007144 struct connection *conn;
7145 struct ssl_capture *capture;
7146
7147 conn = objt_conn(smp->sess->origin);
7148 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7149 return 0;
7150
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01007151 capture = SSL_get_ex_data(conn->xprt_ctx, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007152 if (!capture)
7153 return 0;
7154
7155 smp->data.type = SMP_T_SINT;
7156 smp->data.u.sint = capture->xxh64;
7157 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007158}
7159
7160static int
7161smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
7162{
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007163#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && !defined(LIBRESSL_VERSION_NUMBER)
Willy Tarreau83061a82018-07-13 11:56:34 +02007164 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007165 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007166
7167 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7168 return 0;
7169
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007170 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007171 for (i = 0; i + 1 < smp->data.u.str.data; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007172 const char *str;
7173 const SSL_CIPHER *cipher;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007174 const unsigned char *bin = (const unsigned char *) smp->data.u.str.area + i;
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007175 uint16_t id = (bin[0] << 8) | bin[1];
7176#if defined(OPENSSL_IS_BORINGSSL)
7177 cipher = SSL_get_cipher_by_value(id);
7178#else
Willy Tarreaub7290772018-10-15 11:01:59 +02007179 struct connection *conn = __objt_conn(smp->sess->origin);
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007180 cipher = SSL_CIPHER_find(conn->xprt_ctx, bin);
7181#endif
7182 str = SSL_CIPHER_get_name(cipher);
7183 if (!str || strcmp(str, "(NONE)") == 0)
7184 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007185 else
7186 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
7187 }
7188 smp->data.type = SMP_T_STR;
7189 smp->data.u.str = *data;
7190 return 1;
7191#else
7192 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
7193#endif
7194}
7195
Patrick Hemmer41966772018-04-28 19:15:48 -04007196#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007197static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007198smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04007199{
Emeric Bruneb8def92018-02-19 15:59:48 +01007200 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7201 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04007202 int finished_len;
Willy Tarreau83061a82018-07-13 11:56:34 +02007203 struct buffer *finished_trash;
David Sc1ad52e2014-04-08 18:48:47 -04007204
7205 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04007206 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7207 return 0;
7208
7209 if (!(conn->flags & CO_FL_CONNECTED)) {
7210 smp->flags |= SMP_F_MAY_CHANGE;
7211 return 0;
7212 }
7213
7214 finished_trash = get_trash_chunk();
7215 if (!SSL_session_reused(conn->xprt_ctx))
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007216 finished_len = SSL_get_peer_finished(conn->xprt_ctx,
7217 finished_trash->area,
7218 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007219 else
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007220 finished_len = SSL_get_finished(conn->xprt_ctx,
7221 finished_trash->area,
7222 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007223
7224 if (!finished_len)
7225 return 0;
7226
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007227 finished_trash->data = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007228 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007229 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04007230
7231 return 1;
David Sc1ad52e2014-04-08 18:48:47 -04007232}
Patrick Hemmer41966772018-04-28 19:15:48 -04007233#endif
David Sc1ad52e2014-04-08 18:48:47 -04007234
Emeric Brun2525b6b2012-10-18 15:59:43 +02007235/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007236static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007237smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007238{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007239 struct connection *conn;
7240
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007241 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007242 if (!conn || conn->xprt != &ssl_sock)
7243 return 0;
7244
7245 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007246 smp->flags = SMP_F_MAY_CHANGE;
7247 return 0;
7248 }
7249
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007250 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007251 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007252 smp->flags = 0;
7253
7254 return 1;
7255}
7256
Emeric Brun2525b6b2012-10-18 15:59:43 +02007257/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007258static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007259smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007260{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007261 struct connection *conn;
7262
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007263 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007264 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02007265 return 0;
7266
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007267 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007268 smp->flags = SMP_F_MAY_CHANGE;
7269 return 0;
7270 }
7271
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007272 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007273 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007274 smp->flags = 0;
7275
7276 return 1;
7277}
7278
Emeric Brun2525b6b2012-10-18 15:59:43 +02007279/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02007280static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007281smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007282{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007283 struct connection *conn;
7284
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007285 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007286 if (!conn || conn->xprt != &ssl_sock)
7287 return 0;
7288
7289 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007290 smp->flags = SMP_F_MAY_CHANGE;
7291 return 0;
7292 }
7293
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007294 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007295 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007296 smp->flags = 0;
7297
7298 return 1;
7299}
7300
Emeric Brun2525b6b2012-10-18 15:59:43 +02007301/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007302static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007303smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007304{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007305 struct connection *conn;
7306
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007307 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007308 if (!conn || conn->xprt != &ssl_sock)
7309 return 0;
7310
7311 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007312 smp->flags = SMP_F_MAY_CHANGE;
7313 return 0;
7314 }
7315
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007316 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007317 return 0;
7318
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007319 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007320 smp->data.u.sint = (long long int)SSL_get_verify_result(conn->xprt_ctx);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007321 smp->flags = 0;
7322
7323 return 1;
7324}
7325
Emeric Brunfb510ea2012-10-05 12:00:26 +02007326/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007327static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007328{
7329 if (!*args[cur_arg + 1]) {
7330 if (err)
7331 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7332 return ERR_ALERT | ERR_FATAL;
7333 }
7334
Willy Tarreauef934602016-12-22 23:12:01 +01007335 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7336 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007337 else
7338 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007339
Emeric Brund94b3fe2012-09-20 18:23:56 +02007340 return 0;
7341}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007342static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7343{
7344 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
7345}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007346
Christopher Faulet31af49d2015-06-09 17:29:50 +02007347/* parse the "ca-sign-file" bind keyword */
7348static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7349{
7350 if (!*args[cur_arg + 1]) {
7351 if (err)
7352 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7353 return ERR_ALERT | ERR_FATAL;
7354 }
7355
Willy Tarreauef934602016-12-22 23:12:01 +01007356 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7357 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02007358 else
7359 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
7360
7361 return 0;
7362}
7363
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007364/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02007365static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7366{
7367 if (!*args[cur_arg + 1]) {
7368 if (err)
7369 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
7370 return ERR_ALERT | ERR_FATAL;
7371 }
7372 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
7373 return 0;
7374}
7375
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007376/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007377static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007378{
7379 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007380 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007381 return ERR_ALERT | ERR_FATAL;
7382 }
7383
Emeric Brun76d88952012-10-05 15:47:31 +02007384 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02007385 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007386 return 0;
7387}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007388static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7389{
7390 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
7391}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02007392
7393#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
7394/* parse the "ciphersuites" bind keyword */
7395static int ssl_bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7396{
7397 if (!*args[cur_arg + 1]) {
7398 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
7399 return ERR_ALERT | ERR_FATAL;
7400 }
7401
7402 free(conf->ciphersuites);
7403 conf->ciphersuites = strdup(args[cur_arg + 1]);
7404 return 0;
7405}
7406static int bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7407{
7408 return ssl_bind_parse_ciphersuites(args, cur_arg, px, &conf->ssl_conf, err);
7409}
7410#endif
7411
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007412/* parse the "crt" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007413static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007414{
Willy Tarreau38011032013-08-13 16:59:39 +02007415 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02007416
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007417 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007418 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007419 return ERR_ALERT | ERR_FATAL;
7420 }
7421
Willy Tarreauef934602016-12-22 23:12:01 +01007422 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
7423 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02007424 memprintf(err, "'%s' : path too long", args[cur_arg]);
7425 return ERR_ALERT | ERR_FATAL;
7426 }
Willy Tarreauef934602016-12-22 23:12:01 +01007427 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreau03209342016-12-22 17:08:28 +01007428 if (ssl_sock_load_cert(path, conf, err) > 0)
Emeric Brunc8e8d122012-10-02 18:42:10 +02007429 return ERR_ALERT | ERR_FATAL;
7430
7431 return 0;
7432 }
7433
Willy Tarreau03209342016-12-22 17:08:28 +01007434 if (ssl_sock_load_cert(args[cur_arg + 1], conf, err) > 0)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007435 return ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007436
7437 return 0;
7438}
7439
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007440/* parse the "crt-list" bind keyword */
7441static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7442{
7443 if (!*args[cur_arg + 1]) {
7444 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
7445 return ERR_ALERT | ERR_FATAL;
7446 }
7447
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007448 if (ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err) > 0) {
Willy Tarreauad1731d2013-04-02 17:35:58 +02007449 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007450 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02007451 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007452
7453 return 0;
7454}
7455
Emeric Brunfb510ea2012-10-05 12:00:26 +02007456/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007457static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007458{
Emeric Brun051cdab2012-10-02 19:25:50 +02007459#ifndef X509_V_FLAG_CRL_CHECK
7460 if (err)
7461 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
7462 return ERR_ALERT | ERR_FATAL;
7463#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02007464 if (!*args[cur_arg + 1]) {
7465 if (err)
7466 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
7467 return ERR_ALERT | ERR_FATAL;
7468 }
Emeric Brun2b58d042012-09-20 17:10:03 +02007469
Willy Tarreauef934602016-12-22 23:12:01 +01007470 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7471 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007472 else
7473 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007474
Emeric Brun2b58d042012-09-20 17:10:03 +02007475 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02007476#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02007477}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007478static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7479{
7480 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
7481}
Emeric Brun2b58d042012-09-20 17:10:03 +02007482
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007483/* parse the "curves" bind keyword keyword */
7484static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7485{
7486#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
7487 if (!*args[cur_arg + 1]) {
7488 if (err)
7489 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
7490 return ERR_ALERT | ERR_FATAL;
7491 }
7492 conf->curves = strdup(args[cur_arg + 1]);
7493 return 0;
7494#else
7495 if (err)
7496 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
7497 return ERR_ALERT | ERR_FATAL;
7498#endif
7499}
7500static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7501{
7502 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
7503}
7504
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007505/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007506static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02007507{
7508#if OPENSSL_VERSION_NUMBER < 0x0090800fL
7509 if (err)
7510 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
7511 return ERR_ALERT | ERR_FATAL;
7512#elif defined(OPENSSL_NO_ECDH)
7513 if (err)
7514 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
7515 return ERR_ALERT | ERR_FATAL;
7516#else
7517 if (!*args[cur_arg + 1]) {
7518 if (err)
7519 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
7520 return ERR_ALERT | ERR_FATAL;
7521 }
7522
7523 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007524
7525 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02007526#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007527}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007528static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7529{
7530 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
7531}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007532
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007533/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02007534static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7535{
7536 int code;
7537 char *p = args[cur_arg + 1];
7538 unsigned long long *ignerr = &conf->crt_ignerr;
7539
7540 if (!*p) {
7541 if (err)
7542 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
7543 return ERR_ALERT | ERR_FATAL;
7544 }
7545
7546 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
7547 ignerr = &conf->ca_ignerr;
7548
7549 if (strcmp(p, "all") == 0) {
7550 *ignerr = ~0ULL;
7551 return 0;
7552 }
7553
7554 while (p) {
7555 code = atoi(p);
7556 if ((code <= 0) || (code > 63)) {
7557 if (err)
7558 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
7559 args[cur_arg], code, args[cur_arg + 1]);
7560 return ERR_ALERT | ERR_FATAL;
7561 }
7562 *ignerr |= 1ULL << code;
7563 p = strchr(p, ',');
7564 if (p)
7565 p++;
7566 }
7567
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007568 return 0;
7569}
7570
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007571/* parse tls_method_options "no-xxx" and "force-xxx" */
7572static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007573{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007574 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007575 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007576 p = strchr(arg, '-');
7577 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007578 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007579 p++;
7580 if (!strcmp(p, "sslv3"))
7581 v = CONF_SSLV3;
7582 else if (!strcmp(p, "tlsv10"))
7583 v = CONF_TLSV10;
7584 else if (!strcmp(p, "tlsv11"))
7585 v = CONF_TLSV11;
7586 else if (!strcmp(p, "tlsv12"))
7587 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02007588 else if (!strcmp(p, "tlsv13"))
7589 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007590 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007591 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007592 if (!strncmp(arg, "no-", 3))
7593 methods->flags |= methodVersions[v].flag;
7594 else if (!strncmp(arg, "force-", 6))
7595 methods->min = methods->max = v;
7596 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007597 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007598 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007599 fail:
7600 if (err)
7601 memprintf(err, "'%s' : option not implemented", arg);
7602 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007603}
7604
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007605static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007606{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007607 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007608}
7609
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007610static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007611{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007612 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
7613}
7614
7615/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
7616static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
7617{
7618 uint16_t i, v = 0;
7619 char *argv = args[cur_arg + 1];
7620 if (!*argv) {
7621 if (err)
7622 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
7623 return ERR_ALERT | ERR_FATAL;
7624 }
7625 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
7626 if (!strcmp(argv, methodVersions[i].name))
7627 v = i;
7628 if (!v) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007629 if (err)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007630 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007631 return ERR_ALERT | ERR_FATAL;
7632 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007633 if (!strcmp("ssl-min-ver", args[cur_arg]))
7634 methods->min = v;
7635 else if (!strcmp("ssl-max-ver", args[cur_arg]))
7636 methods->max = v;
7637 else {
7638 if (err)
7639 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
7640 return ERR_ALERT | ERR_FATAL;
7641 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007642 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007643}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007644
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02007645static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7646{
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02007647#if (OPENSSL_VERSION_NUMBER < 0x10101000L) || !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01007648 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02007649#endif
7650 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
7651}
7652
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007653static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7654{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007655 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007656}
7657
7658static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7659{
7660 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
7661}
7662
Emeric Brun2d0c4822012-10-02 13:45:20 +02007663/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01007664static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02007665{
Emeric Brun89675492012-10-05 13:48:26 +02007666 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02007667 return 0;
7668}
Emeric Brun2d0c4822012-10-02 13:45:20 +02007669
Olivier Houchardc2aae742017-09-22 18:26:28 +02007670/* parse the "allow-0rtt" bind keyword */
7671static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7672{
7673 conf->early_data = 1;
7674 return 0;
7675}
7676
7677static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7678{
Olivier Houchard9679ac92017-10-27 14:58:08 +02007679 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02007680 return 0;
7681}
7682
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007683/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007684static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007685{
Bernard Spil13c53f82018-02-15 13:34:58 +01007686#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007687 char *p1, *p2;
7688
7689 if (!*args[cur_arg + 1]) {
7690 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
7691 return ERR_ALERT | ERR_FATAL;
7692 }
7693
7694 free(conf->npn_str);
7695
Willy Tarreau3724da12016-02-12 17:11:12 +01007696 /* the NPN string is built as a suite of (<len> <name>)*,
7697 * so we reuse each comma to store the next <len> and need
7698 * one more for the end of the string.
7699 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007700 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01007701 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007702 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
7703
7704 /* replace commas with the name length */
7705 p1 = conf->npn_str;
7706 p2 = p1 + 1;
7707 while (1) {
7708 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
7709 if (!p2)
7710 p2 = p1 + 1 + strlen(p1 + 1);
7711
7712 if (p2 - (p1 + 1) > 255) {
7713 *p2 = '\0';
7714 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
7715 return ERR_ALERT | ERR_FATAL;
7716 }
7717
7718 *p1 = p2 - (p1 + 1);
7719 p1 = p2;
7720
7721 if (!*p2)
7722 break;
7723
7724 *(p2++) = '\0';
7725 }
7726 return 0;
7727#else
7728 if (err)
7729 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
7730 return ERR_ALERT | ERR_FATAL;
7731#endif
7732}
7733
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007734static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7735{
7736 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
7737}
7738
Willy Tarreauab861d32013-04-02 02:30:41 +02007739/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007740static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02007741{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01007742#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02007743 char *p1, *p2;
7744
7745 if (!*args[cur_arg + 1]) {
7746 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
7747 return ERR_ALERT | ERR_FATAL;
7748 }
7749
7750 free(conf->alpn_str);
7751
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01007752 /* the ALPN string is built as a suite of (<len> <name>)*,
7753 * so we reuse each comma to store the next <len> and need
7754 * one more for the end of the string.
7755 */
Willy Tarreauab861d32013-04-02 02:30:41 +02007756 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01007757 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02007758 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
7759
7760 /* replace commas with the name length */
7761 p1 = conf->alpn_str;
7762 p2 = p1 + 1;
7763 while (1) {
7764 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
7765 if (!p2)
7766 p2 = p1 + 1 + strlen(p1 + 1);
7767
7768 if (p2 - (p1 + 1) > 255) {
7769 *p2 = '\0';
7770 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
7771 return ERR_ALERT | ERR_FATAL;
7772 }
7773
7774 *p1 = p2 - (p1 + 1);
7775 p1 = p2;
7776
7777 if (!*p2)
7778 break;
7779
7780 *(p2++) = '\0';
7781 }
7782 return 0;
7783#else
7784 if (err)
7785 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
7786 return ERR_ALERT | ERR_FATAL;
7787#endif
7788}
7789
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007790static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7791{
7792 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
7793}
7794
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007795/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007796static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007797{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01007798 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02007799 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02007800
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007801 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
7802 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Dirkjan Bussink415150f2018-09-14 11:14:21 +02007803#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
7804 if (global_ssl.listen_default_ciphersuites && !conf->ssl_conf.ciphersuites)
7805 conf->ssl_conf.ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
7806#endif
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01007807 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007808 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
7809 if (!conf->ssl_conf.ssl_methods.min)
7810 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
7811 if (!conf->ssl_conf.ssl_methods.max)
7812 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02007813
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007814 return 0;
7815}
7816
Lukas Tribus53ae85c2017-05-04 15:45:40 +00007817/* parse the "prefer-client-ciphers" bind keyword */
7818static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7819{
7820 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
7821 return 0;
7822}
7823
Christopher Faulet31af49d2015-06-09 17:29:50 +02007824/* parse the "generate-certificates" bind keyword */
7825static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7826{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01007827#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02007828 conf->generate_certs = 1;
7829#else
7830 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
7831 err && *err ? *err : "");
7832#endif
7833 return 0;
7834}
7835
Emmanuel Hocdet65623372013-01-24 17:17:15 +01007836/* parse the "strict-sni" bind keyword */
7837static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7838{
7839 conf->strict_sni = 1;
7840 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007841}
7842
7843/* parse the "tls-ticket-keys" bind keyword */
7844static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7845{
7846#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
7847 FILE *f;
7848 int i = 0;
7849 char thisline[LINESIZE];
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007850 struct tls_keys_ref *keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007851
7852 if (!*args[cur_arg + 1]) {
7853 if (err)
7854 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
7855 return ERR_ALERT | ERR_FATAL;
7856 }
7857
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007858 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02007859 if (keys_ref) {
7860 keys_ref->refcount++;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007861 conf->keys_ref = keys_ref;
7862 return 0;
7863 }
7864
Vincent Bernat02779b62016-04-03 13:48:43 +02007865 keys_ref = malloc(sizeof(*keys_ref));
Emeric Brun09852f72019-01-10 10:51:13 +01007866 if (!keys_ref) {
7867 if (err)
7868 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
7869 return ERR_ALERT | ERR_FATAL;
7870 }
7871
Emeric Brun9e754772019-01-10 17:51:55 +01007872 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(union tls_sess_key));
Emeric Brun09852f72019-01-10 10:51:13 +01007873 if (!keys_ref->tlskeys) {
7874 free(keys_ref);
7875 if (err)
7876 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
7877 return ERR_ALERT | ERR_FATAL;
7878 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007879
7880 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
Emeric Brun09852f72019-01-10 10:51:13 +01007881 free(keys_ref->tlskeys);
7882 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007883 if (err)
7884 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
7885 return ERR_ALERT | ERR_FATAL;
7886 }
7887
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007888 keys_ref->filename = strdup(args[cur_arg + 1]);
Emeric Brun09852f72019-01-10 10:51:13 +01007889 if (!keys_ref->filename) {
7890 free(keys_ref->tlskeys);
7891 free(keys_ref);
7892 if (err)
7893 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
7894 return ERR_ALERT | ERR_FATAL;
7895 }
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007896
Emeric Brun9e754772019-01-10 17:51:55 +01007897 keys_ref->key_size_bits = 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007898 while (fgets(thisline, sizeof(thisline), f) != NULL) {
7899 int len = strlen(thisline);
Emeric Brun9e754772019-01-10 17:51:55 +01007900 int dec_size;
7901
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007902 /* Strip newline characters from the end */
7903 if(thisline[len - 1] == '\n')
7904 thisline[--len] = 0;
7905
7906 if(thisline[len - 1] == '\r')
7907 thisline[--len] = 0;
7908
Emeric Brun9e754772019-01-10 17:51:55 +01007909 dec_size = base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(union tls_sess_key));
7910 if (dec_size < 0) {
Emeric Brun09852f72019-01-10 10:51:13 +01007911 free(keys_ref->filename);
7912 free(keys_ref->tlskeys);
7913 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007914 if (err)
7915 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
mildis16aa0152016-06-22 17:46:29 +02007916 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007917 return ERR_ALERT | ERR_FATAL;
7918 }
Emeric Brun9e754772019-01-10 17:51:55 +01007919 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_128))) {
7920 keys_ref->key_size_bits = 128;
7921 }
7922 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_256))) {
7923 keys_ref->key_size_bits = 256;
7924 }
7925 else if (((dec_size != sizeof(struct tls_sess_key_128)) && (dec_size != sizeof(struct tls_sess_key_256)))
7926 || ((dec_size == sizeof(struct tls_sess_key_128) && (keys_ref->key_size_bits != 128)))
7927 || ((dec_size == sizeof(struct tls_sess_key_256) && (keys_ref->key_size_bits != 256)))) {
7928 free(keys_ref->filename);
7929 free(keys_ref->tlskeys);
7930 free(keys_ref);
7931 if (err)
7932 memprintf(err, "'%s' : wrong sized key on line %d", args[cur_arg+1], i + 1);
7933 fclose(f);
7934 return ERR_ALERT | ERR_FATAL;
7935 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007936 i++;
7937 }
7938
7939 if (i < TLS_TICKETS_NO) {
Emeric Brun09852f72019-01-10 10:51:13 +01007940 free(keys_ref->filename);
7941 free(keys_ref->tlskeys);
7942 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007943 if (err)
7944 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
mildis16aa0152016-06-22 17:46:29 +02007945 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007946 return ERR_ALERT | ERR_FATAL;
7947 }
7948
7949 fclose(f);
7950
7951 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01007952 i -= 2;
7953 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007954 keys_ref->unique_id = -1;
Willy Tarreau17b4aa12018-07-17 10:05:32 +02007955 keys_ref->refcount = 1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01007956 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007957 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007958
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007959 LIST_ADD(&tlskeys_reference, &keys_ref->list);
7960
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007961 return 0;
7962#else
7963 if (err)
7964 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
7965 return ERR_ALERT | ERR_FATAL;
7966#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01007967}
7968
Emeric Brund94b3fe2012-09-20 18:23:56 +02007969/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007970static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007971{
7972 if (!*args[cur_arg + 1]) {
7973 if (err)
7974 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
7975 return ERR_ALERT | ERR_FATAL;
7976 }
7977
7978 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007979 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007980 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007981 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007982 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007983 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007984 else {
7985 if (err)
7986 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
7987 args[cur_arg], args[cur_arg + 1]);
7988 return ERR_ALERT | ERR_FATAL;
7989 }
7990
7991 return 0;
7992}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007993static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7994{
7995 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
7996}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007997
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02007998/* parse the "no-ca-names" bind keyword */
7999static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8000{
8001 conf->no_ca_names = 1;
8002 return 0;
8003}
8004static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8005{
8006 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
8007}
8008
Willy Tarreau92faadf2012-10-10 23:04:25 +02008009/************** "server" keywords ****************/
8010
Olivier Houchardc7566002018-11-20 23:33:50 +01008011/* parse the "npn" bind keyword */
8012static int srv_parse_npn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8013{
8014#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
8015 char *p1, *p2;
8016
8017 if (!*args[*cur_arg + 1]) {
8018 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[*cur_arg]);
8019 return ERR_ALERT | ERR_FATAL;
8020 }
8021
8022 free(newsrv->ssl_ctx.npn_str);
8023
8024 /* the NPN string is built as a suite of (<len> <name>)*,
8025 * so we reuse each comma to store the next <len> and need
8026 * one more for the end of the string.
8027 */
8028 newsrv->ssl_ctx.npn_len = strlen(args[*cur_arg + 1]) + 1;
8029 newsrv->ssl_ctx.npn_str = calloc(1, newsrv->ssl_ctx.npn_len + 1);
8030 memcpy(newsrv->ssl_ctx.npn_str + 1, args[*cur_arg + 1],
8031 newsrv->ssl_ctx.npn_len);
8032
8033 /* replace commas with the name length */
8034 p1 = newsrv->ssl_ctx.npn_str;
8035 p2 = p1 + 1;
8036 while (1) {
8037 p2 = memchr(p1 + 1, ',', newsrv->ssl_ctx.npn_str +
8038 newsrv->ssl_ctx.npn_len - (p1 + 1));
8039 if (!p2)
8040 p2 = p1 + 1 + strlen(p1 + 1);
8041
8042 if (p2 - (p1 + 1) > 255) {
8043 *p2 = '\0';
8044 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8045 return ERR_ALERT | ERR_FATAL;
8046 }
8047
8048 *p1 = p2 - (p1 + 1);
8049 p1 = p2;
8050
8051 if (!*p2)
8052 break;
8053
8054 *(p2++) = '\0';
8055 }
8056 return 0;
8057#else
8058 if (err)
8059 memprintf(err, "'%s' : library does not support TLS NPN extension", args[*cur_arg]);
8060 return ERR_ALERT | ERR_FATAL;
8061#endif
8062}
8063
Olivier Houchard92150142018-12-21 19:47:01 +01008064/* parse the "alpn" or the "check-alpn" server keyword */
Olivier Houchardc7566002018-11-20 23:33:50 +01008065static int srv_parse_alpn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8066{
8067#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
8068 char *p1, *p2;
Olivier Houchard92150142018-12-21 19:47:01 +01008069 char **alpn_str;
8070 int *alpn_len;
Olivier Houchardc7566002018-11-20 23:33:50 +01008071
Olivier Houchard92150142018-12-21 19:47:01 +01008072 if (*args[*cur_arg] == 'c') {
8073 alpn_str = &newsrv->check.alpn_str;
8074 alpn_len = &newsrv->check.alpn_len;
8075 } else {
8076 alpn_str = &newsrv->ssl_ctx.alpn_str;
8077 alpn_len = &newsrv->ssl_ctx.alpn_len;
8078
8079 }
Olivier Houchardc7566002018-11-20 23:33:50 +01008080 if (!*args[*cur_arg + 1]) {
8081 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[*cur_arg]);
8082 return ERR_ALERT | ERR_FATAL;
8083 }
8084
Olivier Houchard92150142018-12-21 19:47:01 +01008085 free(*alpn_str);
Olivier Houchardc7566002018-11-20 23:33:50 +01008086
8087 /* the ALPN string is built as a suite of (<len> <name>)*,
8088 * so we reuse each comma to store the next <len> and need
8089 * one more for the end of the string.
8090 */
Olivier Houchard92150142018-12-21 19:47:01 +01008091 *alpn_len = strlen(args[*cur_arg + 1]) + 1;
8092 *alpn_str = calloc(1, *alpn_len + 1);
8093 memcpy(*alpn_str + 1, args[*cur_arg + 1], *alpn_len);
Olivier Houchardc7566002018-11-20 23:33:50 +01008094
8095 /* replace commas with the name length */
Olivier Houchard92150142018-12-21 19:47:01 +01008096 p1 = *alpn_str;
Olivier Houchardc7566002018-11-20 23:33:50 +01008097 p2 = p1 + 1;
8098 while (1) {
Olivier Houchard92150142018-12-21 19:47:01 +01008099 p2 = memchr(p1 + 1, ',', *alpn_str + *alpn_len - (p1 + 1));
Olivier Houchardc7566002018-11-20 23:33:50 +01008100 if (!p2)
8101 p2 = p1 + 1 + strlen(p1 + 1);
8102
8103 if (p2 - (p1 + 1) > 255) {
8104 *p2 = '\0';
8105 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8106 return ERR_ALERT | ERR_FATAL;
8107 }
8108
8109 *p1 = p2 - (p1 + 1);
8110 p1 = p2;
8111
8112 if (!*p2)
8113 break;
8114
8115 *(p2++) = '\0';
8116 }
8117 return 0;
8118#else
8119 if (err)
8120 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[*cur_arg]);
8121 return ERR_ALERT | ERR_FATAL;
8122#endif
8123}
8124
Emeric Brunef42d922012-10-11 16:11:36 +02008125/* parse the "ca-file" server keyword */
8126static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8127{
8128 if (!*args[*cur_arg + 1]) {
8129 if (err)
8130 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
8131 return ERR_ALERT | ERR_FATAL;
8132 }
8133
Willy Tarreauef934602016-12-22 23:12:01 +01008134 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8135 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008136 else
8137 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
8138
8139 return 0;
8140}
8141
Olivier Houchard9130a962017-10-17 17:33:43 +02008142/* parse the "check-sni" server keyword */
8143static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8144{
8145 if (!*args[*cur_arg + 1]) {
8146 if (err)
8147 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
8148 return ERR_ALERT | ERR_FATAL;
8149 }
8150
8151 newsrv->check.sni = strdup(args[*cur_arg + 1]);
8152 if (!newsrv->check.sni) {
8153 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
8154 return ERR_ALERT | ERR_FATAL;
8155 }
8156 return 0;
8157
8158}
8159
Willy Tarreau92faadf2012-10-10 23:04:25 +02008160/* parse the "check-ssl" server keyword */
8161static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8162{
8163 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008164 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8165 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008166#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
8167 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8168 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8169#endif
Willy Tarreauef934602016-12-22 23:12:01 +01008170 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008171 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
8172 if (!newsrv->ssl_ctx.methods.min)
8173 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
8174 if (!newsrv->ssl_ctx.methods.max)
8175 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
8176
Willy Tarreau92faadf2012-10-10 23:04:25 +02008177 return 0;
8178}
8179
8180/* parse the "ciphers" server keyword */
8181static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8182{
8183 if (!*args[*cur_arg + 1]) {
8184 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8185 return ERR_ALERT | ERR_FATAL;
8186 }
8187
8188 free(newsrv->ssl_ctx.ciphers);
8189 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
8190 return 0;
8191}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008192
8193#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
8194/* parse the "ciphersuites" server keyword */
8195static int srv_parse_ciphersuites(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8196{
8197 if (!*args[*cur_arg + 1]) {
8198 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8199 return ERR_ALERT | ERR_FATAL;
8200 }
8201
8202 free(newsrv->ssl_ctx.ciphersuites);
8203 newsrv->ssl_ctx.ciphersuites = strdup(args[*cur_arg + 1]);
8204 return 0;
8205}
8206#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02008207
Emeric Brunef42d922012-10-11 16:11:36 +02008208/* parse the "crl-file" server keyword */
8209static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8210{
8211#ifndef X509_V_FLAG_CRL_CHECK
8212 if (err)
8213 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
8214 return ERR_ALERT | ERR_FATAL;
8215#else
8216 if (!*args[*cur_arg + 1]) {
8217 if (err)
8218 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
8219 return ERR_ALERT | ERR_FATAL;
8220 }
8221
Willy Tarreauef934602016-12-22 23:12:01 +01008222 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8223 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008224 else
8225 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
8226
8227 return 0;
8228#endif
8229}
8230
Emeric Bruna7aa3092012-10-26 12:58:00 +02008231/* parse the "crt" server keyword */
8232static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8233{
8234 if (!*args[*cur_arg + 1]) {
8235 if (err)
8236 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
8237 return ERR_ALERT | ERR_FATAL;
8238 }
8239
Willy Tarreauef934602016-12-22 23:12:01 +01008240 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01008241 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02008242 else
8243 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
8244
8245 return 0;
8246}
Emeric Brunef42d922012-10-11 16:11:36 +02008247
Frédéric Lécaille340ae602017-03-13 10:38:04 +01008248/* parse the "no-check-ssl" server keyword */
8249static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8250{
8251 newsrv->check.use_ssl = 0;
8252 free(newsrv->ssl_ctx.ciphers);
8253 newsrv->ssl_ctx.ciphers = NULL;
8254 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
8255 return 0;
8256}
8257
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01008258/* parse the "no-send-proxy-v2-ssl" server keyword */
8259static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8260{
8261 newsrv->pp_opts &= ~SRV_PP_V2;
8262 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8263 return 0;
8264}
8265
8266/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
8267static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8268{
8269 newsrv->pp_opts &= ~SRV_PP_V2;
8270 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8271 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
8272 return 0;
8273}
8274
Frédéric Lécaillee381d762017-03-13 11:54:17 +01008275/* parse the "no-ssl" server keyword */
8276static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8277{
8278 newsrv->use_ssl = 0;
8279 free(newsrv->ssl_ctx.ciphers);
8280 newsrv->ssl_ctx.ciphers = NULL;
8281 return 0;
8282}
8283
Olivier Houchard522eea72017-11-03 16:27:47 +01008284/* parse the "allow-0rtt" server keyword */
8285static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8286{
8287 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
8288 return 0;
8289}
8290
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01008291/* parse the "no-ssl-reuse" server keyword */
8292static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8293{
8294 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
8295 return 0;
8296}
8297
Emeric Brunf9c5c472012-10-11 15:28:34 +02008298/* parse the "no-tls-tickets" server keyword */
8299static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8300{
8301 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
8302 return 0;
8303}
David Safb76832014-05-08 23:42:08 -04008304/* parse the "send-proxy-v2-ssl" server keyword */
8305static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8306{
8307 newsrv->pp_opts |= SRV_PP_V2;
8308 newsrv->pp_opts |= SRV_PP_V2_SSL;
8309 return 0;
8310}
8311
8312/* parse the "send-proxy-v2-ssl-cn" server keyword */
8313static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8314{
8315 newsrv->pp_opts |= SRV_PP_V2;
8316 newsrv->pp_opts |= SRV_PP_V2_SSL;
8317 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
8318 return 0;
8319}
Emeric Brunf9c5c472012-10-11 15:28:34 +02008320
Willy Tarreau732eac42015-07-09 11:40:25 +02008321/* parse the "sni" server keyword */
8322static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8323{
8324#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
8325 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
8326 return ERR_ALERT | ERR_FATAL;
8327#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008328 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02008329
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008330 arg = args[*cur_arg + 1];
8331 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02008332 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
8333 return ERR_ALERT | ERR_FATAL;
8334 }
8335
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008336 free(newsrv->sni_expr);
8337 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02008338
Willy Tarreau732eac42015-07-09 11:40:25 +02008339 return 0;
8340#endif
8341}
8342
Willy Tarreau92faadf2012-10-10 23:04:25 +02008343/* parse the "ssl" server keyword */
8344static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8345{
8346 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008347 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8348 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008349#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
8350 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8351 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8352#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02008353 return 0;
8354}
8355
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008356/* parse the "ssl-reuse" server keyword */
8357static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8358{
8359 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
8360 return 0;
8361}
8362
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008363/* parse the "tls-tickets" server keyword */
8364static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8365{
8366 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
8367 return 0;
8368}
8369
Emeric Brunef42d922012-10-11 16:11:36 +02008370/* parse the "verify" server keyword */
8371static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8372{
8373 if (!*args[*cur_arg + 1]) {
8374 if (err)
8375 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
8376 return ERR_ALERT | ERR_FATAL;
8377 }
8378
8379 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008380 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02008381 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008382 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02008383 else {
8384 if (err)
8385 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
8386 args[*cur_arg], args[*cur_arg + 1]);
8387 return ERR_ALERT | ERR_FATAL;
8388 }
8389
Evan Broderbe554312013-06-27 00:05:25 -07008390 return 0;
8391}
8392
8393/* parse the "verifyhost" server keyword */
8394static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8395{
8396 if (!*args[*cur_arg + 1]) {
8397 if (err)
8398 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
8399 return ERR_ALERT | ERR_FATAL;
8400 }
8401
Frédéric Lécaille273f3212017-03-13 15:52:01 +01008402 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07008403 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
8404
Emeric Brunef42d922012-10-11 16:11:36 +02008405 return 0;
8406}
8407
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008408/* parse the "ssl-default-bind-options" keyword in global section */
8409static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
8410 struct proxy *defpx, const char *file, int line,
8411 char **err) {
8412 int i = 1;
8413
8414 if (*(args[i]) == 0) {
8415 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8416 return -1;
8417 }
8418 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008419 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008420 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008421 else if (!strcmp(args[i], "prefer-client-ciphers"))
8422 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008423 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8424 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
8425 i++;
8426 else {
8427 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8428 return -1;
8429 }
8430 }
8431 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008432 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8433 return -1;
8434 }
8435 i++;
8436 }
8437 return 0;
8438}
8439
8440/* parse the "ssl-default-server-options" keyword in global section */
8441static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
8442 struct proxy *defpx, const char *file, int line,
8443 char **err) {
8444 int i = 1;
8445
8446 if (*(args[i]) == 0) {
8447 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8448 return -1;
8449 }
8450 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008451 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008452 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008453 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8454 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
8455 i++;
8456 else {
8457 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8458 return -1;
8459 }
8460 }
8461 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008462 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8463 return -1;
8464 }
8465 i++;
8466 }
8467 return 0;
8468}
8469
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008470/* parse the "ca-base" / "crt-base" keywords in global section.
8471 * Returns <0 on alert, >0 on warning, 0 on success.
8472 */
8473static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
8474 struct proxy *defpx, const char *file, int line,
8475 char **err)
8476{
8477 char **target;
8478
Willy Tarreauef934602016-12-22 23:12:01 +01008479 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008480
8481 if (too_many_args(1, args, err, NULL))
8482 return -1;
8483
8484 if (*target) {
8485 memprintf(err, "'%s' already specified.", args[0]);
8486 return -1;
8487 }
8488
8489 if (*(args[1]) == 0) {
8490 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
8491 return -1;
8492 }
8493 *target = strdup(args[1]);
8494 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008495}
8496
8497/* parse the "ssl-mode-async" keyword in global section.
8498 * Returns <0 on alert, >0 on warning, 0 on success.
8499 */
8500static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
8501 struct proxy *defpx, const char *file, int line,
8502 char **err)
8503{
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02008504#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008505 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01008506 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008507 return 0;
8508#else
8509 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
8510 return -1;
8511#endif
8512}
8513
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008514#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008515static int ssl_check_async_engine_count(void) {
8516 int err_code = 0;
8517
Emeric Brun3854e012017-05-17 20:42:48 +02008518 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01008519 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008520 err_code = ERR_ABORT;
8521 }
8522 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008523}
8524
Grant Zhang872f9c22017-01-21 01:10:18 +00008525/* parse the "ssl-engine" keyword in global section.
8526 * Returns <0 on alert, >0 on warning, 0 on success.
8527 */
8528static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
8529 struct proxy *defpx, const char *file, int line,
8530 char **err)
8531{
8532 char *algo;
8533 int ret = -1;
8534
8535 if (*(args[1]) == 0) {
8536 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
8537 return ret;
8538 }
8539
8540 if (*(args[2]) == 0) {
8541 /* if no list of algorithms is given, it defaults to ALL */
8542 algo = strdup("ALL");
8543 goto add_engine;
8544 }
8545
8546 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
8547 if (strcmp(args[2], "algo") != 0) {
8548 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
8549 return ret;
8550 }
8551
8552 if (*(args[3]) == 0) {
8553 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
8554 return ret;
8555 }
8556 algo = strdup(args[3]);
8557
8558add_engine:
8559 if (ssl_init_single_engine(args[1], algo)==0) {
8560 openssl_engines_initialized++;
8561 ret = 0;
8562 }
8563 free(algo);
8564 return ret;
8565}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008566#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00008567
Willy Tarreauf22e9682016-12-21 23:23:19 +01008568/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
8569 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
8570 */
8571static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
8572 struct proxy *defpx, const char *file, int line,
8573 char **err)
8574{
8575 char **target;
8576
Willy Tarreauef934602016-12-22 23:12:01 +01008577 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01008578
8579 if (too_many_args(1, args, err, NULL))
8580 return -1;
8581
8582 if (*(args[1]) == 0) {
8583 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
8584 return -1;
8585 }
8586
8587 free(*target);
8588 *target = strdup(args[1]);
8589 return 0;
8590}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008591
8592#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
8593/* parse the "ssl-default-bind-ciphersuites" / "ssl-default-server-ciphersuites" keywords
8594 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
8595 */
8596static int ssl_parse_global_ciphersuites(char **args, int section_type, struct proxy *curpx,
8597 struct proxy *defpx, const char *file, int line,
8598 char **err)
8599{
8600 char **target;
8601
8602 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphersuites : &global_ssl.connect_default_ciphersuites;
8603
8604 if (too_many_args(1, args, err, NULL))
8605 return -1;
8606
8607 if (*(args[1]) == 0) {
8608 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
8609 return -1;
8610 }
8611
8612 free(*target);
8613 *target = strdup(args[1]);
8614 return 0;
8615}
8616#endif
Willy Tarreauf22e9682016-12-21 23:23:19 +01008617
Willy Tarreau9ceda382016-12-21 23:13:03 +01008618/* parse various global tune.ssl settings consisting in positive integers.
8619 * Returns <0 on alert, >0 on warning, 0 on success.
8620 */
8621static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
8622 struct proxy *defpx, const char *file, int line,
8623 char **err)
8624{
8625 int *target;
8626
8627 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
8628 target = &global.tune.sslcachesize;
8629 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01008630 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008631 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01008632 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01008633 else if (strcmp(args[0], "maxsslconn") == 0)
8634 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008635 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
8636 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008637 else {
8638 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
8639 return -1;
8640 }
8641
8642 if (too_many_args(1, args, err, NULL))
8643 return -1;
8644
8645 if (*(args[1]) == 0) {
8646 memprintf(err, "'%s' expects an integer argument.", args[0]);
8647 return -1;
8648 }
8649
8650 *target = atoi(args[1]);
8651 if (*target < 0) {
8652 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
8653 return -1;
8654 }
8655 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008656}
8657
8658static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
8659 struct proxy *defpx, const char *file, int line,
8660 char **err)
8661{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008662 int ret;
8663
8664 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
8665 if (ret != 0)
8666 return ret;
8667
Willy Tarreaubafbe012017-11-24 17:34:44 +01008668 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008669 memprintf(err, "'%s' is already configured.", args[0]);
8670 return -1;
8671 }
8672
Willy Tarreaubafbe012017-11-24 17:34:44 +01008673 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
8674 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008675 memprintf(err, "Out of memory error.");
8676 return -1;
8677 }
8678 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008679}
8680
8681/* parse "ssl.force-private-cache".
8682 * Returns <0 on alert, >0 on warning, 0 on success.
8683 */
8684static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
8685 struct proxy *defpx, const char *file, int line,
8686 char **err)
8687{
8688 if (too_many_args(0, args, err, NULL))
8689 return -1;
8690
Willy Tarreauef934602016-12-22 23:12:01 +01008691 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008692 return 0;
8693}
8694
8695/* parse "ssl.lifetime".
8696 * Returns <0 on alert, >0 on warning, 0 on success.
8697 */
8698static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
8699 struct proxy *defpx, const char *file, int line,
8700 char **err)
8701{
8702 const char *res;
8703
8704 if (too_many_args(1, args, err, NULL))
8705 return -1;
8706
8707 if (*(args[1]) == 0) {
8708 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
8709 return -1;
8710 }
8711
Willy Tarreauef934602016-12-22 23:12:01 +01008712 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9ceda382016-12-21 23:13:03 +01008713 if (res) {
8714 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
8715 return -1;
8716 }
8717 return 0;
8718}
8719
8720#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01008721/* parse "ssl-dh-param-file".
8722 * Returns <0 on alert, >0 on warning, 0 on success.
8723 */
8724static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
8725 struct proxy *defpx, const char *file, int line,
8726 char **err)
8727{
8728 if (too_many_args(1, args, err, NULL))
8729 return -1;
8730
8731 if (*(args[1]) == 0) {
8732 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
8733 return -1;
8734 }
8735
8736 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
8737 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
8738 return -1;
8739 }
8740 return 0;
8741}
8742
Willy Tarreau9ceda382016-12-21 23:13:03 +01008743/* parse "ssl.default-dh-param".
8744 * Returns <0 on alert, >0 on warning, 0 on success.
8745 */
8746static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
8747 struct proxy *defpx, const char *file, int line,
8748 char **err)
8749{
8750 if (too_many_args(1, args, err, NULL))
8751 return -1;
8752
8753 if (*(args[1]) == 0) {
8754 memprintf(err, "'%s' expects an integer argument.", args[0]);
8755 return -1;
8756 }
8757
Willy Tarreauef934602016-12-22 23:12:01 +01008758 global_ssl.default_dh_param = atoi(args[1]);
8759 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01008760 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
8761 return -1;
8762 }
8763 return 0;
8764}
8765#endif
8766
8767
William Lallemand32af2032016-10-29 18:09:35 +02008768/* This function is used with TLS ticket keys management. It permits to browse
8769 * each reference. The variable <getnext> must contain the current node,
8770 * <end> point to the root node.
8771 */
8772#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8773static inline
8774struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
8775{
8776 struct tls_keys_ref *ref = getnext;
8777
8778 while (1) {
8779
8780 /* Get next list entry. */
8781 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
8782
8783 /* If the entry is the last of the list, return NULL. */
8784 if (&ref->list == end)
8785 return NULL;
8786
8787 return ref;
8788 }
8789}
8790
8791static inline
8792struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
8793{
8794 int id;
8795 char *error;
8796
8797 /* If the reference starts by a '#', this is numeric id. */
8798 if (reference[0] == '#') {
8799 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
8800 id = strtol(reference + 1, &error, 10);
8801 if (*error != '\0')
8802 return NULL;
8803
8804 /* Perform the unique id lookup. */
8805 return tlskeys_ref_lookupid(id);
8806 }
8807
8808 /* Perform the string lookup. */
8809 return tlskeys_ref_lookup(reference);
8810}
8811#endif
8812
8813
8814#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8815
8816static int cli_io_handler_tlskeys_files(struct appctx *appctx);
8817
8818static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
8819 return cli_io_handler_tlskeys_files(appctx);
8820}
8821
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008822/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
8823 * (next index to be dumped), and cli.p0 (next key reference).
8824 */
William Lallemand32af2032016-10-29 18:09:35 +02008825static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
8826
8827 struct stream_interface *si = appctx->owner;
8828
8829 switch (appctx->st2) {
8830 case STAT_ST_INIT:
8831 /* Display the column headers. If the message cannot be sent,
Joseph Herlant017b3da2018-11-15 09:07:59 -08008832 * quit the function with returning 0. The function is called
William Lallemand32af2032016-10-29 18:09:35 +02008833 * later and restart at the state "STAT_ST_INIT".
8834 */
8835 chunk_reset(&trash);
8836
8837 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
8838 chunk_appendf(&trash, "# id secret\n");
8839 else
8840 chunk_appendf(&trash, "# id (file)\n");
8841
Willy Tarreau06d80a92017-10-19 14:32:15 +02008842 if (ci_putchk(si_ic(si), &trash) == -1) {
Willy Tarreaudb398432018-11-15 11:08:52 +01008843 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02008844 return 0;
8845 }
8846
William Lallemand32af2032016-10-29 18:09:35 +02008847 /* Now, we start the browsing of the references lists.
8848 * Note that the following call to LIST_ELEM return bad pointer. The only
8849 * available field of this pointer is <list>. It is used with the function
8850 * tlskeys_list_get_next() for retruning the first available entry
8851 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008852 if (appctx->ctx.cli.p0 == NULL) {
8853 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
8854 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02008855 }
8856
8857 appctx->st2 = STAT_ST_LIST;
8858 /* fall through */
8859
8860 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008861 while (appctx->ctx.cli.p0) {
8862 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +02008863
8864 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008865 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +02008866 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008867
8868 if (appctx->ctx.cli.i1 == 0)
8869 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
8870
William Lallemand32af2032016-10-29 18:09:35 +02008871 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +01008872 int head;
8873
8874 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
8875 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008876 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
Willy Tarreau83061a82018-07-13 11:56:34 +02008877 struct buffer *t2 = get_trash_chunk();
William Lallemand32af2032016-10-29 18:09:35 +02008878
8879 chunk_reset(t2);
8880 /* should never fail here because we dump only a key in the t2 buffer */
Emeric Brun9e754772019-01-10 17:51:55 +01008881 if (ref->key_size_bits == 128) {
8882 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
8883 sizeof(struct tls_sess_key_128),
8884 t2->area, t2->size);
8885 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
8886 t2->area);
8887 }
8888 else if (ref->key_size_bits == 256) {
8889 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
8890 sizeof(struct tls_sess_key_256),
8891 t2->area, t2->size);
8892 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
8893 t2->area);
8894 }
8895 else {
8896 /* This case should never happen */
8897 chunk_appendf(&trash, "%d.%d <unknown>\n", ref->unique_id, appctx->ctx.cli.i1);
8898 }
William Lallemand32af2032016-10-29 18:09:35 +02008899
Willy Tarreau06d80a92017-10-19 14:32:15 +02008900 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008901 /* let's try again later from this stream. We add ourselves into
8902 * this stream's users so that it can remove us upon termination.
8903 */
Christopher Faulet16f45c82018-02-16 11:23:49 +01008904 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreaudb398432018-11-15 11:08:52 +01008905 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02008906 return 0;
8907 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008908 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +02008909 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01008910 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008911 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +02008912 }
Willy Tarreau06d80a92017-10-19 14:32:15 +02008913 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008914 /* let's try again later from this stream. We add ourselves into
8915 * this stream's users so that it can remove us upon termination.
8916 */
Willy Tarreaudb398432018-11-15 11:08:52 +01008917 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02008918 return 0;
8919 }
8920
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008921 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +02008922 break;
8923
8924 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008925 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02008926 }
8927
8928 appctx->st2 = STAT_ST_FIN;
8929 /* fall through */
8930
8931 default:
8932 appctx->st2 = STAT_ST_FIN;
8933 return 1;
8934 }
8935 return 0;
8936}
8937
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008938/* sets cli.i0 to non-zero if only file lists should be dumped */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02008939static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02008940{
William Lallemand32af2032016-10-29 18:09:35 +02008941 /* no parameter, shows only file list */
8942 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008943 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02008944 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01008945 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02008946 }
8947
8948 if (args[2][0] == '*') {
8949 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008950 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02008951 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008952 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
8953 if (!appctx->ctx.cli.p0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008954 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008955 appctx->ctx.cli.msg = "'show tls-keys' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008956 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008957 return 1;
8958 }
8959 }
William Lallemand32af2032016-10-29 18:09:35 +02008960 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01008961 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02008962}
8963
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02008964static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02008965{
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008966 struct tls_keys_ref *ref;
Willy Tarreau1c913e42018-08-22 05:26:57 +02008967 int ret;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008968
William Lallemand32af2032016-10-29 18:09:35 +02008969 /* Expect two parameters: the filename and the new new TLS key in encoding */
8970 if (!*args[3] || !*args[4]) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008971 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008972 appctx->ctx.cli.msg = "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008973 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008974 return 1;
8975 }
8976
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008977 ref = tlskeys_ref_lookup_ref(args[3]);
8978 if (!ref) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008979 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008980 appctx->ctx.cli.msg = "'set ssl tls-key' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008981 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008982 return 1;
8983 }
8984
Willy Tarreau1c913e42018-08-22 05:26:57 +02008985 ret = base64dec(args[4], strlen(args[4]), trash.area, trash.size);
Emeric Brun9e754772019-01-10 17:51:55 +01008986 if (ret < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008987 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008988 appctx->ctx.cli.msg = "'set ssl tls-key' received invalid base64 encoded TLS key.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008989 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008990 return 1;
8991 }
Emeric Brun9e754772019-01-10 17:51:55 +01008992
Willy Tarreau1c913e42018-08-22 05:26:57 +02008993 trash.data = ret;
Emeric Brun9e754772019-01-10 17:51:55 +01008994 if (ssl_sock_update_tlskey_ref(ref, &trash) < 0) {
8995 appctx->ctx.cli.severity = LOG_ERR;
8996 appctx->ctx.cli.msg = "'set ssl tls-key' received a key of wrong size.\n";
8997 appctx->st0 = CLI_ST_PRINT;
8998 return 1;
8999 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009000 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01009001 appctx->ctx.cli.msg = "TLS ticket key updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009002 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009003 return 1;
9004
9005}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009006#endif
William Lallemand32af2032016-10-29 18:09:35 +02009007
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009008static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009009{
9010#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
9011 char *err = NULL;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009012 int i, j, ret;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009013
9014 if (!payload)
9015 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +02009016
9017 /* Expect one parameter: the new response in base64 encoding */
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009018 if (!*payload) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009019 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009020 appctx->ctx.cli.msg = "'set ssl ocsp-response' expects response in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009021 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009022 return 1;
9023 }
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009024
9025 /* remove \r and \n from the payload */
9026 for (i = 0, j = 0; payload[i]; i++) {
9027 if (payload[i] == '\r' || payload[i] == '\n')
9028 continue;
9029 payload[j++] = payload[i];
9030 }
9031 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009032
Willy Tarreau1c913e42018-08-22 05:26:57 +02009033 ret = base64dec(payload, j, trash.area, trash.size);
9034 if (ret < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009035 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009036 appctx->ctx.cli.msg = "'set ssl ocsp-response' received invalid base64 encoded response.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009037 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009038 return 1;
9039 }
9040
Willy Tarreau1c913e42018-08-22 05:26:57 +02009041 trash.data = ret;
William Lallemand32af2032016-10-29 18:09:35 +02009042 if (ssl_sock_update_ocsp_response(&trash, &err)) {
9043 if (err) {
9044 memprintf(&err, "%s.\n", err);
9045 appctx->ctx.cli.err = err;
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009046 appctx->st0 = CLI_ST_PRINT_FREE;
William Lallemand32af2032016-10-29 18:09:35 +02009047 }
Aurélien Nephtali9a4da682018-04-16 19:02:42 +02009048 else {
9049 appctx->ctx.cli.severity = LOG_ERR;
9050 appctx->ctx.cli.msg = "Failed to update OCSP response.\n";
9051 appctx->st0 = CLI_ST_PRINT;
9052 }
William Lallemand32af2032016-10-29 18:09:35 +02009053 return 1;
9054 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009055 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01009056 appctx->ctx.cli.msg = "OCSP Response updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009057 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009058 return 1;
9059#else
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009060 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009061 appctx->ctx.cli.msg = "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009062 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009063 return 1;
9064#endif
9065
9066}
9067
9068/* register cli keywords */
9069static struct cli_kw_list cli_kws = {{ },{
9070#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9071 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +02009072 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009073#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009074 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009075 { { NULL }, NULL, NULL, NULL }
9076}};
9077
Willy Tarreau0108d902018-11-25 19:14:37 +01009078INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);
William Lallemand32af2032016-10-29 18:09:35 +02009079
Willy Tarreau7875d092012-09-10 08:20:03 +02009080/* Note: must not be declared <const> as its list will be overwritten.
9081 * Please take care of keeping this list alphabetically sorted.
9082 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009083static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +02009084 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009085 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009086#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Jérôme Magnine064a802018-12-03 22:21:04 +01009087 { "ssl_bc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009088#endif
Emeric Brun645ae792014-04-30 14:21:06 +02009089 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009090#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
9091 { "ssl_bc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
9092#endif
Emeric Brun74f7ffa2018-02-19 16:14:12 +01009093 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02009094 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +02009095 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009096 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04009097#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +02009098 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04009099#endif
Patrick Hemmere0275472018-04-28 19:15:51 -04009100#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
9101 { "ssl_bc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
9102#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009103 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9104 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009105 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009106 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009107 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9108 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9109 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9110 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9111 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9112 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9113 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9114 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009115 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009116 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9117 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009118 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009119 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9120 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9121 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9122 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9123 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9124 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9125 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +02009126 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009127 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009128 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009129 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009130 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009131 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009132 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009133 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02009134 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Bernard Spil13c53f82018-02-15 13:34:58 +01009135#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009136 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +02009137#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01009138#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009139 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +02009140#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009141 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009142#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brunb73a9b02014-04-30 18:49:19 +02009143 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009144#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009145 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009146#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009147 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009148#endif
Patrick Hemmere0275472018-04-28 19:15:51 -04009149#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
9150 { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9151#endif
Patrick Hemmer41966772018-04-28 19:15:48 -04009152#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009153 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009154#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009155 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9156 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9157 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9158 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +02009159 { NULL, NULL, 0, 0, 0 },
9160}};
9161
Willy Tarreau0108d902018-11-25 19:14:37 +01009162INITCALL1(STG_REGISTER, sample_register_fetches, &sample_fetch_keywords);
9163
Willy Tarreau7875d092012-09-10 08:20:03 +02009164/* Note: must not be declared <const> as its list will be overwritten.
9165 * Please take care of keeping this list alphabetically sorted.
9166 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009167static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +01009168 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
9169 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +01009170 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +02009171}};
9172
Willy Tarreau0108d902018-11-25 19:14:37 +01009173INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
9174
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009175/* Note: must not be declared <const> as its list will be overwritten.
9176 * Please take care of keeping this list alphabetically sorted, doing so helps
9177 * all code contributors.
9178 * Optional keywords are also declared with a NULL ->parse() function so that
9179 * the config parser can report an appropriate error when a known keyword was
9180 * not enabled.
9181 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009182static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009183 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009184 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9185 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9186 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009187#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
9188 { "ciphersuites", ssl_bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9189#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009190 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01009191 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009192 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009193 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009194 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02009195 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
9196 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009197 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
9198 { NULL, NULL, 0 },
9199};
9200
Willy Tarreau0108d902018-11-25 19:14:37 +01009201/* no initcall for ssl_bind_kws, these ones are parsed in the parser loop */
9202
Willy Tarreau51fb7652012-09-18 18:24:39 +02009203static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009204 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009205 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9206 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9207 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
9208 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
9209 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
9210 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009211#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
9212 { "ciphersuites", bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9213#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009214 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
9215 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
9216 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
9217 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
9218 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
9219 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
9220 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
9221 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
9222 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
9223 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009224 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009225 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009226 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009227 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
9228 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
9229 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
9230 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009231 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009232 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
9233 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009234 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
9235 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009236 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
9237 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
9238 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
9239 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
9240 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009241 { NULL, NULL, 0 },
9242}};
Emeric Brun46591952012-05-18 15:47:34 +02009243
Willy Tarreau0108d902018-11-25 19:14:37 +01009244INITCALL1(STG_REGISTER, bind_register_keywords, &bind_kws);
9245
Willy Tarreau92faadf2012-10-10 23:04:25 +02009246/* Note: must not be declared <const> as its list will be overwritten.
9247 * Please take care of keeping this list alphabetically sorted, doing so helps
9248 * all code contributors.
9249 * Optional keywords are also declared with a NULL ->parse() function so that
9250 * the config parser can report an appropriate error when a known keyword was
9251 * not enabled.
9252 */
9253static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +01009254 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Olivier Houchardc7566002018-11-20 23:33:50 +01009255 { "alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009256 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard92150142018-12-21 19:47:01 +01009257 { "check-alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN used for checks */
Olivier Houchard9130a962017-10-17 17:33:43 +02009258 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009259 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
9260 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009261#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
9262 { "ciphersuites", srv_parse_ciphersuites, 1, 1 }, /* select the cipher suite */
9263#endif
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009264 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
9265 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
9266 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
9267 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
9268 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
9269 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
9270 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
9271 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
9272 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
9273 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
9274 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
9275 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
9276 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
9277 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
9278 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
9279 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
9280 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
9281 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
Olivier Houchardc7566002018-11-20 23:33:50 +01009282 { "npn", srv_parse_npn, 1, 1 }, /* Set NPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009283 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
9284 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
9285 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
9286 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
9287 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
9288 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
9289 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
9290 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
9291 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
9292 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +02009293 { NULL, NULL, 0, 0 },
9294}};
9295
Willy Tarreau0108d902018-11-25 19:14:37 +01009296INITCALL1(STG_REGISTER, srv_register_keywords, &srv_kws);
9297
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009298static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009299 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
9300 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009301 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009302 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
9303 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +01009304#ifndef OPENSSL_NO_DH
9305 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
9306#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009307 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009308#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009309 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009310#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +01009311 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
9312#ifndef OPENSSL_NO_DH
9313 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
9314#endif
9315 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
9316 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
9317 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
9318 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009319 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +01009320 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
9321 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009322#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
9323 { CFG_GLOBAL, "ssl-default-bind-ciphersuites", ssl_parse_global_ciphersuites },
9324 { CFG_GLOBAL, "ssl-default-server-ciphersuites", ssl_parse_global_ciphersuites },
9325#endif
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009326 { 0, NULL, NULL },
9327}};
9328
Willy Tarreau0108d902018-11-25 19:14:37 +01009329INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws);
9330
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02009331/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +01009332static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +02009333 .snd_buf = ssl_sock_from_buf,
9334 .rcv_buf = ssl_sock_to_buf,
Olivier Houchard6ff20392018-07-17 18:46:31 +02009335 .subscribe = conn_subscribe,
Olivier Houchard83a0cd82018-09-28 17:57:58 +02009336 .unsubscribe = conn_unsubscribe,
Emeric Brun46591952012-05-18 15:47:34 +02009337 .rcv_pipe = NULL,
9338 .snd_pipe = NULL,
9339 .shutr = NULL,
9340 .shutw = ssl_sock_shutw,
9341 .close = ssl_sock_close,
9342 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +01009343 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +01009344 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +01009345 .prepare_srv = ssl_sock_prepare_srv_ctx,
9346 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +01009347 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +01009348 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +02009349};
9350
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009351enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
9352 struct session *sess, struct stream *s, int flags)
9353{
9354 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009355 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009356
9357 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009358 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009359
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009360 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009361 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009362 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009363 s->req.flags |= CF_READ_NULL;
9364 return ACT_RET_YIELD;
9365 }
9366 }
9367 return (ACT_RET_CONT);
9368}
9369
9370static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
9371{
9372 rule->action_ptr = ssl_action_wait_for_hs;
9373
9374 return ACT_RET_PRS_OK;
9375}
9376
9377static struct action_kw_list http_req_actions = {ILH, {
9378 { "wait-for-handshake", ssl_parse_wait_for_hs },
9379 { /* END */ }
9380}};
9381
Willy Tarreau0108d902018-11-25 19:14:37 +01009382INITCALL1(STG_REGISTER, http_req_keywords_register, &http_req_actions);
9383
Daniel Jakots54ffb912015-11-06 20:02:41 +01009384#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009385
9386static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
9387{
9388 if (ptr) {
9389 chunk_destroy(ptr);
9390 free(ptr);
9391 }
9392}
9393
9394#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01009395static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
9396{
Willy Tarreaubafbe012017-11-24 17:34:44 +01009397 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01009398}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009399
Emeric Brun46591952012-05-18 15:47:34 +02009400__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +02009401static void __ssl_sock_init(void)
9402{
Emeric Brun46591952012-05-18 15:47:34 +02009403 STACK_OF(SSL_COMP)* cm;
9404
Willy Tarreauef934602016-12-22 23:12:01 +01009405 if (global_ssl.listen_default_ciphers)
9406 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
9407 if (global_ssl.connect_default_ciphers)
9408 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009409#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
9410 if (global_ssl.listen_default_ciphersuites)
9411 global_ssl.listen_default_ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
9412 if (global_ssl.connect_default_ciphersuites)
9413 global_ssl.connect_default_ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
9414#endif
Willy Tarreau610f04b2014-02-13 11:36:41 +01009415
Willy Tarreau13e14102016-12-22 20:25:26 +01009416 xprt_register(XPRT_SSL, &ssl_sock);
Rosen Penev68185952018-12-14 08:47:02 -08009417#if OPENSSL_VERSION_NUMBER < 0x10100000L
Emeric Brun46591952012-05-18 15:47:34 +02009418 SSL_library_init();
Rosen Penev68185952018-12-14 08:47:02 -08009419#endif
Emeric Brun46591952012-05-18 15:47:34 +02009420 cm = SSL_COMP_get_compression_methods();
9421 sk_SSL_COMP_zero(cm);
Rosen Penev68185952018-12-14 08:47:02 -08009422#if defined(USE_THREAD) && ((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER))
Emeric Brun821bb9b2017-06-15 16:37:39 +02009423 ssl_locking_init();
9424#endif
Daniel Jakots54ffb912015-11-06 20:02:41 +01009425#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009426 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
9427#endif
Thierry FOURNIER28962c92018-06-17 21:37:05 +02009428 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +02009429 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01009430 ssl_pkey_info_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009431#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009432 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009433 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009434#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +01009435#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9436 hap_register_post_check(tlskeys_finalize_config);
9437#endif
Willy Tarreau80713382018-11-26 10:19:54 +01009438
9439 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
9440 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
9441
9442#ifndef OPENSSL_NO_DH
9443 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
9444 hap_register_post_deinit(ssl_free_dh);
9445#endif
9446#ifndef OPENSSL_NO_ENGINE
9447 hap_register_post_deinit(ssl_free_engines);
9448#endif
9449 /* Load SSL string for the verbose & debug mode. */
9450 ERR_load_SSL_strings();
9451}
Willy Tarreaud92aa5c2015-01-15 21:34:39 +01009452
Willy Tarreau80713382018-11-26 10:19:54 +01009453/* Compute and register the version string */
9454static void ssl_register_build_options()
9455{
9456 char *ptr = NULL;
9457 int i;
9458
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009459 memprintf(&ptr, "Built with OpenSSL version : "
9460#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01009461 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009462#else /* OPENSSL_IS_BORINGSSL */
9463 OPENSSL_VERSION_TEXT
9464 "\nRunning on OpenSSL version : %s%s",
Rosen Penev68185952018-12-14 08:47:02 -08009465 OpenSSL_version(OPENSSL_VERSION),
9466 ((OPENSSL_VERSION_NUMBER ^ OpenSSL_version_num()) >> 8) ? " (VERSIONS DIFFER!)" : "");
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009467#endif
9468 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
9469#if OPENSSL_VERSION_NUMBER < 0x00907000L
9470 "no (library version too old)"
9471#elif defined(OPENSSL_NO_TLSEXT)
9472 "no (disabled via OPENSSL_NO_TLSEXT)"
9473#else
9474 "yes"
9475#endif
9476 "", ptr);
9477
9478 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
9479#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
9480 "yes"
9481#else
9482#ifdef OPENSSL_NO_TLSEXT
9483 "no (because of OPENSSL_NO_TLSEXT)"
9484#else
9485 "no (version might be too old, 0.9.8f min needed)"
9486#endif
9487#endif
9488 "", ptr);
9489
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +02009490 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
9491 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
9492 if (methodVersions[i].option)
9493 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01009494
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009495 hap_register_build_opts(ptr, 1);
Willy Tarreau80713382018-11-26 10:19:54 +01009496}
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009497
Willy Tarreau80713382018-11-26 10:19:54 +01009498INITCALL0(STG_REGISTER, ssl_register_build_options);
Remi Gacogne4f902b82015-05-28 16:23:00 +02009499
Emeric Brun46591952012-05-18 15:47:34 +02009500
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009501#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009502void ssl_free_engines(void) {
9503 struct ssl_engine_list *wl, *wlb;
9504 /* free up engine list */
9505 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
9506 ENGINE_finish(wl->e);
9507 ENGINE_free(wl->e);
9508 LIST_DEL(&wl->list);
9509 free(wl);
9510 }
9511}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009512#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +02009513
Remi Gacogned3a23c32015-05-28 16:39:47 +02009514#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +00009515void ssl_free_dh(void) {
9516 if (local_dh_1024) {
9517 DH_free(local_dh_1024);
9518 local_dh_1024 = NULL;
9519 }
9520 if (local_dh_2048) {
9521 DH_free(local_dh_2048);
9522 local_dh_2048 = NULL;
9523 }
9524 if (local_dh_4096) {
9525 DH_free(local_dh_4096);
9526 local_dh_4096 = NULL;
9527 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02009528 if (global_dh) {
9529 DH_free(global_dh);
9530 global_dh = NULL;
9531 }
Grant Zhang872f9c22017-01-21 01:10:18 +00009532}
9533#endif
9534
9535__attribute__((destructor))
9536static void __ssl_sock_deinit(void)
9537{
9538#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02009539 if (ssl_ctx_lru_tree) {
9540 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01009541 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +02009542 }
Remi Gacogned3a23c32015-05-28 16:39:47 +02009543#endif
9544
Rosen Penev68185952018-12-14 08:47:02 -08009545#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
Remi Gacogned3a23c32015-05-28 16:39:47 +02009546 ERR_remove_state(0);
9547 ERR_free_strings();
9548
9549 EVP_cleanup();
Rosen Penev68185952018-12-14 08:47:02 -08009550#endif
Remi Gacogned3a23c32015-05-28 16:39:47 +02009551
Rosen Penev68185952018-12-14 08:47:02 -08009552#if ((OPENSSL_VERSION_NUMBER >= 0x00907000L) && (OPENSSL_VERSION_NUMBER < 0x10100000L)) || defined(LIBRESSL_VERSION_NUMBER)
Remi Gacogned3a23c32015-05-28 16:39:47 +02009553 CRYPTO_cleanup_all_ex_data();
9554#endif
9555}
9556
9557
Emeric Brun46591952012-05-18 15:47:34 +02009558/*
9559 * Local variables:
9560 * c-indent-level: 8
9561 * c-basic-offset: 8
9562 * End:
9563 */