blob: ff8af23959b45f1889bbe123829687c572c06bb2 [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
Willy Tarreau8d164dc2019-05-10 09:35:00 +020026/* Note: do NOT include openssl/xxx.h here, do it in openssl-compat.h */
Emeric Brun46591952012-05-18 15:47:34 +020027#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020028#include <ctype.h>
29#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020030#include <errno.h>
31#include <fcntl.h>
32#include <stdio.h>
33#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020034#include <string.h>
35#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020036
37#include <sys/socket.h>
38#include <sys/stat.h>
39#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020040#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020041#include <netinet/tcp.h>
42
Christopher Faulet31af49d2015-06-09 17:29:50 +020043#include <import/lru.h>
44#include <import/xxhash.h>
45
Emeric Brun46591952012-05-18 15:47:34 +020046#include <common/buffer.h>
Willy Tarreau843b7cb2018-07-13 10:54:26 +020047#include <common/chunk.h>
Emeric Brun46591952012-05-18 15:47:34 +020048#include <common/compat.h>
49#include <common/config.h>
50#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020051#include <common/errors.h>
Willy Tarreau0108d902018-11-25 19:14:37 +010052#include <common/initcall.h>
Willy Tarreau55994562019-05-09 14:52:44 +020053#include <common/openssl-compat.h>
Emeric Brun46591952012-05-18 15:47:34 +020054#include <common/standard.h>
55#include <common/ticks.h>
56#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010057#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010058#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020059
Emeric Brunfc0421f2012-09-07 17:30:07 +020060#include <ebsttree.h>
61
William Lallemand32af2032016-10-29 18:09:35 +020062#include <types/applet.h>
63#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020064#include <types/global.h>
65#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +020066#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020067
Willy Tarreau7875d092012-09-10 08:20:03 +020068#include <proto/acl.h>
69#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +020070#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +020071#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +020072#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +020073#include <proto/fd.h>
74#include <proto/freq_ctr.h>
75#include <proto/frontend.h>
Willy Tarreau61c112a2018-10-02 16:43:32 +020076#include <proto/http_rules.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020077#include <proto/listener.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010078#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020079#include <proto/proto_tcp.h>
Christopher Fauletfc9cfe42019-07-16 14:54:53 +020080#include <proto/http_ana.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +020081#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +020082#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +020083#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +020084#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020085#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +020086#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +020087#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +020088#include <proto/task.h>
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010089#include <proto/vars.h>
Emeric Brun46591952012-05-18 15:47:34 +020090
Willy Tarreau9356dac2019-05-10 09:22:53 +020091/* ***** READ THIS before adding code here! *****
92 *
93 * Due to API incompatibilities between multiple OpenSSL versions and their
94 * derivatives, it's often tempting to add macros to (re-)define certain
95 * symbols. Please do not do this here, and do it in common/openssl-compat.h
96 * exclusively so that the whole code consistently uses the same macros.
97 *
98 * Whenever possible if a macro is missing in certain versions, it's better
99 * to conditionally define it in openssl-compat.h than using lots of ifdefs.
100 */
101
Willy Tarreau518cedd2014-02-17 15:43:01 +0100102/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200103#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100104#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100105#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200106#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
107
Emeric Brunf282a812012-09-21 15:27:54 +0200108/* bits 0xFFFF0000 are reserved to store verify errors */
109
110/* Verify errors macros */
111#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
112#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
113#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
114
115#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
116#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
117#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200118
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200119/* ssl_methods flags for ssl options */
120#define MC_SSL_O_ALL 0x0000
121#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
122#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
123#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
124#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200125#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200126
127/* ssl_methods versions */
128enum {
129 CONF_TLSV_NONE = 0,
130 CONF_TLSV_MIN = 1,
131 CONF_SSLV3 = 1,
132 CONF_TLSV10 = 2,
133 CONF_TLSV11 = 3,
134 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200135 CONF_TLSV13 = 5,
136 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200137};
138
Emeric Brun850efd52014-01-29 12:24:34 +0100139/* server and bind verify method, it uses a global value as default */
140enum {
141 SSL_SOCK_VERIFY_DEFAULT = 0,
142 SSL_SOCK_VERIFY_REQUIRED = 1,
143 SSL_SOCK_VERIFY_OPTIONAL = 2,
144 SSL_SOCK_VERIFY_NONE = 3,
145};
146
William Lallemand3f85c9a2017-10-09 16:30:50 +0200147
Willy Tarreau71b734c2014-01-28 15:19:44 +0100148int sslconns = 0;
149int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100150static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100151int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200152
Willy Tarreauef934602016-12-22 23:12:01 +0100153static struct {
154 char *crt_base; /* base directory path for certificates */
155 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000156 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100157
158 char *listen_default_ciphers;
159 char *connect_default_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200160#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200161 char *listen_default_ciphersuites;
162 char *connect_default_ciphersuites;
163#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100164 int listen_default_ssloptions;
165 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200166 struct tls_version_filter listen_default_sslmethods;
167 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100168
169 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
170 unsigned int life_time; /* SSL session lifetime in seconds */
171 unsigned int max_record; /* SSL max record size */
172 unsigned int default_dh_param; /* SSL maximum DH parameter size */
173 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100174 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100175} global_ssl = {
176#ifdef LISTEN_DEFAULT_CIPHERS
177 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
178#endif
179#ifdef CONNECT_DEFAULT_CIPHERS
180 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
181#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200182#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200183#ifdef LISTEN_DEFAULT_CIPHERSUITES
184 .listen_default_ciphersuites = LISTEN_DEFAULT_CIPHERSUITES,
185#endif
186#ifdef CONNECT_DEFAULT_CIPHERSUITES
187 .connect_default_ciphersuites = CONNECT_DEFAULT_CIPHERSUITES,
188#endif
189#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100190 .listen_default_ssloptions = BC_SSL_O_NONE,
191 .connect_default_ssloptions = SRV_SSL_O_NONE,
192
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200193 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
194 .listen_default_sslmethods.min = CONF_TLSV_NONE,
195 .listen_default_sslmethods.max = CONF_TLSV_NONE,
196 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
197 .connect_default_sslmethods.min = CONF_TLSV_NONE,
198 .connect_default_sslmethods.max = CONF_TLSV_NONE,
199
Willy Tarreauef934602016-12-22 23:12:01 +0100200#ifdef DEFAULT_SSL_MAX_RECORD
201 .max_record = DEFAULT_SSL_MAX_RECORD,
202#endif
203 .default_dh_param = SSL_DEFAULT_DH_PARAM,
204 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100205 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100206};
207
Olivier Houcharda8955d52019-04-07 22:00:38 +0200208static BIO_METHOD *ha_meth;
209
Olivier Houchard66ab4982019-02-26 18:37:15 +0100210struct ssl_sock_ctx {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200211 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100212 SSL *ssl;
Olivier Houcharda8955d52019-04-07 22:00:38 +0200213 BIO *bio;
Olivier Houchard5149b592019-05-23 17:47:36 +0200214 const struct xprt_ops *xprt;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100215 void *xprt_ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +0200216 struct wait_event wait_event;
217 struct wait_event *recv_wait;
218 struct wait_event *send_wait;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +0100219 int xprt_st; /* transport layer state, initialized to zero */
Olivier Houchard54907bb2019-12-19 15:02:39 +0100220 struct buffer early_buf; /* buffer to store the early data received */
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +0100221 int sent_early_data; /* Amount of early data we sent so far */
222
Olivier Houchard66ab4982019-02-26 18:37:15 +0100223};
224
225DECLARE_STATIC_POOL(ssl_sock_ctx_pool, "ssl_sock_ctx_pool", sizeof(struct ssl_sock_ctx));
226
Olivier Houchardea8dd942019-05-20 14:02:16 +0200227static struct task *ssl_sock_io_cb(struct task *, void *, unsigned short);
Olivier Houchard000694c2019-05-23 14:45:12 +0200228static int ssl_sock_handshake(struct connection *conn, unsigned int flag);
Olivier Houchardea8dd942019-05-20 14:02:16 +0200229
Olivier Houcharda8955d52019-04-07 22:00:38 +0200230/* Methods to implement OpenSSL BIO */
231static int ha_ssl_write(BIO *h, const char *buf, int num)
232{
233 struct buffer tmpbuf;
234 struct ssl_sock_ctx *ctx;
235 int ret;
236
237 ctx = BIO_get_data(h);
238 tmpbuf.size = num;
239 tmpbuf.area = (void *)(uintptr_t)buf;
240 tmpbuf.data = num;
241 tmpbuf.head = 0;
242 ret = ctx->xprt->snd_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, num, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200243 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_WR_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200244 BIO_set_retry_write(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200245 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200246 } else if (ret == 0)
247 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200248 return ret;
249}
250
251static int ha_ssl_gets(BIO *h, char *buf, int size)
252{
253
254 return 0;
255}
256
257static int ha_ssl_puts(BIO *h, const char *str)
258{
259
260 return ha_ssl_write(h, str, strlen(str));
261}
262
263static int ha_ssl_read(BIO *h, char *buf, int size)
264{
265 struct buffer tmpbuf;
266 struct ssl_sock_ctx *ctx;
267 int ret;
268
269 ctx = BIO_get_data(h);
270 tmpbuf.size = size;
271 tmpbuf.area = buf;
272 tmpbuf.data = 0;
273 tmpbuf.head = 0;
274 ret = ctx->xprt->rcv_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, size, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200275 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_RD_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200276 BIO_set_retry_read(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200277 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200278 } else if (ret == 0)
279 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200280
281 return ret;
282}
283
284static long ha_ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2)
285{
286 int ret = 0;
287 switch (cmd) {
288 case BIO_CTRL_DUP:
289 case BIO_CTRL_FLUSH:
290 ret = 1;
291 break;
292 }
293 return ret;
294}
295
296static int ha_ssl_new(BIO *h)
297{
298 BIO_set_init(h, 1);
299 BIO_set_data(h, NULL);
300 BIO_clear_flags(h, ~0);
301 return 1;
302}
303
304static int ha_ssl_free(BIO *data)
305{
306
307 return 1;
308}
309
310
Willy Tarreau5db847a2019-05-09 14:13:35 +0200311#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100312
Emeric Brun821bb9b2017-06-15 16:37:39 +0200313static HA_RWLOCK_T *ssl_rwlocks;
314
315
316unsigned long ssl_id_function(void)
317{
318 return (unsigned long)tid;
319}
320
321void ssl_locking_function(int mode, int n, const char * file, int line)
322{
323 if (mode & CRYPTO_LOCK) {
324 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100325 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200326 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100327 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200328 }
329 else {
330 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100331 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200332 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100333 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200334 }
335}
336
337static int ssl_locking_init(void)
338{
339 int i;
340
341 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
342 if (!ssl_rwlocks)
343 return -1;
344
345 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100346 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200347
348 CRYPTO_set_id_callback(ssl_id_function);
349 CRYPTO_set_locking_callback(ssl_locking_function);
350
351 return 0;
352}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100353
Emeric Brun821bb9b2017-06-15 16:37:39 +0200354#endif
355
William Lallemand150bfa82019-09-19 17:12:49 +0200356__decl_hathreads(HA_SPINLOCK_T ckch_lock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200357
William Lallemandbc6ca7c2019-10-29 23:48:19 +0100358/* Uncommitted CKCH transaction */
359
360static struct {
361 struct ckch_store *new_ckchs;
362 struct ckch_store *old_ckchs;
363 char *path;
364} ckchs_transaction;
365
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +0200366/*
Emmanuel Hocdetb270e812019-11-21 19:09:31 +0100367 * deduplicate cafile (and crlfile)
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +0200368 */
369struct cafile_entry {
370 X509_STORE *ca_store;
Emmanuel Hocdet129d3282019-10-24 18:08:51 +0200371 STACK_OF(X509_NAME) *ca_list;
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +0200372 struct ebmb_node node;
373 char path[0];
374};
375
376static struct eb_root cafile_tree = EB_ROOT_UNIQUE;
377
378static X509_STORE* ssl_store_get0_locations_file(char *path)
379{
380 struct ebmb_node *eb;
381
382 eb = ebst_lookup(&cafile_tree, path);
383 if (eb) {
384 struct cafile_entry *ca_e;
385 ca_e = ebmb_entry(eb, struct cafile_entry, node);
386 return ca_e->ca_store;
387 }
388 return NULL;
389}
390
391static int ssl_store_load_locations_file(char *path)
392{
393 if (ssl_store_get0_locations_file(path) == NULL) {
394 struct cafile_entry *ca_e;
395 X509_STORE *store = X509_STORE_new();
396 if (X509_STORE_load_locations(store, path, NULL)) {
397 int pathlen;
398 pathlen = strlen(path);
399 ca_e = calloc(1, sizeof(*ca_e) + pathlen + 1);
400 if (ca_e) {
401 memcpy(ca_e->path, path, pathlen + 1);
402 ca_e->ca_store = store;
403 ebst_insert(&cafile_tree, &ca_e->node);
404 return 1;
405 }
406 }
407 X509_STORE_free(store);
408 return 0;
409 }
410 return 1;
411}
412
413/* mimic what X509_STORE_load_locations do with store_ctx */
414static int ssl_set_cert_crl_file(X509_STORE *store_ctx, char *path)
415{
416 X509_STORE *store;
417 store = ssl_store_get0_locations_file(path);
418 if (store_ctx && store) {
419 int i;
420 X509_OBJECT *obj;
421 STACK_OF(X509_OBJECT) *objs = X509_STORE_get0_objects(store);
422 for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
423 obj = sk_X509_OBJECT_value(objs, i);
424 switch (X509_OBJECT_get_type(obj)) {
425 case X509_LU_X509:
426 X509_STORE_add_cert(store_ctx, X509_OBJECT_get0_X509(obj));
427 break;
428 case X509_LU_CRL:
429 X509_STORE_add_crl(store_ctx, X509_OBJECT_get0_X509_CRL(obj));
430 break;
431 default:
432 break;
433 }
434 }
435 return 1;
436 }
437 return 0;
438}
439
440/* SSL_CTX_load_verify_locations substitute, internaly call X509_STORE_load_locations */
441static int ssl_set_verify_locations_file(SSL_CTX *ctx, char *path)
442{
443 X509_STORE *store_ctx = SSL_CTX_get_cert_store(ctx);
444 return ssl_set_cert_crl_file(store_ctx, path);
445}
446
Emmanuel Hocdet129d3282019-10-24 18:08:51 +0200447/*
448 Extract CA_list from CA_file already in tree.
449 Duplicate ca_name is tracking with ebtree. It's simplify openssl compatibility.
450 Return a shared ca_list: SSL_dup_CA_list must be used before set it on SSL_CTX.
451*/
452static STACK_OF(X509_NAME)* ssl_get_client_ca_file(char *path)
453{
454 struct ebmb_node *eb;
455 struct cafile_entry *ca_e;
456
457 eb = ebst_lookup(&cafile_tree, path);
458 if (!eb)
459 return NULL;
460 ca_e = ebmb_entry(eb, struct cafile_entry, node);
461
462 if (ca_e->ca_list == NULL) {
463 int i;
464 unsigned long key;
465 struct eb_root ca_name_tree = EB_ROOT;
466 struct eb64_node *node, *back;
467 struct {
468 struct eb64_node node;
469 X509_NAME *xname;
470 } *ca_name;
471 STACK_OF(X509_OBJECT) *objs;
472 STACK_OF(X509_NAME) *skn;
473 X509 *x;
474 X509_NAME *xn;
475
476 skn = sk_X509_NAME_new_null();
477 /* take x509 from cafile_tree */
478 objs = X509_STORE_get0_objects(ca_e->ca_store);
479 for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
480 x = X509_OBJECT_get0_X509(sk_X509_OBJECT_value(objs, i));
481 if (!x)
482 continue;
483 xn = X509_get_subject_name(x);
484 if (!xn)
485 continue;
486 /* Check for duplicates. */
487 key = X509_NAME_hash(xn);
488 for (node = eb64_lookup(&ca_name_tree, key), ca_name = NULL;
489 node && ca_name == NULL;
490 node = eb64_next(node)) {
491 ca_name = container_of(node, typeof(*ca_name), node);
492 if (X509_NAME_cmp(xn, ca_name->xname) != 0)
493 ca_name = NULL;
494 }
495 /* find a duplicate */
496 if (ca_name)
497 continue;
498 ca_name = calloc(1, sizeof *ca_name);
499 xn = X509_NAME_dup(xn);
500 if (!ca_name ||
501 !xn ||
502 !sk_X509_NAME_push(skn, xn)) {
503 free(ca_name);
504 X509_NAME_free(xn);
505 sk_X509_NAME_pop_free(skn, X509_NAME_free);
506 sk_X509_NAME_free(skn);
507 skn = NULL;
508 break;
509 }
510 ca_name->node.key = key;
511 ca_name->xname = xn;
512 eb64_insert(&ca_name_tree, &ca_name->node);
513 }
514 ca_e->ca_list = skn;
515 /* remove temporary ca_name tree */
516 node = eb64_first(&ca_name_tree);
517 while (node) {
518 ca_name = container_of(node, typeof(*ca_name), node);
519 back = eb64_next(node);
520 eb64_delete(node);
521 free(ca_name);
522 node = back;
523 }
524 }
525 return ca_e->ca_list;
526}
527
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100528/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100529struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100530 unsigned long long int xxh64;
531 unsigned char ciphersuite_len;
532 char ciphersuite[0];
533};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100534struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100535static int ssl_capture_ptr_index = -1;
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200536static int ssl_app_data_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100537
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200538#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
539struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
540#endif
541
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200542#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000543static unsigned int openssl_engines_initialized;
544struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
545struct ssl_engine_list {
546 struct list list;
547 ENGINE *e;
548};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200549#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000550
Remi Gacogne8de54152014-07-15 11:36:40 +0200551#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200552static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200553static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200554static DH *local_dh_1024 = NULL;
555static DH *local_dh_2048 = NULL;
556static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100557static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200558#endif /* OPENSSL_NO_DH */
559
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100560#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200561/* X509V3 Extensions that will be added on generated certificates */
562#define X509V3_EXT_SIZE 5
563static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
564 "basicConstraints",
565 "nsComment",
566 "subjectKeyIdentifier",
567 "authorityKeyIdentifier",
568 "keyUsage",
569};
570static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
571 "CA:FALSE",
572 "\"OpenSSL Generated Certificate\"",
573 "hash",
574 "keyid,issuer:always",
575 "nonRepudiation,digitalSignature,keyEncipherment"
576};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200577/* LRU cache to store generated certificate */
578static struct lru64_head *ssl_ctx_lru_tree = NULL;
579static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200580static unsigned int ssl_ctx_serial;
Willy Tarreau86abe442018-11-25 20:12:18 +0100581__decl_rwlock(ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200582
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200583#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
584
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100585static struct ssl_bind_kw ssl_bind_kws[];
586
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200587#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhube2774d2015-12-10 15:07:30 -0500588/* The order here matters for picking a default context,
589 * keep the most common keytype at the bottom of the list
590 */
591const char *SSL_SOCK_KEYTYPE_NAMES[] = {
592 "dsa",
593 "ecdsa",
594 "rsa"
595};
596#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100597#else
598#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500599#endif
600
William Lallemandc3cd35f2017-11-28 11:04:43 +0100601static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100602static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
603
604#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
605
606#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
607 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
608
609#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
610 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200611
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100612/*
613 * This function gives the detail of the SSL error. It is used only
614 * if the debug mode and the verbose mode are activated. It dump all
615 * the SSL error until the stack was empty.
616 */
617static forceinline void ssl_sock_dump_errors(struct connection *conn)
618{
619 unsigned long ret;
620
621 if (unlikely(global.mode & MODE_DEBUG)) {
622 while(1) {
623 ret = ERR_get_error();
624 if (ret == 0)
625 return;
626 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200627 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100628 ERR_func_error_string(ret), ERR_reason_error_string(ret));
629 }
630 }
631}
632
yanbzhube2774d2015-12-10 15:07:30 -0500633
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200634#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000635static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
636{
637 int err_code = ERR_ABORT;
638 ENGINE *engine;
639 struct ssl_engine_list *el;
640
641 /* grab the structural reference to the engine */
642 engine = ENGINE_by_id(engine_id);
643 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100644 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000645 goto fail_get;
646 }
647
648 if (!ENGINE_init(engine)) {
649 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100650 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000651 goto fail_init;
652 }
653
654 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100655 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000656 goto fail_set_method;
657 }
658
659 el = calloc(1, sizeof(*el));
660 el->e = engine;
661 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100662 nb_engines++;
663 if (global_ssl.async)
664 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000665 return 0;
666
667fail_set_method:
668 /* release the functional reference from ENGINE_init() */
669 ENGINE_finish(engine);
670
671fail_init:
672 /* release the structural reference from ENGINE_by_id() */
673 ENGINE_free(engine);
674
675fail_get:
676 return err_code;
677}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200678#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000679
Willy Tarreau5db847a2019-05-09 14:13:35 +0200680#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200681/*
682 * openssl async fd handler
683 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200684void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000685{
Olivier Houchardea8dd942019-05-20 14:02:16 +0200686 struct ssl_sock_ctx *ctx = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000687
Emeric Brun3854e012017-05-17 20:42:48 +0200688 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000689 * to poll this fd until it is requested
690 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000691 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000692 fd_cant_recv(fd);
693
694 /* crypto engine is available, let's notify the associated
695 * connection that it can pursue its processing.
696 */
Olivier Houchard03abf2d2019-05-28 10:12:02 +0200697 ssl_sock_io_cb(NULL, ctx, 0);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000698}
699
Emeric Brun3854e012017-05-17 20:42:48 +0200700/*
701 * openssl async delayed SSL_free handler
702 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200703void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000704{
705 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200706 OSSL_ASYNC_FD all_fd[32];
707 size_t num_all_fds = 0;
708 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000709
Emeric Brun3854e012017-05-17 20:42:48 +0200710 /* We suppose that the async job for a same SSL *
711 * are serialized. So if we are awake it is
712 * because the running job has just finished
713 * and we can remove all async fds safely
714 */
715 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
716 if (num_all_fds > 32) {
717 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
718 return;
719 }
720
721 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
722 for (i=0 ; i < num_all_fds ; i++)
723 fd_remove(all_fd[i]);
724
725 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000726 SSL_free(ssl);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +0100727 _HA_ATOMIC_SUB(&sslconns, 1);
728 _HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000729}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000730/*
Emeric Brun3854e012017-05-17 20:42:48 +0200731 * function used to manage a returned SSL_ERROR_WANT_ASYNC
732 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000733 */
Olivier Houchardea8dd942019-05-20 14:02:16 +0200734static inline void ssl_async_process_fds(struct ssl_sock_ctx *ctx)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000735{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100736 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200737 OSSL_ASYNC_FD del_fd[32];
Olivier Houchardea8dd942019-05-20 14:02:16 +0200738 SSL *ssl = ctx->ssl;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000739 size_t num_add_fds = 0;
740 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200741 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000742
743 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
744 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200745 if (num_add_fds > 32 || num_del_fds > 32) {
746 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000747 return;
748 }
749
Emeric Brun3854e012017-05-17 20:42:48 +0200750 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000751
Emeric Brun3854e012017-05-17 20:42:48 +0200752 /* We remove unused fds from the fdtab */
753 for (i=0 ; i < num_del_fds ; i++)
754 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000755
Emeric Brun3854e012017-05-17 20:42:48 +0200756 /* We add new fds to the fdtab */
757 for (i=0 ; i < num_add_fds ; i++) {
Olivier Houchardea8dd942019-05-20 14:02:16 +0200758 fd_insert(add_fd[i], ctx, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000759 }
760
Emeric Brun3854e012017-05-17 20:42:48 +0200761 num_add_fds = 0;
762 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
763 if (num_add_fds > 32) {
764 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
765 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000766 }
Emeric Brun3854e012017-05-17 20:42:48 +0200767
768 /* We activate the polling for all known async fds */
769 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000770 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200771 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000772 /* To ensure that the fd cache won't be used
773 * We'll prefer to catch a real RD event
774 * because handling an EAGAIN on this fd will
775 * result in a context switch and also
776 * some engines uses a fd in blocking mode.
777 */
778 fd_cant_recv(add_fd[i]);
779 }
Emeric Brun3854e012017-05-17 20:42:48 +0200780
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000781}
782#endif
783
William Lallemand104a7a62019-10-14 14:14:59 +0200784#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200785/*
786 * This function returns the number of seconds elapsed
787 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
788 * date presented un ASN1_GENERALIZEDTIME.
789 *
790 * In parsing error case, it returns -1.
791 */
792static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
793{
794 long epoch;
795 char *p, *end;
796 const unsigned short month_offset[12] = {
797 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
798 };
799 int year, month;
800
801 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
802
803 p = (char *)d->data;
804 end = p + d->length;
805
806 if (end - p < 4) return -1;
807 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
808 p += 4;
809 if (end - p < 2) return -1;
810 month = 10 * (p[0] - '0') + p[1] - '0';
811 if (month < 1 || month > 12) return -1;
812 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
813 We consider leap years and the current month (<marsh or not) */
814 epoch = ( ((year - 1970) * 365)
815 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
816 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
817 + month_offset[month-1]
818 ) * 24 * 60 * 60;
819 p += 2;
820 if (end - p < 2) return -1;
821 /* Add the number of seconds of completed days of current month */
822 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
823 p += 2;
824 if (end - p < 2) return -1;
825 /* Add the completed hours of the current day */
826 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
827 p += 2;
828 if (end - p < 2) return -1;
829 /* Add the completed minutes of the current hour */
830 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
831 p += 2;
832 if (p == end) return -1;
833 /* Test if there is available seconds */
834 if (p[0] < '0' || p[0] > '9')
835 goto nosec;
836 if (end - p < 2) return -1;
837 /* Add the seconds of the current minute */
838 epoch += 10 * (p[0] - '0') + p[1] - '0';
839 p += 2;
840 if (p == end) return -1;
841 /* Ignore seconds float part if present */
842 if (p[0] == '.') {
843 do {
844 if (++p == end) return -1;
845 } while (p[0] >= '0' && p[0] <= '9');
846 }
847
848nosec:
849 if (p[0] == 'Z') {
850 if (end - p != 1) return -1;
851 return epoch;
852 }
853 else if (p[0] == '+') {
854 if (end - p != 5) return -1;
855 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700856 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200857 }
858 else if (p[0] == '-') {
859 if (end - p != 5) return -1;
860 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700861 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200862 }
863
864 return -1;
865}
866
William Lallemand104a7a62019-10-14 14:14:59 +0200867/*
868 * struct alignment works here such that the key.key is the same as key_data
869 * Do not change the placement of key_data
870 */
871struct certificate_ocsp {
872 struct ebmb_node key;
873 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
874 struct buffer response;
875 long expire;
876};
877
878struct ocsp_cbk_arg {
879 int is_single;
880 int single_kt;
881 union {
882 struct certificate_ocsp *s_ocsp;
883 /*
884 * m_ocsp will have multiple entries dependent on key type
885 * Entry 0 - DSA
886 * Entry 1 - ECDSA
887 * Entry 2 - RSA
888 */
889 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
890 };
891};
892
Emeric Brun1d3865b2014-06-20 15:37:32 +0200893static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200894
895/* This function starts to check if the OCSP response (in DER format) contained
896 * in chunk 'ocsp_response' is valid (else exits on error).
897 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
898 * contained in the OCSP Response and exits on error if no match.
899 * If it's a valid OCSP Response:
900 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
901 * pointed by 'ocsp'.
902 * If 'ocsp' is NULL, the function looks up into the OCSP response's
903 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
904 * from the response) and exits on error if not found. Finally, If an OCSP response is
905 * already present in the container, it will be overwritten.
906 *
907 * Note: OCSP response containing more than one OCSP Single response is not
908 * considered valid.
909 *
910 * Returns 0 on success, 1 in error case.
911 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200912static int ssl_sock_load_ocsp_response(struct buffer *ocsp_response,
913 struct certificate_ocsp *ocsp,
914 OCSP_CERTID *cid, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200915{
916 OCSP_RESPONSE *resp;
917 OCSP_BASICRESP *bs = NULL;
918 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200919 OCSP_CERTID *id;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200920 unsigned char *p = (unsigned char *) ocsp_response->area;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200921 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200922 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200923 int reason;
924 int ret = 1;
925
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200926 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p,
927 ocsp_response->data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200928 if (!resp) {
929 memprintf(err, "Unable to parse OCSP response");
930 goto out;
931 }
932
933 rc = OCSP_response_status(resp);
934 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
935 memprintf(err, "OCSP response status not successful");
936 goto out;
937 }
938
939 bs = OCSP_response_get1_basic(resp);
940 if (!bs) {
941 memprintf(err, "Failed to get basic response from OCSP Response");
942 goto out;
943 }
944
945 count_sr = OCSP_resp_count(bs);
946 if (count_sr > 1) {
947 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
948 goto out;
949 }
950
951 sr = OCSP_resp_get0(bs, 0);
952 if (!sr) {
953 memprintf(err, "Failed to get OCSP single response");
954 goto out;
955 }
956
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200957 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
958
Emeric Brun4147b2e2014-06-16 18:36:30 +0200959 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200960 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200961 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200962 goto out;
963 }
964
Emeric Brun13a6b482014-06-20 15:44:34 +0200965 if (!nextupd) {
966 memprintf(err, "OCSP single response: missing nextupdate");
967 goto out;
968 }
969
Emeric Brunc8b27b62014-06-19 14:16:17 +0200970 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200971 if (!rc) {
972 memprintf(err, "OCSP single response: no longer valid.");
973 goto out;
974 }
975
976 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200977 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200978 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
979 goto out;
980 }
981 }
982
983 if (!ocsp) {
984 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
985 unsigned char *p;
986
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200987 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200988 if (!rc) {
989 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
990 goto out;
991 }
992
993 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
994 memprintf(err, "OCSP single response: Certificate ID too long");
995 goto out;
996 }
997
998 p = key;
999 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001000 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001001 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
1002 if (!ocsp) {
1003 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
1004 goto out;
1005 }
1006 }
1007
1008 /* According to comments on "chunk_dup", the
1009 previous chunk buffer will be freed */
1010 if (!chunk_dup(&ocsp->response, ocsp_response)) {
1011 memprintf(err, "OCSP response: Memory allocation error");
1012 goto out;
1013 }
1014
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001015 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
1016
Emeric Brun4147b2e2014-06-16 18:36:30 +02001017 ret = 0;
1018out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +01001019 ERR_clear_error();
1020
Emeric Brun4147b2e2014-06-16 18:36:30 +02001021 if (bs)
1022 OCSP_BASICRESP_free(bs);
1023
1024 if (resp)
1025 OCSP_RESPONSE_free(resp);
1026
1027 return ret;
1028}
1029/*
1030 * External function use to update the OCSP response in the OCSP response's
1031 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
1032 * to update in DER format.
1033 *
1034 * Returns 0 on success, 1 in error case.
1035 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001036int ssl_sock_update_ocsp_response(struct buffer *ocsp_response, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001037{
1038 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
1039}
1040
William Lallemand4a660132019-10-14 14:51:41 +02001041#endif
1042
1043#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001044/*
1045 * This function load the OCSP Resonse in DER format contained in file at
William Lallemand3b5f3602019-10-16 18:05:05 +02001046 * path 'ocsp_path' or base64 in a buffer <buf>
Emeric Brun4147b2e2014-06-16 18:36:30 +02001047 *
1048 * Returns 0 on success, 1 in error case.
1049 */
William Lallemand3b5f3602019-10-16 18:05:05 +02001050static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, char *buf, struct cert_key_and_chain *ckch, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001051{
1052 int fd = -1;
1053 int r = 0;
1054 int ret = 1;
William Lallemand3b5f3602019-10-16 18:05:05 +02001055 struct buffer *ocsp_response;
1056 struct buffer *src = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001057
William Lallemand3b5f3602019-10-16 18:05:05 +02001058 if (buf) {
1059 int i, j;
1060 /* if it's from a buffer it will be base64 */
Emeric Brun4147b2e2014-06-16 18:36:30 +02001061
William Lallemand3b5f3602019-10-16 18:05:05 +02001062 /* remove \r and \n from the payload */
1063 for (i = 0, j = 0; buf[i]; i++) {
1064 if (buf[i] == '\r' || buf[i] == '\n')
Emeric Brun4147b2e2014-06-16 18:36:30 +02001065 continue;
William Lallemand3b5f3602019-10-16 18:05:05 +02001066 buf[j++] = buf[i];
1067 }
1068 buf[j] = 0;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001069
William Lallemand3b5f3602019-10-16 18:05:05 +02001070 ret = base64dec(buf, j, trash.area, trash.size);
1071 if (ret < 0) {
1072 memprintf(err, "Error reading OCSP response in base64 format");
Emeric Brun4147b2e2014-06-16 18:36:30 +02001073 goto end;
1074 }
William Lallemand3b5f3602019-10-16 18:05:05 +02001075 trash.data = ret;
1076 src = &trash;
1077 } else {
1078 fd = open(ocsp_path, O_RDONLY);
1079 if (fd == -1) {
1080 memprintf(err, "Error opening OCSP response file");
1081 goto end;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001082 }
William Lallemand3b5f3602019-10-16 18:05:05 +02001083
1084 trash.data = 0;
1085 while (trash.data < trash.size) {
1086 r = read(fd, trash.area + trash.data, trash.size - trash.data);
1087 if (r < 0) {
1088 if (errno == EINTR)
1089 continue;
1090
1091 memprintf(err, "Error reading OCSP response from file");
1092 goto end;
1093 }
1094 else if (r == 0) {
1095 break;
1096 }
1097 trash.data += r;
1098 }
1099 close(fd);
1100 fd = -1;
1101 src = &trash;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001102 }
1103
William Lallemand3b5f3602019-10-16 18:05:05 +02001104 ocsp_response = calloc(1, sizeof(*ocsp_response));
1105 if (!chunk_dup(ocsp_response, src)) {
1106 free(ocsp_response);
1107 ocsp_response = NULL;
William Lallemand246c0242019-10-11 08:59:13 +02001108 goto end;
1109 }
1110
William Lallemand3b5f3602019-10-16 18:05:05 +02001111 ckch->ocsp_response = ocsp_response;
William Lallemande0f48ae2019-10-15 13:44:57 +02001112 ret = 0;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001113end:
1114 if (fd != -1)
1115 close(fd);
1116
1117 return ret;
1118}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001119#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +02001120
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001121#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
1122static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
1123{
Christopher Faulet16f45c82018-02-16 11:23:49 +01001124 struct tls_keys_ref *ref;
Emeric Brun9e754772019-01-10 17:51:55 +01001125 union tls_sess_key *keys;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001126 struct connection *conn;
1127 int head;
1128 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001129 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001130
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001131 conn = SSL_get_ex_data(s, ssl_app_data_index);
Willy Tarreau07d94e42018-09-20 10:57:52 +02001132 ref = __objt_listener(conn->target)->bind_conf->keys_ref;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001133 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
1134
1135 keys = ref->tlskeys;
1136 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001137
1138 if (enc) {
1139 memcpy(key_name, keys[head].name, 16);
1140
1141 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +01001142 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001143
Emeric Brun9e754772019-01-10 17:51:55 +01001144 if (ref->key_size_bits == 128) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001145
Emeric Brun9e754772019-01-10 17:51:55 +01001146 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].key_128.aes_key, iv))
1147 goto end;
1148
Willy Tarreau9356dac2019-05-10 09:22:53 +02001149 HMAC_Init_ex(hctx, keys[head].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +01001150 ret = 1;
1151 }
1152 else if (ref->key_size_bits == 256 ) {
1153
1154 if(!EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[head].key_256.aes_key, iv))
1155 goto end;
1156
Willy Tarreau9356dac2019-05-10 09:22:53 +02001157 HMAC_Init_ex(hctx, keys[head].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +01001158 ret = 1;
1159 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001160 } else {
1161 for (i = 0; i < TLS_TICKETS_NO; i++) {
1162 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
1163 goto found;
1164 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01001165 ret = 0;
1166 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001167
Christopher Faulet16f45c82018-02-16 11:23:49 +01001168 found:
Emeric Brun9e754772019-01-10 17:51:55 +01001169 if (ref->key_size_bits == 128) {
Willy Tarreau9356dac2019-05-10 09:22:53 +02001170 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +01001171 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_128.aes_key, iv))
1172 goto end;
1173 /* 2 for key renewal, 1 if current key is still valid */
1174 ret = i ? 2 : 1;
1175 }
1176 else if (ref->key_size_bits == 256) {
Willy Tarreau9356dac2019-05-10 09:22:53 +02001177 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +01001178 if(!EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_256.aes_key, iv))
1179 goto end;
1180 /* 2 for key renewal, 1 if current key is still valid */
1181 ret = i ? 2 : 1;
1182 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001183 }
Emeric Brun9e754772019-01-10 17:51:55 +01001184
Christopher Faulet16f45c82018-02-16 11:23:49 +01001185 end:
1186 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
1187 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001188}
1189
1190struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
1191{
1192 struct tls_keys_ref *ref;
1193
1194 list_for_each_entry(ref, &tlskeys_reference, list)
1195 if (ref->filename && strcmp(filename, ref->filename) == 0)
1196 return ref;
1197 return NULL;
1198}
1199
1200struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
1201{
1202 struct tls_keys_ref *ref;
1203
1204 list_for_each_entry(ref, &tlskeys_reference, list)
1205 if (ref->unique_id == unique_id)
1206 return ref;
1207 return NULL;
1208}
1209
Emeric Brun9e754772019-01-10 17:51:55 +01001210/* Update the key into ref: if keysize doesnt
1211 * match existing ones, this function returns -1
1212 * else it returns 0 on success.
1213 */
1214int ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref,
Willy Tarreau83061a82018-07-13 11:56:34 +02001215 struct buffer *tlskey)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001216{
Emeric Brun9e754772019-01-10 17:51:55 +01001217 if (ref->key_size_bits == 128) {
1218 if (tlskey->data != sizeof(struct tls_sess_key_128))
1219 return -1;
1220 }
1221 else if (ref->key_size_bits == 256) {
1222 if (tlskey->data != sizeof(struct tls_sess_key_256))
1223 return -1;
1224 }
1225 else
1226 return -1;
1227
Christopher Faulet16f45c82018-02-16 11:23:49 +01001228 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001229 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)),
1230 tlskey->area, tlskey->data);
Christopher Faulet16f45c82018-02-16 11:23:49 +01001231 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
1232 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Emeric Brun9e754772019-01-10 17:51:55 +01001233
1234 return 0;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001235}
1236
Willy Tarreau83061a82018-07-13 11:56:34 +02001237int ssl_sock_update_tlskey(char *filename, struct buffer *tlskey, char **err)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001238{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001239 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
1240
1241 if(!ref) {
1242 memprintf(err, "Unable to locate the referenced filename: %s", filename);
1243 return 1;
1244 }
Emeric Brun9e754772019-01-10 17:51:55 +01001245 if (ssl_sock_update_tlskey_ref(ref, tlskey) < 0) {
1246 memprintf(err, "Invalid key size");
1247 return 1;
1248 }
1249
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001250 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001251}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001252
1253/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +01001254 * automatic ids. It's called just after the basic checks. It returns
1255 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001256 */
Willy Tarreaud1c57502016-12-22 22:46:15 +01001257static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001258{
1259 int i = 0;
1260 struct tls_keys_ref *ref, *ref2, *ref3;
1261 struct list tkr = LIST_HEAD_INIT(tkr);
1262
1263 list_for_each_entry(ref, &tlskeys_reference, list) {
1264 if (ref->unique_id == -1) {
1265 /* Look for the first free id. */
1266 while (1) {
1267 list_for_each_entry(ref2, &tlskeys_reference, list) {
1268 if (ref2->unique_id == i) {
1269 i++;
1270 break;
1271 }
1272 }
1273 if (&ref2->list == &tlskeys_reference)
1274 break;
1275 }
1276
1277 /* Uses the unique id and increment it for the next entry. */
1278 ref->unique_id = i;
1279 i++;
1280 }
1281 }
1282
1283 /* This sort the reference list by id. */
1284 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
1285 LIST_DEL(&ref->list);
1286 list_for_each_entry(ref3, &tkr, list) {
1287 if (ref->unique_id < ref3->unique_id) {
1288 LIST_ADDQ(&ref3->list, &ref->list);
1289 break;
1290 }
1291 }
1292 if (&ref3->list == &tkr)
1293 LIST_ADDQ(&tkr, &ref->list);
1294 }
1295
1296 /* swap root */
1297 LIST_ADD(&tkr, &tlskeys_reference);
1298 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +01001299 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001300}
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001301#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
1302
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001303#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -05001304int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
1305{
1306 switch (evp_keytype) {
1307 case EVP_PKEY_RSA:
1308 return 2;
1309 case EVP_PKEY_DSA:
1310 return 0;
1311 case EVP_PKEY_EC:
1312 return 1;
1313 }
1314
1315 return -1;
1316}
1317
Emeric Brun4147b2e2014-06-16 18:36:30 +02001318/*
1319 * Callback used to set OCSP status extension content in server hello.
1320 */
1321int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
1322{
yanbzhube2774d2015-12-10 15:07:30 -05001323 struct certificate_ocsp *ocsp;
1324 struct ocsp_cbk_arg *ocsp_arg;
1325 char *ssl_buf;
1326 EVP_PKEY *ssl_pkey;
1327 int key_type;
1328 int index;
1329
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001330 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -05001331
1332 ssl_pkey = SSL_get_privatekey(ssl);
1333 if (!ssl_pkey)
1334 return SSL_TLSEXT_ERR_NOACK;
1335
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001336 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001337
1338 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
1339 ocsp = ocsp_arg->s_ocsp;
1340 else {
1341 /* For multiple certs per context, we have to find the correct OCSP response based on
1342 * the certificate type
1343 */
1344 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
1345
1346 if (index < 0)
1347 return SSL_TLSEXT_ERR_NOACK;
1348
1349 ocsp = ocsp_arg->m_ocsp[index];
1350
1351 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001352
1353 if (!ocsp ||
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001354 !ocsp->response.area ||
1355 !ocsp->response.data ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001356 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001357 return SSL_TLSEXT_ERR_NOACK;
1358
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001359 ssl_buf = OPENSSL_malloc(ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001360 if (!ssl_buf)
1361 return SSL_TLSEXT_ERR_NOACK;
1362
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001363 memcpy(ssl_buf, ocsp->response.area, ocsp->response.data);
1364 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001365
1366 return SSL_TLSEXT_ERR_OK;
1367}
1368
William Lallemand4a660132019-10-14 14:51:41 +02001369#endif
1370
1371#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001372/*
1373 * This function enables the handling of OCSP status extension on 'ctx' if a
William Lallemand246c0242019-10-11 08:59:13 +02001374 * ocsp_response buffer was found in the cert_key_and_chain. To enable OCSP
1375 * status extension, the issuer's certificate is mandatory. It should be
1376 * present in ckch->ocsp_issuer.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001377 *
William Lallemand246c0242019-10-11 08:59:13 +02001378 * In addition, the ckch->ocsp_reponse buffer is loaded as a DER format of an
1379 * OCSP response. If file is empty or content is not a valid OCSP response,
1380 * OCSP status extension is enabled but OCSP response is ignored (a warning is
1381 * displayed).
Emeric Brun4147b2e2014-06-16 18:36:30 +02001382 *
1383 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
Joseph Herlant017b3da2018-11-15 09:07:59 -08001384 * successfully enabled, or -1 in other error case.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001385 */
William Lallemand4a660132019-10-14 14:51:41 +02001386#ifndef OPENSSL_IS_BORINGSSL
William Lallemand246c0242019-10-11 08:59:13 +02001387static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckch)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001388{
William Lallemand246c0242019-10-11 08:59:13 +02001389 X509 *x = NULL, *issuer = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001390 OCSP_CERTID *cid = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001391 int i, ret = -1;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001392 struct certificate_ocsp *ocsp = NULL, *iocsp;
1393 char *warn = NULL;
1394 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001395 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001396
Emeric Brun4147b2e2014-06-16 18:36:30 +02001397
William Lallemand246c0242019-10-11 08:59:13 +02001398 x = ckch->cert;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001399 if (!x)
1400 goto out;
1401
William Lallemand246c0242019-10-11 08:59:13 +02001402 issuer = ckch->ocsp_issuer;
1403 if (!issuer)
1404 goto out;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001405
1406 cid = OCSP_cert_to_id(0, x, issuer);
1407 if (!cid)
1408 goto out;
1409
1410 i = i2d_OCSP_CERTID(cid, NULL);
1411 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1412 goto out;
1413
Vincent Bernat02779b62016-04-03 13:48:43 +02001414 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001415 if (!ocsp)
1416 goto out;
1417
1418 p = ocsp->key_data;
1419 i2d_OCSP_CERTID(cid, &p);
1420
1421 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1422 if (iocsp == ocsp)
1423 ocsp = NULL;
1424
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001425#ifndef SSL_CTX_get_tlsext_status_cb
1426# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1427 *cb = (void (*) (void))ctx->tlsext_status_cb;
1428#endif
1429 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1430
1431 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001432 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001433 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001434
1435 cb_arg->is_single = 1;
1436 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001437
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001438 pkey = X509_get_pubkey(x);
1439 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1440 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001441
1442 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1443 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1444 } else {
1445 /*
1446 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1447 * Update that cb_arg with the new cert's staple
1448 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001449 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001450 struct certificate_ocsp *tmp_ocsp;
1451 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001452 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001453 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001454
1455#ifdef SSL_CTX_get_tlsext_status_arg
1456 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1457#else
1458 cb_arg = ctx->tlsext_status_arg;
1459#endif
yanbzhube2774d2015-12-10 15:07:30 -05001460
1461 /*
1462 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1463 * the order of operations below matter, take care when changing it
1464 */
1465 tmp_ocsp = cb_arg->s_ocsp;
1466 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1467 cb_arg->s_ocsp = NULL;
1468 cb_arg->m_ocsp[index] = tmp_ocsp;
1469 cb_arg->is_single = 0;
1470 cb_arg->single_kt = 0;
1471
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001472 pkey = X509_get_pubkey(x);
1473 key_type = EVP_PKEY_base_id(pkey);
1474 EVP_PKEY_free(pkey);
1475
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001476 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001477 if (index >= 0 && !cb_arg->m_ocsp[index])
1478 cb_arg->m_ocsp[index] = iocsp;
1479
1480 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001481
1482 ret = 0;
1483
1484 warn = NULL;
William Lallemand246c0242019-10-11 08:59:13 +02001485 if (ssl_sock_load_ocsp_response(ckch->ocsp_response, ocsp, cid, &warn)) {
William Lallemand3b5f3602019-10-16 18:05:05 +02001486 memprintf(&warn, "Loading: %s. Content will be ignored", warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001487 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001488 }
1489
1490out:
Emeric Brun4147b2e2014-06-16 18:36:30 +02001491 if (cid)
1492 OCSP_CERTID_free(cid);
1493
1494 if (ocsp)
1495 free(ocsp);
1496
1497 if (warn)
1498 free(warn);
1499
Emeric Brun4147b2e2014-06-16 18:36:30 +02001500 return ret;
1501}
William Lallemand4a660132019-10-14 14:51:41 +02001502#else /* OPENSSL_IS_BORINGSSL */
1503static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckch)
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001504{
William Lallemand4a660132019-10-14 14:51:41 +02001505 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *)ckch->ocsp_response->area, ckch->ocsp_response->data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001506}
1507#endif
1508
William Lallemand4a660132019-10-14 14:51:41 +02001509#endif
1510
1511
Willy Tarreau5db847a2019-05-09 14:13:35 +02001512#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001513
1514#define CT_EXTENSION_TYPE 18
1515
1516static int sctl_ex_index = -1;
1517
1518/*
1519 * Try to parse Signed Certificate Timestamp List structure. This function
1520 * makes only basic test if the data seems like SCTL. No signature validation
1521 * is performed.
1522 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001523static int ssl_sock_parse_sctl(struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001524{
1525 int ret = 1;
1526 int len, pos, sct_len;
1527 unsigned char *data;
1528
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001529 if (sctl->data < 2)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001530 goto out;
1531
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001532 data = (unsigned char *) sctl->area;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001533 len = (data[0] << 8) | data[1];
1534
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001535 if (len + 2 != sctl->data)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001536 goto out;
1537
1538 data = data + 2;
1539 pos = 0;
1540 while (pos < len) {
1541 if (len - pos < 2)
1542 goto out;
1543
1544 sct_len = (data[pos] << 8) | data[pos + 1];
1545 if (pos + sct_len + 2 > len)
1546 goto out;
1547
1548 pos += sct_len + 2;
1549 }
1550
1551 ret = 0;
1552
1553out:
1554 return ret;
1555}
1556
William Lallemand0dfae6c2019-10-16 18:06:58 +02001557/* Try to load a sctl from a buffer <buf> if not NULL, or read the file <sctl_path>
1558 * It fills the ckch->sctl buffer
1559 * return 0 on success or != 0 on failure */
1560static int ssl_sock_load_sctl_from_file(const char *sctl_path, char *buf, struct cert_key_and_chain *ckch, char **err)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001561{
1562 int fd = -1;
1563 int r = 0;
1564 int ret = 1;
William Lallemand0dfae6c2019-10-16 18:06:58 +02001565 struct buffer tmp;
1566 struct buffer *src;
1567 struct buffer *sctl;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001568
William Lallemand0dfae6c2019-10-16 18:06:58 +02001569 if (buf) {
1570 tmp.area = buf;
1571 tmp.data = strlen(buf);
1572 tmp.size = tmp.data + 1;
1573 src = &tmp;
1574 } else {
1575 fd = open(sctl_path, O_RDONLY);
1576 if (fd == -1)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001577 goto end;
William Lallemand0dfae6c2019-10-16 18:06:58 +02001578
1579 trash.data = 0;
1580 while (trash.data < trash.size) {
1581 r = read(fd, trash.area + trash.data, trash.size - trash.data);
1582 if (r < 0) {
1583 if (errno == EINTR)
1584 continue;
1585 goto end;
1586 }
1587 else if (r == 0) {
1588 break;
1589 }
1590 trash.data += r;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001591 }
William Lallemand0dfae6c2019-10-16 18:06:58 +02001592 src = &trash;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001593 }
1594
William Lallemand0dfae6c2019-10-16 18:06:58 +02001595 ret = ssl_sock_parse_sctl(src);
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001596 if (ret)
1597 goto end;
1598
William Lallemand0dfae6c2019-10-16 18:06:58 +02001599 sctl = calloc(1, sizeof(*sctl));
1600 if (!chunk_dup(sctl, src)) {
1601 free(sctl);
1602 sctl = NULL;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001603 goto end;
1604 }
William Lallemand0dfae6c2019-10-16 18:06:58 +02001605 ret = 0;
1606 /* TODO: free the previous SCTL in the ckch */
1607 ckch->sctl = sctl;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001608
1609end:
1610 if (fd != -1)
1611 close(fd);
1612
1613 return ret;
1614}
1615
1616int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1617{
Willy Tarreau83061a82018-07-13 11:56:34 +02001618 struct buffer *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001619
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001620 *out = (unsigned char *) sctl->area;
1621 *outlen = sctl->data;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001622
1623 return 1;
1624}
1625
1626int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1627{
1628 return 1;
1629}
1630
William Lallemanda17f4112019-10-10 15:16:44 +02001631static int ssl_sock_load_sctl(SSL_CTX *ctx, struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001632{
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001633 int ret = -1;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001634
William Lallemanda17f4112019-10-10 15:16:44 +02001635 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL))
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001636 goto out;
1637
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001638 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1639
1640 ret = 0;
1641
1642out:
1643 return ret;
1644}
1645
1646#endif
1647
Emeric Brune1f38db2012-09-03 20:36:47 +02001648void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1649{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001650 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001651 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001652 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001653 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001654
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001655#ifndef SSL_OP_NO_RENEGOTIATION
1656 /* Please note that BoringSSL defines this macro to zero so don't
1657 * change this to #if and do not assign a default value to this macro!
1658 */
Emeric Brune1f38db2012-09-03 20:36:47 +02001659 if (where & SSL_CB_HANDSHAKE_START) {
1660 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001661 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001662 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001663 conn->err_code = CO_ER_SSL_RENEG;
1664 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001665 }
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001666#endif
Emeric Brund8b2bb52014-01-28 15:43:53 +01001667
1668 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001669 if (!(ctx->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
Emeric Brund8b2bb52014-01-28 15:43:53 +01001670 /* Long certificate chains optimz
1671 If write and read bios are differents, we
1672 consider that the buffering was activated,
1673 so we rise the output buffer size from 4k
1674 to 16k */
1675 write_bio = SSL_get_wbio(ssl);
1676 if (write_bio != SSL_get_rbio(ssl)) {
1677 BIO_set_write_buffer_size(write_bio, 16384);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001678 ctx->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001679 }
1680 }
1681 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001682}
1683
Emeric Brune64aef12012-09-21 13:15:06 +02001684/* Callback is called for each certificate of the chain during a verify
1685 ok is set to 1 if preverify detect no error on current certificate.
1686 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001687int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001688{
1689 SSL *ssl;
1690 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001691 struct ssl_sock_ctx *ctx;
Emeric Brun81c00f02012-09-21 14:31:21 +02001692 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001693
1694 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001695 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001696
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001697 ctx = conn->xprt_ctx;
1698
1699 ctx->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001700
Emeric Brun81c00f02012-09-21 14:31:21 +02001701 if (ok) /* no errors */
1702 return ok;
1703
1704 depth = X509_STORE_CTX_get_error_depth(x_store);
1705 err = X509_STORE_CTX_get_error(x_store);
1706
1707 /* check if CA error needs to be ignored */
1708 if (depth > 0) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001709 if (!SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st)) {
1710 ctx->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1711 ctx->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001712 }
1713
Willy Tarreau07d94e42018-09-20 10:57:52 +02001714 if (__objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001715 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001716 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001717 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001718 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001719
Willy Tarreau20879a02012-12-03 16:32:10 +01001720 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001721 return 0;
1722 }
1723
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001724 if (!SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st))
1725 ctx->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001726
Emeric Brun81c00f02012-09-21 14:31:21 +02001727 /* check if certificate error needs to be ignored */
Willy Tarreau07d94e42018-09-20 10:57:52 +02001728 if (__objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001729 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001730 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001731 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001732 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001733
Willy Tarreau20879a02012-12-03 16:32:10 +01001734 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001735 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001736}
1737
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001738static inline
1739void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001740 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001741{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001742 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001743 unsigned char *msg;
1744 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001745 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001746
1747 /* This function is called for "from client" and "to server"
1748 * connections. The combination of write_p == 0 and content_type == 22
Joseph Herlant017b3da2018-11-15 09:07:59 -08001749 * is only available during "from client" connection.
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001750 */
1751
1752 /* "write_p" is set to 0 is the bytes are received messages,
1753 * otherwise it is set to 1.
1754 */
1755 if (write_p != 0)
1756 return;
1757
1758 /* content_type contains the type of message received or sent
1759 * according with the SSL/TLS protocol spec. This message is
1760 * encoded with one byte. The value 256 (two bytes) is used
1761 * for designing the SSL/TLS record layer. According with the
1762 * rfc6101, the expected message (other than 256) are:
1763 * - change_cipher_spec(20)
1764 * - alert(21)
1765 * - handshake(22)
1766 * - application_data(23)
1767 * - (255)
1768 * We are interessed by the handshake and specially the client
1769 * hello.
1770 */
1771 if (content_type != 22)
1772 return;
1773
1774 /* The message length is at least 4 bytes, containing the
1775 * message type and the message length.
1776 */
1777 if (len < 4)
1778 return;
1779
1780 /* First byte of the handshake message id the type of
1781 * message. The konwn types are:
1782 * - hello_request(0)
1783 * - client_hello(1)
1784 * - server_hello(2)
1785 * - certificate(11)
1786 * - server_key_exchange (12)
1787 * - certificate_request(13)
1788 * - server_hello_done(14)
1789 * We are interested by the client hello.
1790 */
1791 msg = (unsigned char *)buf;
1792 if (msg[0] != 1)
1793 return;
1794
1795 /* Next three bytes are the length of the message. The total length
1796 * must be this decoded length + 4. If the length given as argument
1797 * is not the same, we abort the protocol dissector.
1798 */
1799 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1800 if (len < rec_len + 4)
1801 return;
1802 msg += 4;
1803 end = msg + rec_len;
1804 if (end < msg)
1805 return;
1806
1807 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1808 * for minor, the random, composed by 4 bytes for the unix time and
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001809 * 28 bytes for unix payload. So we jump 1 + 1 + 4 + 28.
1810 */
1811 msg += 1 + 1 + 4 + 28;
1812 if (msg > end)
1813 return;
1814
1815 /* Next, is session id:
1816 * if present, we have to jump by length + 1 for the size information
1817 * if not present, we have to jump by 1 only
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001818 */
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001819 if (msg[0] > 0)
1820 msg += msg[0];
1821 msg += 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001822 if (msg > end)
1823 return;
1824
1825 /* Next two bytes are the ciphersuite length. */
1826 if (msg + 2 > end)
1827 return;
1828 rec_len = (msg[0] << 8) + msg[1];
1829 msg += 2;
1830 if (msg + rec_len > end || msg + rec_len < msg)
1831 return;
1832
Willy Tarreaubafbe012017-11-24 17:34:44 +01001833 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001834 if (!capture)
1835 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001836 /* Compute the xxh64 of the ciphersuite. */
1837 capture->xxh64 = XXH64(msg, rec_len, 0);
1838
1839 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001840 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1841 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001842 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001843
1844 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001845}
1846
Emeric Brun29f037d2014-04-25 19:05:36 +02001847/* Callback is called for ssl protocol analyse */
1848void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1849{
Emeric Brun29f037d2014-04-25 19:05:36 +02001850#ifdef TLS1_RT_HEARTBEAT
1851 /* test heartbeat received (write_p is set to 0
1852 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001853 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001854 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
William Lallemand7e1770b2019-05-13 14:31:34 +02001855 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001856 const unsigned char *p = buf;
1857 unsigned int payload;
1858
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001859 ctx->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001860
1861 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1862 if (*p != TLS1_HB_REQUEST)
1863 return;
1864
Willy Tarreauaeed6722014-04-25 23:59:58 +02001865 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001866 goto kill_it;
1867
1868 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001869 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001870 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001871 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001872 /* We have a clear heartbleed attack (CVE-2014-0160), the
1873 * advertised payload is larger than the advertised packet
1874 * length, so we have garbage in the buffer between the
1875 * payload and the end of the buffer (p+len). We can't know
1876 * if the SSL stack is patched, and we don't know if we can
1877 * safely wipe out the area between p+3+len and payload.
1878 * So instead, we prevent the response from being sent by
1879 * setting the max_send_fragment to 0 and we report an SSL
1880 * error, which will kill this connection. It will be reported
1881 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001882 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1883 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001884 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001885 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1886 return;
1887 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001888#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001889 if (global_ssl.capture_cipherlist > 0)
1890 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001891}
1892
Bernard Spil13c53f82018-02-15 13:34:58 +01001893#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchardc7566002018-11-20 23:33:50 +01001894static int ssl_sock_srv_select_protos(SSL *s, unsigned char **out, unsigned char *outlen,
1895 const unsigned char *in, unsigned int inlen,
1896 void *arg)
1897{
1898 struct server *srv = arg;
1899
1900 if (SSL_select_next_proto(out, outlen, in, inlen, (unsigned char *)srv->ssl_ctx.npn_str,
1901 srv->ssl_ctx.npn_len) == OPENSSL_NPN_NEGOTIATED)
1902 return SSL_TLSEXT_ERR_OK;
1903 return SSL_TLSEXT_ERR_NOACK;
1904}
1905#endif
1906
1907#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001908/* This callback is used so that the server advertises the list of
1909 * negociable protocols for NPN.
1910 */
1911static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1912 unsigned int *len, void *arg)
1913{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001914 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001915
1916 *data = (const unsigned char *)conf->npn_str;
1917 *len = conf->npn_len;
1918 return SSL_TLSEXT_ERR_OK;
1919}
1920#endif
1921
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001922#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001923/* This callback is used so that the server advertises the list of
1924 * negociable protocols for ALPN.
1925 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001926static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1927 unsigned char *outlen,
1928 const unsigned char *server,
1929 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001930{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001931 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001932
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001933 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1934 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1935 return SSL_TLSEXT_ERR_NOACK;
1936 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001937 return SSL_TLSEXT_ERR_OK;
1938}
1939#endif
1940
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001941#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001942#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001943
Christopher Faulet30548802015-06-11 13:39:32 +02001944/* Create a X509 certificate with the specified servername and serial. This
1945 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001946static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001947ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001948{
Christopher Faulet7969a332015-10-09 11:15:03 +02001949 X509 *cacert = bind_conf->ca_sign_cert;
1950 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001951 SSL_CTX *ssl_ctx = NULL;
1952 X509 *newcrt = NULL;
1953 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001954 SSL *tmp_ssl = NULL;
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001955 CONF *ctmp = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001956 X509_NAME *name;
1957 const EVP_MD *digest;
1958 X509V3_CTX ctx;
1959 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001960 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001961
Christopher Faulet48a83322017-07-28 16:56:09 +02001962 /* Get the private key of the default certificate and use it */
Willy Tarreau5db847a2019-05-09 14:13:35 +02001963#if (HA_OPENSSL_VERSION_NUMBER >= 0x10002000L)
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001964 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1965#else
1966 tmp_ssl = SSL_new(bind_conf->default_ctx);
1967 if (tmp_ssl)
1968 pkey = SSL_get_privatekey(tmp_ssl);
1969#endif
1970 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001971 goto mkcert_error;
1972
1973 /* Create the certificate */
1974 if (!(newcrt = X509_new()))
1975 goto mkcert_error;
1976
1977 /* Set version number for the certificate (X509v3) and the serial
1978 * number */
1979 if (X509_set_version(newcrt, 2L) != 1)
1980 goto mkcert_error;
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01001981 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), _HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001982
1983 /* Set duration for the certificate */
Rosen Penev68185952018-12-14 08:47:02 -08001984 if (!X509_gmtime_adj(X509_getm_notBefore(newcrt), (long)-60*60*24) ||
1985 !X509_gmtime_adj(X509_getm_notAfter(newcrt),(long)60*60*24*365))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001986 goto mkcert_error;
1987
1988 /* set public key in the certificate */
1989 if (X509_set_pubkey(newcrt, pkey) != 1)
1990 goto mkcert_error;
1991
1992 /* Set issuer name from the CA */
1993 if (!(name = X509_get_subject_name(cacert)))
1994 goto mkcert_error;
1995 if (X509_set_issuer_name(newcrt, name) != 1)
1996 goto mkcert_error;
1997
1998 /* Set the subject name using the same, but the CN */
1999 name = X509_NAME_dup(name);
2000 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
2001 (const unsigned char *)servername,
2002 -1, -1, 0) != 1) {
2003 X509_NAME_free(name);
2004 goto mkcert_error;
2005 }
2006 if (X509_set_subject_name(newcrt, name) != 1) {
2007 X509_NAME_free(name);
2008 goto mkcert_error;
2009 }
2010 X509_NAME_free(name);
2011
2012 /* Add x509v3 extensions as specified */
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02002013 ctmp = NCONF_new(NULL);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002014 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
2015 for (i = 0; i < X509V3_EXT_SIZE; i++) {
2016 X509_EXTENSION *ext;
2017
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02002018 if (!(ext = X509V3_EXT_nconf(ctmp, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
Christopher Faulet31af49d2015-06-09 17:29:50 +02002019 goto mkcert_error;
2020 if (!X509_add_ext(newcrt, ext, -1)) {
2021 X509_EXTENSION_free(ext);
2022 goto mkcert_error;
2023 }
2024 X509_EXTENSION_free(ext);
2025 }
2026
2027 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002028
2029 key_type = EVP_PKEY_base_id(capkey);
2030
2031 if (key_type == EVP_PKEY_DSA)
2032 digest = EVP_sha1();
2033 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02002034 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002035 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02002036 digest = EVP_sha256();
2037 else {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02002038#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000000fL) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet7969a332015-10-09 11:15:03 +02002039 int nid;
2040
2041 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
2042 goto mkcert_error;
2043 if (!(digest = EVP_get_digestbynid(nid)))
2044 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02002045#else
2046 goto mkcert_error;
2047#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02002048 }
2049
Christopher Faulet31af49d2015-06-09 17:29:50 +02002050 if (!(X509_sign(newcrt, capkey, digest)))
2051 goto mkcert_error;
2052
2053 /* Create and set the new SSL_CTX */
2054 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
2055 goto mkcert_error;
2056 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
2057 goto mkcert_error;
2058 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
2059 goto mkcert_error;
2060 if (!SSL_CTX_check_private_key(ssl_ctx))
2061 goto mkcert_error;
2062
2063 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02002064
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01002065#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02002066 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01002067#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02002068#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
2069 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002070 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02002071 EC_KEY *ecc;
2072 int nid;
2073
2074 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
2075 goto end;
2076 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
2077 goto end;
2078 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
2079 EC_KEY_free(ecc);
2080 }
2081#endif
2082 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02002083 return ssl_ctx;
2084
2085 mkcert_error:
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02002086 if (ctmp) NCONF_free(ctmp);
Emmanuel Hocdet15969292017-08-11 10:56:00 +02002087 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002088 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
2089 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002090 return NULL;
2091}
2092
Christopher Faulet7969a332015-10-09 11:15:03 +02002093SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002094ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02002095{
Willy Tarreau07d94e42018-09-20 10:57:52 +02002096 struct bind_conf *bind_conf = __objt_listener(conn->target)->bind_conf;
Olivier Houchard66ab4982019-02-26 18:37:15 +01002097 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002098
Olivier Houchard66ab4982019-02-26 18:37:15 +01002099 return ssl_sock_do_create_cert(servername, bind_conf, ctx->ssl);
Christopher Faulet7969a332015-10-09 11:15:03 +02002100}
2101
Christopher Faulet30548802015-06-11 13:39:32 +02002102/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02002103 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02002104SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02002105ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02002106{
2107 struct lru64 *lru = NULL;
2108
2109 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002110 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002111 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02002112 if (lru && lru->domain) {
2113 if (ssl)
2114 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002115 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002116 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002117 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002118 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002119 }
2120 return NULL;
2121}
2122
Emeric Brun821bb9b2017-06-15 16:37:39 +02002123/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
2124 * function is not thread-safe, it should only be used to check if a certificate
2125 * exists in the lru cache (with no warranty it will not be removed by another
2126 * thread). It is kept for backward compatibility. */
2127SSL_CTX *
2128ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
2129{
2130 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
2131}
2132
Christopher Fauletd2cab922015-07-28 16:03:47 +02002133/* Set a certificate int the LRU cache used to store generated
2134 * certificate. Return 0 on success, otherwise -1 */
2135int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002136ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02002137{
2138 struct lru64 *lru = NULL;
2139
2140 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002141 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002142 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02002143 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002144 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002145 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002146 }
Christopher Faulet30548802015-06-11 13:39:32 +02002147 if (lru->domain && lru->data)
2148 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02002149 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002150 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002151 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02002152 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02002153 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02002154}
2155
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002156/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02002157unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002158ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02002159{
2160 return XXH32(data, len, ssl_ctx_lru_seed);
2161}
2162
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002163/* Generate a cert and immediately assign it to the SSL session so that the cert's
2164 * refcount is maintained regardless of the cert's presence in the LRU cache.
2165 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002166static int
Christopher Faulet7969a332015-10-09 11:15:03 +02002167ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02002168{
2169 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002170 SSL_CTX *ssl_ctx = NULL;
2171 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002172 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002173
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002174 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02002175 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002176 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002177 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002178 if (lru && lru->domain)
2179 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02002180 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002181 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002182 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002183 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002184 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002185 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002186 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002187 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002188 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002189 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002190 SSL_set_SSL_CTX(ssl, ssl_ctx);
2191 /* No LRU cache, this CTX will be released as soon as the session dies */
2192 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002193 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002194 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002195 return 0;
2196}
2197static int
2198ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
2199{
2200 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002201 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002202
Willy Tarreauf5bdb642019-07-17 11:29:32 +02002203 if (conn_get_dst(conn)) {
Willy Tarreau085a1512019-07-17 14:47:35 +02002204 key = ssl_sock_generated_cert_key(conn->dst, get_addr_len(conn->dst));
Emeric Brun821bb9b2017-06-15 16:37:39 +02002205 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002206 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002207 }
2208 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002209}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002210#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002211
Willy Tarreau9a1ab082019-05-09 13:26:41 +02002212#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002213typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
2214
2215static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002216{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002217#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002218 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002219 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
2220#endif
2221}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002222static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2223 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002224 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
2225}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002226static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002227#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002228 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002229 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
2230#endif
2231}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002232static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002233#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002234 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002235 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
2236#endif
2237}
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002238/* TLSv1.2 is the last supported version in this context. */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002239static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
2240/* Unusable in this context. */
2241static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
2242static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
2243static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
2244static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
2245static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002246#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002247typedef enum { SET_MIN, SET_MAX } set_context_func;
2248
2249static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2250 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002251 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2252}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002253static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2254 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2255 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2256}
2257static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2258 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002259 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2260}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002261static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2262 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2263 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2264}
2265static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2266 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002267 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2268}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002269static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2270 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2271 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2272}
2273static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2274 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002275 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2276}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002277static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2278 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2279 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2280}
2281static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002282#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002283 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002284 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2285#endif
2286}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002287static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2288#if SSL_OP_NO_TLSv1_3
2289 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2290 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002291#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002292}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002293#endif
2294static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2295static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002296
2297static struct {
2298 int option;
2299 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002300 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2301 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002302 const char *name;
2303} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002304 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2305 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2306 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2307 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2308 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2309 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002310};
2311
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002312static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2313{
2314 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2315 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2316 SSL_set_SSL_CTX(ssl, ctx);
2317}
2318
Willy Tarreau5db847a2019-05-09 14:13:35 +02002319#if ((HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL))
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002320
2321static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2322{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002323 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002324 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002325
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002326 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2327 return SSL_TLSEXT_ERR_OK;
2328 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002329}
2330
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002331#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002332static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2333{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002334 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002335#else
2336static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2337{
2338#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002339 struct connection *conn;
2340 struct bind_conf *s;
2341 const uint8_t *extension_data;
2342 size_t extension_len;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002343 int has_rsa_sig = 0, has_ecdsa_sig = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002344
2345 char *wildp = NULL;
2346 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002347 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002348 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002349 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002350 int i;
2351
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002352 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreaua8825522018-10-15 13:20:07 +02002353 s = __objt_listener(conn->target)->bind_conf;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002354
Olivier Houchard9679ac92017-10-27 14:58:08 +02002355 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002356 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002357#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002358 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2359 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002360#else
2361 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2362#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002363 /*
2364 * The server_name extension was given too much extensibility when it
2365 * was written, so parsing the normal case is a bit complex.
2366 */
2367 size_t len;
2368 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002369 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002370 /* Extract the length of the supplied list of names. */
2371 len = (*extension_data++) << 8;
2372 len |= *extension_data++;
2373 if (len + 2 != extension_len)
2374 goto abort;
2375 /*
2376 * The list in practice only has a single element, so we only consider
2377 * the first one.
2378 */
2379 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2380 goto abort;
2381 extension_len = len - 1;
2382 /* Now we can finally pull out the byte array with the actual hostname. */
2383 if (extension_len <= 2)
2384 goto abort;
2385 len = (*extension_data++) << 8;
2386 len |= *extension_data++;
2387 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2388 || memchr(extension_data, 0, len) != NULL)
2389 goto abort;
2390 servername = extension_data;
2391 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002392 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002393#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2394 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002395 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002396 }
2397#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002398 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002399 if (!s->strict_sni) {
William Lallemand21724f02019-11-04 17:56:13 +01002400 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002401 ssl_sock_switchctx_set(ssl, s->default_ctx);
William Lallemand21724f02019-11-04 17:56:13 +01002402 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002403 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002404 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002405 goto abort;
2406 }
2407
2408 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002409#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002410 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002411#else
2412 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2413#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002414 uint8_t sign;
2415 size_t len;
2416 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002417 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002418 len = (*extension_data++) << 8;
2419 len |= *extension_data++;
2420 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002421 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002422 if (len % 2 != 0)
2423 goto abort;
2424 for (; len > 0; len -= 2) {
2425 extension_data++; /* hash */
2426 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002427 switch (sign) {
2428 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002429 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002430 break;
2431 case TLSEXT_signature_ecdsa:
2432 has_ecdsa_sig = 1;
2433 break;
2434 default:
2435 continue;
2436 }
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002437 if (has_ecdsa_sig && has_rsa_sig)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002438 break;
2439 }
2440 } else {
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002441 /* without TLSEXT_TYPE_signature_algorithms extension (< TLSv1.2) */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002442 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002443 }
2444 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002445 const SSL_CIPHER *cipher;
2446 size_t len;
2447 const uint8_t *cipher_suites;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002448 has_ecdsa_sig = 0;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002449#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002450 len = ctx->cipher_suites_len;
2451 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002452#else
2453 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2454#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002455 if (len % 2 != 0)
2456 goto abort;
2457 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002458#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002459 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002460 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002461#else
2462 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2463#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002464 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002465 has_ecdsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002466 break;
2467 }
2468 }
2469 }
2470
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002471 for (i = 0; i < trash.size && i < servername_len; i++) {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002472 trash.area[i] = tolower(servername[i]);
2473 if (!wildp && (trash.area[i] == '.'))
2474 wildp = &trash.area[i];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002475 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002476 trash.area[i] = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002477
William Lallemand150bfa82019-09-19 17:12:49 +02002478 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002479
Emmanuel Hocdet3777e3a2019-11-06 16:05:34 +01002480 for (i = 0; i < 2; i++) {
2481 if (i == 0) /* lookup in full qualified names */
2482 node = ebst_lookup(&s->sni_ctx, trash.area);
2483 else if (i == 1 && wildp) /* lookup in wildcards names */
2484 node = ebst_lookup(&s->sni_w_ctx, wildp);
2485 else
2486 break;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002487 for (n = node; n; n = ebmb_next_dup(n)) {
Emmanuel Hocdet3777e3a2019-11-06 16:05:34 +01002488 /* lookup a not neg filter */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002489 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002490 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002491 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002492 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002493 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002494 break;
2495 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002496 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002497 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002498 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002499 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002500 if (!node_anonymous)
2501 node_anonymous = n;
2502 break;
2503 }
2504 }
2505 }
Emmanuel Hocdet3777e3a2019-11-06 16:05:34 +01002506 /* select by key_signature priority order */
2507 node = (has_ecdsa_sig && node_ecdsa) ? node_ecdsa
2508 : ((has_rsa_sig && node_rsa) ? node_rsa
2509 : (node_anonymous ? node_anonymous
2510 : (node_ecdsa ? node_ecdsa /* no ecdsa signature case (< TLSv1.2) */
2511 : node_rsa /* no rsa signature case (far far away) */
2512 )));
2513 if (node) {
2514 /* switch ctx */
2515 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
2516 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002517 if (conf) {
2518 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2519 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2520 if (conf->early_data)
2521 allow_early = 1;
2522 }
William Lallemand02010472019-10-18 11:02:19 +02002523 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002524 goto allow_early;
Emmanuel Hocdet3777e3a2019-11-06 16:05:34 +01002525 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002526 }
William Lallemand150bfa82019-09-19 17:12:49 +02002527
William Lallemand02010472019-10-18 11:02:19 +02002528 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002529#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002530 if (s->generate_certs && ssl_sock_generate_certificate(trash.area, s, ssl)) {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002531 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002532 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002533 }
2534#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002535 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002536 /* no certificate match, is the default_ctx */
William Lallemand21724f02019-11-04 17:56:13 +01002537 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002538 ssl_sock_switchctx_set(ssl, s->default_ctx);
William Lallemand21724f02019-11-04 17:56:13 +01002539 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002540 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002541allow_early:
2542#ifdef OPENSSL_IS_BORINGSSL
2543 if (allow_early)
2544 SSL_set_early_data_enabled(ssl, 1);
2545#else
2546 if (!allow_early)
2547 SSL_set_max_early_data(ssl, 0);
2548#endif
2549 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002550 abort:
2551 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2552 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002553#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002554 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002555#else
2556 *al = SSL_AD_UNRECOGNIZED_NAME;
2557 return 0;
2558#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002559}
2560
2561#else /* OPENSSL_IS_BORINGSSL */
2562
Emeric Brunfc0421f2012-09-07 17:30:07 +02002563/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2564 * warning when no match is found, which implies the default (first) cert
2565 * will keep being used.
2566 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002567static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002568{
2569 const char *servername;
2570 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002571 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002572 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002573 int i;
2574 (void)al; /* shut gcc stupid warning */
2575
2576 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002577 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002578#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002579 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2580 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002581#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002582 if (s->strict_sni)
2583 return SSL_TLSEXT_ERR_ALERT_FATAL;
William Lallemand21724f02019-11-04 17:56:13 +01002584 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002585 ssl_sock_switchctx_set(ssl, s->default_ctx);
William Lallemand21724f02019-11-04 17:56:13 +01002586 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002587 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002588 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002589
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002590 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002591 if (!servername[i])
2592 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002593 trash.area[i] = tolower(servername[i]);
2594 if (!wildp && (trash.area[i] == '.'))
2595 wildp = &trash.area[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002596 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002597 trash.area[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002598
William Lallemand150bfa82019-09-19 17:12:49 +02002599 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetc5fdf0f2019-11-04 15:49:46 +01002600 node = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002601 /* lookup in full qualified names */
Emmanuel Hocdetc5fdf0f2019-11-04 15:49:46 +01002602 for (n = ebst_lookup(&s->sni_ctx, trash.area); n; n = ebmb_next_dup(n)) {
2603 /* lookup a not neg filter */
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002604 if (!container_of(n, struct sni_ctx, name)->neg) {
2605 node = n;
2606 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002607 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002608 }
2609 if (!node && wildp) {
2610 /* lookup in wildcards names */
Emmanuel Hocdetc5fdf0f2019-11-04 15:49:46 +01002611 for (n = ebst_lookup(&s->sni_w_ctx, wildp); n; n = ebmb_next_dup(n)) {
2612 /* lookup a not neg filter */
2613 if (!container_of(n, struct sni_ctx, name)->neg) {
2614 node = n;
2615 break;
2616 }
2617 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002618 }
Emmanuel Hocdetc5fdf0f2019-11-04 15:49:46 +01002619 if (!node) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002620#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002621 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2622 /* switch ctx done in ssl_sock_generate_certificate */
William Lallemand150bfa82019-09-19 17:12:49 +02002623 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002624 return SSL_TLSEXT_ERR_OK;
2625 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002626#endif
William Lallemand21724f02019-11-04 17:56:13 +01002627 if (s->strict_sni) {
2628 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002629 return SSL_TLSEXT_ERR_ALERT_FATAL;
William Lallemand21724f02019-11-04 17:56:13 +01002630 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002631 ssl_sock_switchctx_set(ssl, s->default_ctx);
William Lallemand21724f02019-11-04 17:56:13 +01002632 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002633 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002634 }
2635
2636 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002637 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
William Lallemand150bfa82019-09-19 17:12:49 +02002638 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002639 return SSL_TLSEXT_ERR_OK;
2640}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002641#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002642#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2643
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002644#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002645
2646static DH * ssl_get_dh_1024(void)
2647{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002648 static unsigned char dh1024_p[]={
2649 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2650 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2651 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2652 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2653 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2654 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2655 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2656 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2657 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2658 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2659 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2660 };
2661 static unsigned char dh1024_g[]={
2662 0x02,
2663 };
2664
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002665 BIGNUM *p;
2666 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002667 DH *dh = DH_new();
2668 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002669 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2670 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002671
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002672 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002673 DH_free(dh);
2674 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002675 } else {
2676 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002677 }
2678 }
2679 return dh;
2680}
2681
2682static DH *ssl_get_dh_2048(void)
2683{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002684 static unsigned char dh2048_p[]={
2685 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2686 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2687 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2688 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2689 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2690 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2691 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2692 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2693 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2694 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2695 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2696 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2697 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2698 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2699 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2700 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2701 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2702 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2703 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2704 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2705 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2706 0xB7,0x1F,0x77,0xF3,
2707 };
2708 static unsigned char dh2048_g[]={
2709 0x02,
2710 };
2711
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002712 BIGNUM *p;
2713 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002714 DH *dh = DH_new();
2715 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002716 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2717 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002718
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002719 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002720 DH_free(dh);
2721 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002722 } else {
2723 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002724 }
2725 }
2726 return dh;
2727}
2728
2729static DH *ssl_get_dh_4096(void)
2730{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002731 static unsigned char dh4096_p[]={
2732 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2733 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2734 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2735 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2736 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2737 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2738 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2739 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2740 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2741 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2742 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2743 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2744 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2745 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2746 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2747 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2748 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2749 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2750 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2751 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2752 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2753 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2754 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2755 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2756 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2757 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2758 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2759 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2760 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2761 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2762 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2763 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2764 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2765 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2766 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2767 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2768 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2769 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2770 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2771 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2772 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2773 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2774 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002775 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002776 static unsigned char dh4096_g[]={
2777 0x02,
2778 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002779
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002780 BIGNUM *p;
2781 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002782 DH *dh = DH_new();
2783 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002784 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2785 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002786
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002787 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002788 DH_free(dh);
2789 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002790 } else {
2791 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002792 }
2793 }
2794 return dh;
2795}
2796
2797/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002798 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002799static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2800{
2801 DH *dh = NULL;
2802 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002803 int type;
2804
2805 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002806
2807 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2808 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2809 */
2810 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2811 keylen = EVP_PKEY_bits(pkey);
2812 }
2813
Willy Tarreauef934602016-12-22 23:12:01 +01002814 if (keylen > global_ssl.default_dh_param) {
2815 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002816 }
2817
Remi Gacogned3a341a2015-05-29 16:26:17 +02002818 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002819 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002820 }
2821 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002822 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002823 }
2824 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002825 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002826 }
2827
2828 return dh;
2829}
2830
Remi Gacogne47783ef2015-05-29 15:53:22 +02002831static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002832{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002833 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002834 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002835
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002836 if (in == NULL)
2837 goto end;
2838
Remi Gacogne47783ef2015-05-29 15:53:22 +02002839 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002840 goto end;
2841
Remi Gacogne47783ef2015-05-29 15:53:22 +02002842 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2843
2844end:
2845 if (in)
2846 BIO_free(in);
2847
Emeric Brune1b4ed42018-08-16 15:14:12 +02002848 ERR_clear_error();
2849
Remi Gacogne47783ef2015-05-29 15:53:22 +02002850 return dh;
2851}
2852
2853int ssl_sock_load_global_dh_param_from_file(const char *filename)
2854{
2855 global_dh = ssl_sock_get_dh_from_file(filename);
2856
2857 if (global_dh) {
2858 return 0;
2859 }
2860
2861 return -1;
2862}
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002863#endif
2864
William Lallemand9117de92019-10-04 00:29:42 +02002865/* Alloc and init a ckch_inst */
2866static struct ckch_inst *ckch_inst_new()
2867{
2868 struct ckch_inst *ckch_inst;
2869
2870 ckch_inst = calloc(1, sizeof *ckch_inst);
2871 if (ckch_inst)
2872 LIST_INIT(&ckch_inst->sni_ctx);
2873
2874 return ckch_inst;
2875}
2876
2877
2878/* This function allocates a sni_ctx and adds it to the ckch_inst */
William Lallemand1d29c742019-10-04 00:53:29 +02002879static int ckch_inst_add_cert_sni(SSL_CTX *ctx, struct ckch_inst *ckch_inst,
William Lallemand9117de92019-10-04 00:29:42 +02002880 struct bind_conf *s, struct ssl_bind_conf *conf,
2881 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002882{
2883 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002884 int wild = 0, neg = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002885
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002886 if (*name == '!') {
2887 neg = 1;
2888 name++;
2889 }
2890 if (*name == '*') {
2891 wild = 1;
2892 name++;
2893 }
2894 /* !* filter is a nop */
2895 if (neg && wild)
2896 return order;
2897 if (*name) {
2898 int j, len;
2899 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002900 for (j = 0; j < len && j < trash.size; j++)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002901 trash.area[j] = tolower(name[j]);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002902 if (j >= trash.size)
William Lallemandfe49bb32019-10-03 23:46:33 +02002903 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002904 trash.area[j] = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002905
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002906 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002907 if (!sc)
William Lallemandfe49bb32019-10-03 23:46:33 +02002908 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002909 memcpy(sc->name.key, trash.area, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002910 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002911 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002912 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002913 sc->order = order++;
2914 sc->neg = neg;
William Lallemand1d29c742019-10-04 00:53:29 +02002915 sc->wild = wild;
2916 sc->name.node.leaf_p = NULL;
William Lallemand1d29c742019-10-04 00:53:29 +02002917 LIST_ADDQ(&ckch_inst->sni_ctx, &sc->by_ckch_inst);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002918 }
2919 return order;
2920}
2921
William Lallemand6af03992019-07-23 15:00:54 +02002922/*
William Lallemand1d29c742019-10-04 00:53:29 +02002923 * Insert the sni_ctxs that are listed in the ckch_inst, in the bind_conf's sni_ctx tree
2924 * This function can't return an error.
2925 *
2926 * *CAUTION*: The caller must lock the sni tree if called in multithreading mode
2927 */
2928static void ssl_sock_load_cert_sni(struct ckch_inst *ckch_inst, struct bind_conf *bind_conf)
2929{
2930
2931 struct sni_ctx *sc0, *sc0b, *sc1;
2932 struct ebmb_node *node;
William Lallemand21724f02019-11-04 17:56:13 +01002933 int def = 0;
William Lallemand1d29c742019-10-04 00:53:29 +02002934
2935 list_for_each_entry_safe(sc0, sc0b, &ckch_inst->sni_ctx, by_ckch_inst) {
2936
2937 /* ignore if sc0 was already inserted in a tree */
2938 if (sc0->name.node.leaf_p)
2939 continue;
2940
2941 /* Check for duplicates. */
2942 if (sc0->wild)
2943 node = ebst_lookup(&bind_conf->sni_w_ctx, (char *)sc0->name.key);
2944 else
2945 node = ebst_lookup(&bind_conf->sni_ctx, (char *)sc0->name.key);
2946
2947 for (; node; node = ebmb_next_dup(node)) {
2948 sc1 = ebmb_entry(node, struct sni_ctx, name);
2949 if (sc1->ctx == sc0->ctx && sc1->conf == sc0->conf
2950 && sc1->neg == sc0->neg && sc1->wild == sc0->wild) {
2951 /* it's a duplicate, we should remove and free it */
2952 LIST_DEL(&sc0->by_ckch_inst);
2953 free(sc0);
2954 sc0 = NULL;
William Lallemande15029b2019-10-14 10:46:58 +02002955 break;
William Lallemand1d29c742019-10-04 00:53:29 +02002956 }
2957 }
2958
2959 /* if duplicate, ignore the insertion */
2960 if (!sc0)
2961 continue;
2962
2963 if (sc0->wild)
2964 ebst_insert(&bind_conf->sni_w_ctx, &sc0->name);
2965 else
2966 ebst_insert(&bind_conf->sni_ctx, &sc0->name);
William Lallemand21724f02019-11-04 17:56:13 +01002967
2968 /* replace the default_ctx if required with the first ctx */
2969 if (ckch_inst->is_default && !def) {
2970 /* we don't need to free the default_ctx because the refcount was not incremented */
2971 bind_conf->default_ctx = sc0->ctx;
2972 def = 1;
2973 }
William Lallemand1d29c742019-10-04 00:53:29 +02002974 }
2975}
2976
2977/*
William Lallemande3af8fb2019-10-08 11:36:53 +02002978 * tree used to store the ckchs ordered by filename/bundle name
William Lallemand6af03992019-07-23 15:00:54 +02002979 */
William Lallemande3af8fb2019-10-08 11:36:53 +02002980struct eb_root ckchs_tree = EB_ROOT_UNIQUE;
William Lallemand6af03992019-07-23 15:00:54 +02002981
William Lallemandfa892222019-07-23 16:06:08 +02002982
Emeric Brun7a883362019-10-17 13:27:40 +02002983/* Loads Diffie-Hellman parameter from a ckchs to an SSL_CTX.
2984 * If there is no DH paramater availaible in the ckchs, the global
2985 * DH parameter is loaded into the SSL_CTX and if there is no
2986 * DH parameter available in ckchs nor in global, the default
2987 * DH parameters are applied on the SSL_CTX.
2988 * Returns a bitfield containing the flags:
2989 * ERR_FATAL in any fatal error case
2990 * ERR_ALERT if a reason of the error is availabine in err
2991 * ERR_WARN if a warning is available into err
2992 * The value 0 means there is no error nor warning and
2993 * the operation succeed.
2994 */
William Lallemandfa892222019-07-23 16:06:08 +02002995#ifndef OPENSSL_NO_DH
Emeric Brun7a883362019-10-17 13:27:40 +02002996static int ssl_sock_load_dh_params(SSL_CTX *ctx, const struct cert_key_and_chain *ckch,
2997 const char *path, char **err)
William Lallemandfa892222019-07-23 16:06:08 +02002998{
Emeric Brun7a883362019-10-17 13:27:40 +02002999 int ret = 0;
William Lallemandfa892222019-07-23 16:06:08 +02003000 DH *dh = NULL;
3001
William Lallemanda8c73742019-07-31 18:31:34 +02003002 if (ckch && ckch->dh) {
William Lallemandfa892222019-07-23 16:06:08 +02003003 dh = ckch->dh;
Emeric Bruna9363eb2019-10-17 14:53:03 +02003004 if (!SSL_CTX_set_tmp_dh(ctx, dh)) {
3005 memprintf(err, "%sunable to load the DH parameter specified in '%s'",
3006 err && *err ? *err : "", path);
3007#if defined(SSL_CTX_set_dh_auto)
3008 SSL_CTX_set_dh_auto(ctx, 1);
3009 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
3010 err && *err ? *err : "");
3011#else
3012 memprintf(err, "%s, DH ciphers won't be available.\n",
3013 err && *err ? *err : "");
3014#endif
3015 ret |= ERR_WARN;
3016 goto end;
3017 }
William Lallemandfa892222019-07-23 16:06:08 +02003018
3019 if (ssl_dh_ptr_index >= 0) {
3020 /* store a pointer to the DH params to avoid complaining about
3021 ssl-default-dh-param not being set for this SSL_CTX */
3022 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
3023 }
3024 }
3025 else if (global_dh) {
Emeric Bruna9363eb2019-10-17 14:53:03 +02003026 if (!SSL_CTX_set_tmp_dh(ctx, global_dh)) {
3027 memprintf(err, "%sunable to use the global DH parameter for certificate '%s'",
3028 err && *err ? *err : "", path);
3029#if defined(SSL_CTX_set_dh_auto)
3030 SSL_CTX_set_dh_auto(ctx, 1);
3031 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
3032 err && *err ? *err : "");
3033#else
3034 memprintf(err, "%s, DH ciphers won't be available.\n",
3035 err && *err ? *err : "");
3036#endif
3037 ret |= ERR_WARN;
3038 goto end;
3039 }
William Lallemandfa892222019-07-23 16:06:08 +02003040 }
3041 else {
3042 /* Clear openssl global errors stack */
3043 ERR_clear_error();
3044
3045 if (global_ssl.default_dh_param <= 1024) {
3046 /* we are limited to DH parameter of 1024 bits anyway */
3047 if (local_dh_1024 == NULL)
3048 local_dh_1024 = ssl_get_dh_1024();
3049
Emeric Brun7a883362019-10-17 13:27:40 +02003050 if (local_dh_1024 == NULL) {
3051 memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
3052 err && *err ? *err : "", path);
3053 ret |= ERR_ALERT | ERR_FATAL;
William Lallemandfa892222019-07-23 16:06:08 +02003054 goto end;
Emeric Brun7a883362019-10-17 13:27:40 +02003055 }
William Lallemandfa892222019-07-23 16:06:08 +02003056
Emeric Bruna9363eb2019-10-17 14:53:03 +02003057 if (!SSL_CTX_set_tmp_dh(ctx, local_dh_1024)) {
3058 memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
3059 err && *err ? *err : "", path);
3060#if defined(SSL_CTX_set_dh_auto)
3061 SSL_CTX_set_dh_auto(ctx, 1);
3062 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
3063 err && *err ? *err : "");
3064#else
3065 memprintf(err, "%s, DH ciphers won't be available.\n",
3066 err && *err ? *err : "");
3067#endif
3068 ret |= ERR_WARN;
3069 goto end;
3070 }
William Lallemandfa892222019-07-23 16:06:08 +02003071 }
3072 else {
3073 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
3074 }
William Lallemandfa892222019-07-23 16:06:08 +02003075 }
3076
3077end:
William Lallemandfa892222019-07-23 16:06:08 +02003078 return ret;
3079}
3080#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05003081
yanbzhu488a4d22015-12-01 15:16:07 -05003082/* Frees the contents of a cert_key_and_chain
3083 */
3084static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
3085{
yanbzhu488a4d22015-12-01 15:16:07 -05003086 if (!ckch)
3087 return;
3088
3089 /* Free the certificate and set pointer to NULL */
3090 if (ckch->cert)
3091 X509_free(ckch->cert);
3092 ckch->cert = NULL;
3093
3094 /* Free the key and set pointer to NULL */
3095 if (ckch->key)
3096 EVP_PKEY_free(ckch->key);
3097 ckch->key = NULL;
3098
3099 /* Free each certificate in the chain */
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01003100 if (ckch->chain)
3101 sk_X509_pop_free(ckch->chain, X509_free);
3102 ckch->chain = NULL;
yanbzhu488a4d22015-12-01 15:16:07 -05003103
William Lallemand455af502019-10-17 18:04:45 +02003104 if (ckch->dh)
3105 DH_free(ckch->dh);
3106 ckch->dh = NULL;
3107
3108 if (ckch->sctl) {
3109 free(ckch->sctl->area);
3110 ckch->sctl->area = NULL;
3111 free(ckch->sctl);
3112 ckch->sctl = NULL;
3113 }
3114
3115 if (ckch->ocsp_response) {
3116 free(ckch->ocsp_response->area);
3117 ckch->ocsp_response->area = NULL;
3118 free(ckch->ocsp_response);
3119 ckch->ocsp_response = NULL;
3120 }
yanbzhu488a4d22015-12-01 15:16:07 -05003121}
3122
William Lallemand8d0f8932019-10-17 18:03:58 +02003123/*
3124 *
3125 * This function copy a cert_key_and_chain in memory
3126 *
3127 * It's used to try to apply changes on a ckch before committing them, because
3128 * most of the time it's not possible to revert those changes
3129 *
3130 * Return a the dst or NULL
3131 */
3132static struct cert_key_and_chain *ssl_sock_copy_cert_key_and_chain(struct cert_key_and_chain *src,
3133 struct cert_key_and_chain *dst)
3134{
3135 if (src->cert) {
3136 dst->cert = src->cert;
3137 X509_up_ref(src->cert);
3138 }
3139
3140 if (src->key) {
3141 dst->key = src->key;
3142 EVP_PKEY_up_ref(src->key);
3143 }
3144
3145 if (src->chain) {
3146 dst->chain = X509_chain_up_ref(src->chain);
3147 }
3148
3149 if (src->dh) {
3150 DH_up_ref(src->dh);
3151 dst->dh = src->dh;
3152 }
3153
3154 if (src->sctl) {
3155 struct buffer *sctl;
3156
3157 sctl = calloc(1, sizeof(*sctl));
3158 if (!chunk_dup(sctl, src->sctl)) {
3159 free(sctl);
3160 sctl = NULL;
3161 goto error;
3162 }
3163 dst->sctl = sctl;
3164 }
3165
3166 if (src->ocsp_response) {
3167 struct buffer *ocsp_response;
3168
3169 ocsp_response = calloc(1, sizeof(*ocsp_response));
3170 if (!chunk_dup(ocsp_response, src->ocsp_response)) {
3171 free(ocsp_response);
3172 ocsp_response = NULL;
3173 goto error;
3174 }
3175 dst->ocsp_response = ocsp_response;
3176 }
3177
3178 if (src->ocsp_issuer) {
3179 X509_up_ref(src->ocsp_issuer);
3180 dst->ocsp_issuer = src->ocsp_issuer;
3181 }
3182
3183 return dst;
3184
3185error:
3186
3187 /* free everything */
3188 ssl_sock_free_cert_key_and_chain_contents(dst);
3189
3190 return NULL;
3191}
3192
3193
yanbzhu488a4d22015-12-01 15:16:07 -05003194/* checks if a key and cert exists in the ckch
3195 */
William Lallemand1633e392019-09-30 12:58:13 +02003196#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu488a4d22015-12-01 15:16:07 -05003197static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
3198{
3199 return (ckch->cert != NULL && ckch->key != NULL);
3200}
William Lallemand1633e392019-09-30 12:58:13 +02003201#endif
yanbzhu488a4d22015-12-01 15:16:07 -05003202
William Lallemandf9568fc2019-10-16 18:27:58 +02003203/*
3204 * return 0 on success or != 0 on failure
3205 */
3206static int ssl_sock_load_issuer_file_into_ckch(const char *path, char *buf, struct cert_key_and_chain *ckch, char **err)
3207{
3208 int ret = 1;
3209 BIO *in = NULL;
3210 X509 *issuer;
3211
3212 if (buf) {
3213 /* reading from a buffer */
3214 in = BIO_new_mem_buf(buf, -1);
3215 if (in == NULL) {
3216 memprintf(err, "%sCan't allocate memory\n", err && *err ? *err : "");
3217 goto end;
3218 }
3219
3220 } else {
3221 /* reading from a file */
3222 in = BIO_new(BIO_s_file());
3223 if (in == NULL)
3224 goto end;
3225
3226 if (BIO_read_filename(in, path) <= 0)
3227 goto end;
3228 }
3229
3230 issuer = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
3231 if (!issuer) {
3232 memprintf(err, "%s'%s' cannot be read or parsed'.\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01003233 err && *err ? *err : "", path);
William Lallemandf9568fc2019-10-16 18:27:58 +02003234 goto end;
3235 }
3236 ret = 0;
3237 ckch->ocsp_issuer = issuer;
3238
3239end:
3240
3241 ERR_clear_error();
3242 if (in)
3243 BIO_free(in);
3244
3245 return ret;
3246}
3247
William Lallemand96a9c972019-10-17 11:56:17 +02003248
3249/*
3250 * Try to load a PEM file from a <path> or a buffer <buf>
3251 * The PEM must contain at least a Private Key and a Certificate,
3252 * It could contain a DH and a certificate chain.
yanbzhu488a4d22015-12-01 15:16:07 -05003253 *
William Lallemand96a9c972019-10-17 11:56:17 +02003254 * If it failed you should not attempt to use the ckch but free it.
3255 *
3256 * Return 0 on success or != 0 on failure
yanbzhu488a4d22015-12-01 15:16:07 -05003257 */
William Lallemand96a9c972019-10-17 11:56:17 +02003258static int ssl_sock_load_pem_into_ckch(const char *path, char *buf, struct cert_key_and_chain *ckch , char **err)
yanbzhu488a4d22015-12-01 15:16:07 -05003259{
William Lallemandf11365b2019-09-19 14:25:58 +02003260 BIO *in = NULL;
yanbzhu488a4d22015-12-01 15:16:07 -05003261 int ret = 1;
Emmanuel Hocdet83cbd3c2019-10-25 11:55:03 +02003262 X509 *ca;
William Lallemand96a9c972019-10-17 11:56:17 +02003263 X509 *cert = NULL;
3264 EVP_PKEY *key = NULL;
3265 DH *dh;
3266
3267 if (buf) {
3268 /* reading from a buffer */
3269 in = BIO_new_mem_buf(buf, -1);
3270 if (in == NULL) {
3271 memprintf(err, "%sCan't allocate memory\n", err && *err ? *err : "");
3272 goto end;
3273 }
yanbzhu488a4d22015-12-01 15:16:07 -05003274
William Lallemand96a9c972019-10-17 11:56:17 +02003275 } else {
3276 /* reading from a file */
William Lallemandf11365b2019-09-19 14:25:58 +02003277 in = BIO_new(BIO_s_file());
3278 if (in == NULL)
3279 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003280
William Lallemandf11365b2019-09-19 14:25:58 +02003281 if (BIO_read_filename(in, path) <= 0)
3282 goto end;
William Lallemandf11365b2019-09-19 14:25:58 +02003283 }
yanbzhu488a4d22015-12-01 15:16:07 -05003284
yanbzhu488a4d22015-12-01 15:16:07 -05003285 /* Read Private Key */
William Lallemand96a9c972019-10-17 11:56:17 +02003286 key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
3287 if (key == NULL) {
yanbzhu488a4d22015-12-01 15:16:07 -05003288 memprintf(err, "%sunable to load private key from file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003289 err && *err ? *err : "", path);
yanbzhu488a4d22015-12-01 15:16:07 -05003290 goto end;
3291 }
3292
Emmanuel Hocdet54227d82019-07-30 17:04:01 +02003293#ifndef OPENSSL_NO_DH
William Lallemandfa892222019-07-23 16:06:08 +02003294 /* Seek back to beginning of file */
3295 if (BIO_reset(in) == -1) {
3296 memprintf(err, "%san error occurred while reading the file '%s'.\n",
3297 err && *err ? *err : "", path);
3298 goto end;
3299 }
3300
William Lallemand96a9c972019-10-17 11:56:17 +02003301 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
3302 /* no need to return an error there, dh is not mandatory */
3303
3304 if (dh) {
3305 if (ckch->dh)
3306 DH_free(ckch->dh);
3307 ckch->dh = dh;
3308 }
3309
Emmanuel Hocdet54227d82019-07-30 17:04:01 +02003310#endif
William Lallemandfa892222019-07-23 16:06:08 +02003311
Willy Tarreaubb137a82016-04-06 19:02:38 +02003312 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02003313 if (BIO_reset(in) == -1) {
3314 memprintf(err, "%san error occurred while reading the file '%s'.\n",
3315 err && *err ? *err : "", path);
3316 goto end;
3317 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02003318
3319 /* Read Certificate */
William Lallemand96a9c972019-10-17 11:56:17 +02003320 cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
3321 if (cert == NULL) {
Willy Tarreaubb137a82016-04-06 19:02:38 +02003322 memprintf(err, "%sunable to load certificate from file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003323 err && *err ? *err : "", path);
Willy Tarreaubb137a82016-04-06 19:02:38 +02003324 goto end;
3325 }
3326
William Lallemand96a9c972019-10-17 11:56:17 +02003327 if (!X509_check_private_key(cert, key)) {
Emmanuel Hocdet03e09f32019-07-30 14:21:25 +02003328 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003329 err && *err ? *err : "", path);
Emmanuel Hocdet03e09f32019-07-30 14:21:25 +02003330 goto end;
3331 }
3332
William Lallemand96a9c972019-10-17 11:56:17 +02003333 /* Key and Cert are good, we can use them in the ckch */
3334 if (ckch->key) /* free the previous key */
3335 EVP_PKEY_free(ckch->key);
3336 ckch->key = key;
Emmanuel Hocdet83cbd3c2019-10-25 11:55:03 +02003337 key = NULL;
William Lallemand96a9c972019-10-17 11:56:17 +02003338
3339 if (ckch->cert) /* free the previous cert */
3340 X509_free(ckch->cert);
3341 ckch->cert = cert;
Emmanuel Hocdet83cbd3c2019-10-25 11:55:03 +02003342 cert = NULL;
William Lallemand96a9c972019-10-17 11:56:17 +02003343
3344 /* Look for a Certificate Chain */
3345 ca = PEM_read_bio_X509(in, NULL, NULL, NULL);
3346 if (ca) {
3347 /* there is a chain a in the PEM, clean the previous one in the CKCH */
3348 if (ckch->chain) /* free the previous chain */
3349 sk_X509_pop_free(ckch->chain, X509_free);
3350 ckch->chain = sk_X509_new_null();
3351 if (!sk_X509_push(ckch->chain, ca)) {
3352 X509_free(ca);
3353 goto end;
3354 }
3355 }
3356 /* look for other crt in the chain */
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01003357 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL)))
3358 if (!sk_X509_push(ckch->chain, ca)) {
3359 X509_free(ca);
3360 goto end;
3361 }
yanbzhu488a4d22015-12-01 15:16:07 -05003362
Emmanuel Hocdeted17f472019-10-24 18:28:33 +02003363 /* no chain */
3364 if (ckch->chain == NULL) {
3365 ckch->chain = sk_X509_new_null();
3366 }
3367
yanbzhu488a4d22015-12-01 15:16:07 -05003368 ret = ERR_get_error();
3369 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
3370 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003371 err && *err ? *err : "", path);
yanbzhu488a4d22015-12-01 15:16:07 -05003372 goto end;
William Lallemand246c0242019-10-11 08:59:13 +02003373 }
3374
3375 ret = 0;
3376
William Lallemand96a9c972019-10-17 11:56:17 +02003377end:
William Lallemand246c0242019-10-11 08:59:13 +02003378
3379 ERR_clear_error();
William Lallemand96a9c972019-10-17 11:56:17 +02003380 if (in)
William Lallemand246c0242019-10-11 08:59:13 +02003381 BIO_free(in);
Emmanuel Hocdet83cbd3c2019-10-25 11:55:03 +02003382 if (key)
3383 EVP_PKEY_free(key);
3384 if (cert)
3385 X509_free(cert);
William Lallemanda17f4112019-10-10 15:16:44 +02003386
William Lallemand96a9c972019-10-17 11:56:17 +02003387 return ret;
3388}
3389
3390/*
3391 * Try to load in a ckch every files related to a ckch.
3392 * (PEM, sctl, ocsp, issuer etc.)
3393 *
3394 * This function is only used to load files during the configuration parsing,
3395 * it is not used with the CLI.
3396 *
3397 * This allows us to carry the contents of the file without having to read the
3398 * file multiple times. The caller must call
3399 * ssl_sock_free_cert_key_and_chain_contents.
3400 *
3401 * returns:
3402 * 0 on Success
3403 * 1 on SSL Failure
3404 */
3405static int ssl_sock_load_files_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
3406{
3407 int ret = 1;
3408
3409 /* try to load the PEM */
3410 if (ssl_sock_load_pem_into_ckch(path, NULL, ckch , err) != 0) {
3411 goto end;
3412 }
3413
William Lallemanda17f4112019-10-10 15:16:44 +02003414#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
3415 /* try to load the sctl file */
3416 {
3417 char fp[MAXPATHLEN+1];
3418 struct stat st;
3419
3420 snprintf(fp, MAXPATHLEN+1, "%s.sctl", path);
3421 if (stat(fp, &st) == 0) {
William Lallemand0dfae6c2019-10-16 18:06:58 +02003422 if (ssl_sock_load_sctl_from_file(fp, NULL, ckch, err)) {
William Lallemanda17f4112019-10-10 15:16:44 +02003423 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01003424 err && *err ? *err : "", fp);
William Lallemanda17f4112019-10-10 15:16:44 +02003425 ret = 1;
3426 goto end;
3427 }
3428 }
3429 }
3430#endif
yanbzhu488a4d22015-12-01 15:16:07 -05003431
William Lallemand246c0242019-10-11 08:59:13 +02003432 /* try to load an ocsp response file */
3433 {
3434 char fp[MAXPATHLEN+1];
3435 struct stat st;
3436
3437 snprintf(fp, MAXPATHLEN+1, "%s.ocsp", path);
3438 if (stat(fp, &st) == 0) {
William Lallemand3b5f3602019-10-16 18:05:05 +02003439 if (ssl_sock_load_ocsp_response_from_file(fp, NULL, ckch, err)) {
William Lallemand246c0242019-10-11 08:59:13 +02003440 ret = 1;
3441 goto end;
3442 }
3443 }
3444 }
3445
Emmanuel Hocdeteaad5cc2019-10-25 12:19:00 +02003446#ifndef OPENSSL_IS_BORINGSSL /* Useless for BoringSSL */
William Lallemand246c0242019-10-11 08:59:13 +02003447 if (ckch->ocsp_response) {
3448 X509 *issuer;
3449 int i;
3450
3451 /* check if one of the certificate of the chain is the issuer */
3452 for (i = 0; i < sk_X509_num(ckch->chain); i++) {
3453 issuer = sk_X509_value(ckch->chain, i);
3454 if (X509_check_issued(issuer, ckch->cert) == X509_V_OK) {
3455 ckch->ocsp_issuer = issuer;
3456 break;
3457 } else
3458 issuer = NULL;
3459 }
3460
3461 /* if no issuer was found, try to load an issuer from the .issuer */
3462 if (!issuer) {
3463 struct stat st;
3464 char fp[MAXPATHLEN+1];
3465
3466 snprintf(fp, MAXPATHLEN+1, "%s.issuer", path);
3467 if (stat(fp, &st) == 0) {
William Lallemandf9568fc2019-10-16 18:27:58 +02003468 if (ssl_sock_load_issuer_file_into_ckch(fp, NULL, ckch, err)) {
William Lallemand246c0242019-10-11 08:59:13 +02003469 ret = 1;
3470 goto end;
3471 }
3472
3473 if (X509_check_issued(ckch->ocsp_issuer, ckch->cert) != X509_V_OK) {
William Lallemand786188f2019-10-15 10:05:37 +02003474 memprintf(err, "%s '%s' is not an issuer'.\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01003475 err && *err ? *err : "", fp);
William Lallemand246c0242019-10-11 08:59:13 +02003476 ret = 1;
3477 goto end;
3478 }
3479 } else {
3480 memprintf(err, "%sNo issuer found, cannot use the OCSP response'.\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01003481 err && *err ? *err : "");
William Lallemand246c0242019-10-11 08:59:13 +02003482 ret = 1;
3483 goto end;
3484 }
3485 }
3486 }
Emmanuel Hocdeteaad5cc2019-10-25 12:19:00 +02003487#endif
William Lallemand246c0242019-10-11 08:59:13 +02003488
yanbzhu488a4d22015-12-01 15:16:07 -05003489 ret = 0;
3490
3491end:
3492
3493 ERR_clear_error();
yanbzhu488a4d22015-12-01 15:16:07 -05003494
3495 /* Something went wrong in one of the reads */
3496 if (ret != 0)
3497 ssl_sock_free_cert_key_and_chain_contents(ckch);
3498
3499 return ret;
3500}
3501
3502/* Loads the info in ckch into ctx
Emeric Bruna96b5822019-10-17 13:25:14 +02003503 * Returns a bitfield containing the flags:
3504 * ERR_FATAL in any fatal error case
3505 * ERR_ALERT if the reason of the error is available in err
3506 * ERR_WARN if a warning is available into err
3507 * The value 0 means there is no error nor warning and
3508 * the operation succeed.
yanbzhu488a4d22015-12-01 15:16:07 -05003509 */
3510static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
3511{
Emeric Bruna96b5822019-10-17 13:25:14 +02003512 int errcode = 0;
3513
yanbzhu488a4d22015-12-01 15:16:07 -05003514 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
3515 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
3516 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003517 errcode |= ERR_ALERT | ERR_FATAL;
3518 return errcode;
yanbzhu488a4d22015-12-01 15:16:07 -05003519 }
3520
3521 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
3522 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
3523 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003524 errcode |= ERR_ALERT | ERR_FATAL;
3525 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003526 }
3527
yanbzhu488a4d22015-12-01 15:16:07 -05003528 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003529#ifdef SSL_CTX_set1_chain
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01003530 if (!SSL_CTX_set1_chain(ctx, ckch->chain)) {
3531 memprintf(err, "%sunable to load chain certificate into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
3532 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003533 errcode |= ERR_ALERT | ERR_FATAL;
3534 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003535 }
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003536#else
3537 { /* legacy compat (< openssl 1.0.2) */
3538 X509 *ca;
Emmanuel Hocdet140b64f2019-10-24 18:33:10 +02003539 STACK_OF(X509) *chain;
3540 chain = X509_chain_up_ref(ckch->chain);
3541 while ((ca = sk_X509_shift(chain)))
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003542 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3543 memprintf(err, "%sunable to load chain certificate into SSL Context '%s'.\n",
3544 err && *err ? *err : "", path);
3545 X509_free(ca);
Emmanuel Hocdet140b64f2019-10-24 18:33:10 +02003546 sk_X509_pop_free(chain, X509_free);
Emeric Bruna96b5822019-10-17 13:25:14 +02003547 errcode |= ERR_ALERT | ERR_FATAL;
3548 goto end;
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003549 }
3550 }
3551#endif
yanbzhu488a4d22015-12-01 15:16:07 -05003552
William Lallemandfa892222019-07-23 16:06:08 +02003553#ifndef OPENSSL_NO_DH
3554 /* store a NULL pointer to indicate we have not yet loaded
3555 a custom DH param file */
3556 if (ssl_dh_ptr_index >= 0) {
3557 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3558 }
3559
Emeric Brun7a883362019-10-17 13:27:40 +02003560 errcode |= ssl_sock_load_dh_params(ctx, ckch, path, err);
3561 if (errcode & ERR_CODE) {
William Lallemandfa892222019-07-23 16:06:08 +02003562 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3563 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003564 goto end;
William Lallemandfa892222019-07-23 16:06:08 +02003565 }
3566#endif
3567
William Lallemanda17f4112019-10-10 15:16:44 +02003568#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
3569 if (sctl_ex_index >= 0 && ckch->sctl) {
3570 if (ssl_sock_load_sctl(ctx, ckch->sctl) < 0) {
3571 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01003572 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003573 errcode |= ERR_ALERT | ERR_FATAL;
3574 goto end;
William Lallemanda17f4112019-10-10 15:16:44 +02003575 }
3576 }
3577#endif
3578
William Lallemand4a660132019-10-14 14:51:41 +02003579#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
William Lallemand246c0242019-10-11 08:59:13 +02003580 /* Load OCSP Info into context */
3581 if (ckch->ocsp_response) {
3582 if (ssl_sock_load_ocsp(ctx, ckch) < 0) {
Tim Duesterhus93128532019-11-23 23:45:10 +01003583 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3584 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003585 errcode |= ERR_ALERT | ERR_FATAL;
3586 goto end;
William Lallemand246c0242019-10-11 08:59:13 +02003587 }
3588 }
William Lallemand246c0242019-10-11 08:59:13 +02003589#endif
3590
Emeric Bruna96b5822019-10-17 13:25:14 +02003591 end:
3592 return errcode;
yanbzhu488a4d22015-12-01 15:16:07 -05003593}
3594
William Lallemandc4ecddf2019-07-31 16:50:08 +02003595#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu08ce6ab2015-12-02 13:01:29 -05003596
William Lallemand28a8fce2019-10-04 17:36:55 +02003597static int ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003598{
3599 struct sni_keytype *s_kt = NULL;
3600 struct ebmb_node *node;
3601 int i;
3602
3603 for (i = 0; i < trash.size; i++) {
3604 if (!str[i])
3605 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003606 trash.area[i] = tolower(str[i]);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003607 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003608 trash.area[i] = 0;
3609 node = ebst_lookup(sni_keytypes, trash.area);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003610 if (!node) {
3611 /* CN not found in tree */
3612 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
3613 /* Using memcpy here instead of strncpy.
3614 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
3615 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
3616 */
William Lallemand28a8fce2019-10-04 17:36:55 +02003617 if (!s_kt)
3618 return -1;
3619
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003620 memcpy(s_kt->name.key, trash.area, i+1);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003621 s_kt->keytypes = 0;
3622 ebst_insert(sni_keytypes, &s_kt->name);
3623 } else {
3624 /* CN found in tree */
3625 s_kt = container_of(node, struct sni_keytype, name);
3626 }
3627
3628 /* Mark that this CN has the keytype of key_index via keytypes mask */
3629 s_kt->keytypes |= 1<<key_index;
3630
William Lallemand28a8fce2019-10-04 17:36:55 +02003631 return 0;
3632
yanbzhu08ce6ab2015-12-02 13:01:29 -05003633}
3634
William Lallemandc4ecddf2019-07-31 16:50:08 +02003635#endif
William Lallemand8c1cdde2019-10-18 10:58:14 +02003636/*
3637 * Free a ckch_store and its ckch(s)
3638 * The linked ckch_inst are not free'd
3639 */
3640void ckchs_free(struct ckch_store *ckchs)
3641{
3642 if (!ckchs)
3643 return;
3644
3645#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3646 if (ckchs->multi) {
3647 int n;
3648
3649 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
3650 ssl_sock_free_cert_key_and_chain_contents(&ckchs->ckch[n]);
3651 } else
3652#endif
3653 {
3654 ssl_sock_free_cert_key_and_chain_contents(ckchs->ckch);
3655 ckchs->ckch = NULL;
3656 }
3657
3658 free(ckchs);
3659}
3660
3661/* allocate and duplicate a ckch_store
3662 * Return a new ckch_store or NULL */
3663static struct ckch_store *ckchs_dup(const struct ckch_store *src)
3664{
3665 struct ckch_store *dst;
3666 int pathlen;
3667
3668 pathlen = strlen(src->path);
3669 dst = calloc(1, sizeof(*dst) + pathlen + 1);
3670 if (!dst)
3671 return NULL;
3672 /* copy previous key */
3673 memcpy(dst->path, src->path, pathlen + 1);
3674 dst->multi = src->multi;
3675 LIST_INIT(&dst->ckch_inst);
3676
3677 dst->ckch = calloc((src->multi ? SSL_SOCK_NUM_KEYTYPES : 1), sizeof(*dst->ckch));
3678 if (!dst->ckch)
3679 goto error;
3680
3681#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3682 if (src->multi) {
3683 int n;
3684
3685 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3686 if (&src->ckch[n]) {
3687 if (!ssl_sock_copy_cert_key_and_chain(&src->ckch[n], &dst->ckch[n]))
3688 goto error;
3689 }
3690 }
3691 } else
3692#endif
3693 {
3694 if (!ssl_sock_copy_cert_key_and_chain(src->ckch, dst->ckch))
3695 goto error;
3696 }
3697
3698 return dst;
3699
3700error:
3701 ckchs_free(dst);
3702
3703 return NULL;
3704}
William Lallemandc4ecddf2019-07-31 16:50:08 +02003705
William Lallemand36b84632019-07-18 19:28:17 +02003706/*
William Lallemande3af8fb2019-10-08 11:36:53 +02003707 * lookup a path into the ckchs tree.
William Lallemand6af03992019-07-23 15:00:54 +02003708 */
William Lallemande3af8fb2019-10-08 11:36:53 +02003709static inline struct ckch_store *ckchs_lookup(char *path)
William Lallemand6af03992019-07-23 15:00:54 +02003710{
3711 struct ebmb_node *eb;
3712
William Lallemande3af8fb2019-10-08 11:36:53 +02003713 eb = ebst_lookup(&ckchs_tree, path);
William Lallemand6af03992019-07-23 15:00:54 +02003714 if (!eb)
3715 return NULL;
3716
William Lallemande3af8fb2019-10-08 11:36:53 +02003717 return ebmb_entry(eb, struct ckch_store, node);
William Lallemand6af03992019-07-23 15:00:54 +02003718}
3719
3720/*
William Lallemande3af8fb2019-10-08 11:36:53 +02003721 * This function allocate a ckch_store and populate it with certificates from files.
William Lallemand36b84632019-07-18 19:28:17 +02003722 */
William Lallemande3af8fb2019-10-08 11:36:53 +02003723static struct ckch_store *ckchs_load_cert_file(char *path, int multi, char **err)
William Lallemand36b84632019-07-18 19:28:17 +02003724{
William Lallemande3af8fb2019-10-08 11:36:53 +02003725 struct ckch_store *ckchs;
William Lallemand36b84632019-07-18 19:28:17 +02003726
William Lallemande3af8fb2019-10-08 11:36:53 +02003727 ckchs = calloc(1, sizeof(*ckchs) + strlen(path) + 1);
3728 if (!ckchs) {
William Lallemand36b84632019-07-18 19:28:17 +02003729 memprintf(err, "%sunable to allocate memory.\n", err && *err ? *err : "");
3730 goto end;
3731 }
William Lallemande3af8fb2019-10-08 11:36:53 +02003732 ckchs->ckch = calloc(1, sizeof(*ckchs->ckch) * (multi ? SSL_SOCK_NUM_KEYTYPES : 1));
William Lallemand36b84632019-07-18 19:28:17 +02003733
William Lallemande3af8fb2019-10-08 11:36:53 +02003734 if (!ckchs->ckch) {
William Lallemand36b84632019-07-18 19:28:17 +02003735 memprintf(err, "%sunable to allocate memory.\n", err && *err ? *err : "");
3736 goto end;
3737 }
3738
William Lallemand9117de92019-10-04 00:29:42 +02003739 LIST_INIT(&ckchs->ckch_inst);
3740
William Lallemand36b84632019-07-18 19:28:17 +02003741 if (!multi) {
3742
William Lallemand96a9c972019-10-17 11:56:17 +02003743 if (ssl_sock_load_files_into_ckch(path, ckchs->ckch, err) == 1)
William Lallemand36b84632019-07-18 19:28:17 +02003744 goto end;
3745
William Lallemande3af8fb2019-10-08 11:36:53 +02003746 /* insert into the ckchs tree */
3747 memcpy(ckchs->path, path, strlen(path) + 1);
3748 ebst_insert(&ckchs_tree, &ckchs->node);
William Lallemand36b84632019-07-18 19:28:17 +02003749 } else {
3750 int found = 0;
William Lallemandc4ecddf2019-07-31 16:50:08 +02003751#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3752 char fp[MAXPATHLEN+1] = {0};
3753 int n = 0;
William Lallemand36b84632019-07-18 19:28:17 +02003754
3755 /* Load all possible certs and keys */
3756 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3757 struct stat buf;
3758 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3759 if (stat(fp, &buf) == 0) {
William Lallemand96a9c972019-10-17 11:56:17 +02003760 if (ssl_sock_load_files_into_ckch(fp, &ckchs->ckch[n], err) == 1)
William Lallemand36b84632019-07-18 19:28:17 +02003761 goto end;
3762 found = 1;
William Lallemande3af8fb2019-10-08 11:36:53 +02003763 ckchs->multi = 1;
William Lallemand36b84632019-07-18 19:28:17 +02003764 }
3765 }
William Lallemandc4ecddf2019-07-31 16:50:08 +02003766#endif
William Lallemand36b84632019-07-18 19:28:17 +02003767
3768 if (!found) {
William Lallemand6e5f2ce2019-08-01 14:43:20 +02003769 memprintf(err, "%sDidn't find any certificate for bundle '%s'.\n", err && *err ? *err : "", path);
William Lallemand36b84632019-07-18 19:28:17 +02003770 goto end;
3771 }
William Lallemande3af8fb2019-10-08 11:36:53 +02003772 /* insert into the ckchs tree */
3773 memcpy(ckchs->path, path, strlen(path) + 1);
3774 ebst_insert(&ckchs_tree, &ckchs->node);
William Lallemand36b84632019-07-18 19:28:17 +02003775 }
William Lallemande3af8fb2019-10-08 11:36:53 +02003776 return ckchs;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003777
William Lallemand36b84632019-07-18 19:28:17 +02003778end:
William Lallemande3af8fb2019-10-08 11:36:53 +02003779 if (ckchs) {
3780 free(ckchs->ckch);
3781 ebmb_delete(&ckchs->node);
William Lallemand6af03992019-07-23 15:00:54 +02003782 }
3783
William Lallemande3af8fb2019-10-08 11:36:53 +02003784 free(ckchs);
William Lallemand36b84632019-07-18 19:28:17 +02003785
3786 return NULL;
3787}
3788
William Lallemandc4ecddf2019-07-31 16:50:08 +02003789#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3790
William Lallemand36b84632019-07-18 19:28:17 +02003791/*
William Lallemande3af8fb2019-10-08 11:36:53 +02003792 * Take a ckch_store which contains a multi-certificate bundle.
William Lallemand36b84632019-07-18 19:28:17 +02003793 * Group these certificates into a set of SSL_CTX*
yanbzhu08ce6ab2015-12-02 13:01:29 -05003794 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
3795 *
Joseph Herlant017b3da2018-11-15 09:07:59 -08003796 * This will allow the user to explicitly group multiple cert/keys for a single purpose
yanbzhu08ce6ab2015-12-02 13:01:29 -05003797 *
Emeric Brun054563d2019-10-17 13:16:58 +02003798 * Returns a bitfield containing the flags:
3799 * ERR_FATAL in any fatal error case
3800 * ERR_ALERT if the reason of the error is available in err
3801 * ERR_WARN if a warning is available into err
William Lallemand36b84632019-07-18 19:28:17 +02003802 *
yanbzhu08ce6ab2015-12-02 13:01:29 -05003803 */
Emeric Brun054563d2019-10-17 13:16:58 +02003804static int ckch_inst_new_load_multi_store(const char *path, struct ckch_store *ckchs,
3805 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3806 char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003807{
William Lallemand36b84632019-07-18 19:28:17 +02003808 int i = 0, n = 0;
3809 struct cert_key_and_chain *certs_and_keys;
William Lallemand4b989f22019-10-04 18:36:55 +02003810 struct eb_root sni_keytypes_map = EB_ROOT;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003811 struct ebmb_node *node;
3812 struct ebmb_node *next;
3813 /* Array of SSL_CTX pointers corresponding to each possible combo
3814 * of keytypes
3815 */
3816 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
Emeric Brun054563d2019-10-17 13:16:58 +02003817 int errcode = 0;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003818 X509_NAME *xname = NULL;
3819 char *str = NULL;
3820#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3821 STACK_OF(GENERAL_NAME) *names = NULL;
3822#endif
William Lallemand614ca0d2019-10-07 13:52:11 +02003823 struct ckch_inst *ckch_inst;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003824
Emeric Brun054563d2019-10-17 13:16:58 +02003825 *ckchi = NULL;
3826
William Lallemande3af8fb2019-10-08 11:36:53 +02003827 if (!ckchs || !ckchs->ckch || !ckchs->multi) {
William Lallemand36b84632019-07-18 19:28:17 +02003828 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3829 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003830 return ERR_ALERT | ERR_FATAL;
William Lallemand614ca0d2019-10-07 13:52:11 +02003831 }
3832
3833 ckch_inst = ckch_inst_new();
3834 if (!ckch_inst) {
3835 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3836 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003837 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand614ca0d2019-10-07 13:52:11 +02003838 goto end;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003839 }
3840
William Lallemande3af8fb2019-10-08 11:36:53 +02003841 certs_and_keys = ckchs->ckch;
William Lallemand36b84632019-07-18 19:28:17 +02003842
William Lallemand150bfa82019-09-19 17:12:49 +02003843 /* at least one of the instances is using filters during the config
3844 * parsing, that's ok to inherit this during loading on CLI */
William Lallemand920b0352019-12-04 15:33:01 +01003845 ckchs->filters |= !!fcount;
William Lallemand150bfa82019-09-19 17:12:49 +02003846
yanbzhu08ce6ab2015-12-02 13:01:29 -05003847 /* Process each ckch and update keytypes for each CN/SAN
3848 * for example, if CN/SAN www.a.com is associated with
3849 * certs with keytype 0 and 2, then at the end of the loop,
3850 * www.a.com will have:
3851 * keyindex = 0 | 1 | 4 = 5
3852 */
3853 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
William Lallemand28a8fce2019-10-04 17:36:55 +02003854 int ret;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003855
3856 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3857 continue;
3858
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003859 if (fcount) {
William Lallemand28a8fce2019-10-04 17:36:55 +02003860 for (i = 0; i < fcount; i++) {
3861 ret = ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3862 if (ret < 0) {
3863 memprintf(err, "%sunable to allocate SSL context.\n",
3864 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003865 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003866 goto end;
3867 }
3868 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003869 } else {
3870 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3871 * so the line that contains logic is marked via comments
3872 */
3873 xname = X509_get_subject_name(certs_and_keys[n].cert);
3874 i = -1;
3875 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3876 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003877 ASN1_STRING *value;
3878 value = X509_NAME_ENTRY_get_data(entry);
3879 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003880 /* Important line is here */
William Lallemand28a8fce2019-10-04 17:36:55 +02003881 ret = ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003882
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003883 OPENSSL_free(str);
3884 str = NULL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003885 if (ret < 0) {
3886 memprintf(err, "%sunable to allocate SSL context.\n",
3887 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003888 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003889 goto end;
3890 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003891 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003892 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003893
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003894 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003895#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003896 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3897 if (names) {
3898 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3899 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003900
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003901 if (name->type == GEN_DNS) {
3902 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3903 /* Important line is here */
William Lallemand28a8fce2019-10-04 17:36:55 +02003904 ret = ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003905
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003906 OPENSSL_free(str);
3907 str = NULL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003908 if (ret < 0) {
3909 memprintf(err, "%sunable to allocate SSL context.\n",
3910 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003911 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003912 goto end;
3913 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003914 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003915 }
3916 }
3917 }
3918 }
3919#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3920 }
3921
3922 /* If no files found, return error */
3923 if (eb_is_empty(&sni_keytypes_map)) {
3924 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3925 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003926 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003927 goto end;
3928 }
3929
3930 /* We now have a map of CN/SAN to keytypes that are loaded in
3931 * Iterate through the map to create the SSL_CTX's (if needed)
3932 * and add each CTX to the SNI tree
3933 *
3934 * Some math here:
Joseph Herlant017b3da2018-11-15 09:07:59 -08003935 * There are 2^n - 1 possible combinations, each unique
yanbzhu08ce6ab2015-12-02 13:01:29 -05003936 * combination is denoted by the key in the map. Each key
3937 * has a value between 1 and 2^n - 1. Conveniently, the array
3938 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3939 * entry in the array to correspond to the unique combo (key)
3940 * associated with i. This unique key combo (i) will be associated
3941 * with combos[i-1]
3942 */
3943
3944 node = ebmb_first(&sni_keytypes_map);
3945 while (node) {
3946 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003947 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003948 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003949
3950 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3951 i = container_of(node, struct sni_keytype, name)->keytypes;
3952 cur_ctx = key_combos[i-1].ctx;
3953
3954 if (cur_ctx == NULL) {
3955 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003956 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003957 if (cur_ctx == NULL) {
3958 memprintf(err, "%sunable to allocate SSL context.\n",
3959 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003960 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003961 goto end;
3962 }
3963
yanbzhube2774d2015-12-10 15:07:30 -05003964 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003965 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3966 if (i & (1<<n)) {
3967 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003968 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
Emeric Bruna96b5822019-10-17 13:25:14 +02003969 errcode |= ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err);
3970 if (errcode & ERR_CODE)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003971 goto end;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003972 }
3973 }
3974
yanbzhu08ce6ab2015-12-02 13:01:29 -05003975 /* Update key_combos */
3976 key_combos[i-1].ctx = cur_ctx;
3977 }
3978
3979 /* Update SNI Tree */
William Lallemand9117de92019-10-04 00:29:42 +02003980
William Lallemand1d29c742019-10-04 00:53:29 +02003981 key_combos[i-1].order = ckch_inst_add_cert_sni(cur_ctx, ckch_inst, bind_conf, ssl_conf,
William Lallemandfe49bb32019-10-03 23:46:33 +02003982 kinfo, str, key_combos[i-1].order);
3983 if (key_combos[i-1].order < 0) {
3984 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003985 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandfe49bb32019-10-03 23:46:33 +02003986 goto end;
3987 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003988 node = ebmb_next(node);
3989 }
3990
3991
3992 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3993 if (!bind_conf->default_ctx) {
3994 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3995 if (key_combos[i].ctx) {
3996 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003997 bind_conf->default_ssl_conf = ssl_conf;
William Lallemand21724f02019-11-04 17:56:13 +01003998 ckch_inst->is_default = 1;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003999 break;
4000 }
4001 }
4002 }
4003
William Lallemand614ca0d2019-10-07 13:52:11 +02004004 ckch_inst->bind_conf = bind_conf;
William Lallemand150bfa82019-09-19 17:12:49 +02004005 ckch_inst->ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004006end:
4007
4008 if (names)
4009 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
4010
yanbzhu08ce6ab2015-12-02 13:01:29 -05004011 node = ebmb_first(&sni_keytypes_map);
4012 while (node) {
4013 next = ebmb_next(node);
4014 ebmb_delete(node);
William Lallemand8ed5b962019-10-04 17:24:39 +02004015 free(ebmb_entry(node, struct sni_keytype, name));
yanbzhu08ce6ab2015-12-02 13:01:29 -05004016 node = next;
4017 }
4018
Emeric Brun054563d2019-10-17 13:16:58 +02004019 if (errcode & ERR_CODE && ckch_inst) {
William Lallemand0c6d12f2019-10-04 18:38:51 +02004020 struct sni_ctx *sc0, *sc0b;
4021
4022 /* free the SSL_CTX in case of error */
4023 for (i = 0; i < SSL_SOCK_POSSIBLE_KT_COMBOS; i++) {
4024 if (key_combos[i].ctx)
4025 SSL_CTX_free(key_combos[i].ctx);
4026 }
4027
4028 /* free the sni_ctx in case of error */
4029 list_for_each_entry_safe(sc0, sc0b, &ckch_inst->sni_ctx, by_ckch_inst) {
4030
4031 ebmb_delete(&sc0->name);
4032 LIST_DEL(&sc0->by_ckch_inst);
4033 free(sc0);
4034 }
William Lallemand614ca0d2019-10-07 13:52:11 +02004035 free(ckch_inst);
4036 ckch_inst = NULL;
William Lallemand0c6d12f2019-10-04 18:38:51 +02004037 }
4038
Emeric Brun054563d2019-10-17 13:16:58 +02004039 *ckchi = ckch_inst;
4040 return errcode;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004041}
4042#else
4043/* This is a dummy, that just logs an error and returns error */
Emeric Brun054563d2019-10-17 13:16:58 +02004044static int ckch_inst_new_load_multi_store(const char *path, struct ckch_store *ckchs,
4045 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
4046 char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05004047{
4048 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
4049 err && *err ? *err : "", path, strerror(errno));
Emeric Brun054563d2019-10-17 13:16:58 +02004050 return ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004051}
4052
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004053#endif /* #if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
yanbzhu488a4d22015-12-01 15:16:07 -05004054
William Lallemand614ca0d2019-10-07 13:52:11 +02004055/*
4056 * This function allocate a ckch_inst and create its snis
Emeric Brun054563d2019-10-17 13:16:58 +02004057 *
4058 * Returns a bitfield containing the flags:
4059 * ERR_FATAL in any fatal error case
4060 * ERR_ALERT if the reason of the error is available in err
4061 * ERR_WARN if a warning is available into err
William Lallemand614ca0d2019-10-07 13:52:11 +02004062 */
Emeric Brun054563d2019-10-17 13:16:58 +02004063static int ckch_inst_new_load_store(const char *path, struct ckch_store *ckchs, struct bind_conf *bind_conf,
4064 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004065{
William Lallemandc9402072019-05-15 15:33:54 +02004066 SSL_CTX *ctx;
William Lallemandc9402072019-05-15 15:33:54 +02004067 int i;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004068 int order = 0;
4069 X509_NAME *xname;
4070 char *str;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01004071 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02004072 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Emeric Brunfc0421f2012-09-07 17:30:07 +02004073#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
4074 STACK_OF(GENERAL_NAME) *names;
4075#endif
William Lallemand36b84632019-07-18 19:28:17 +02004076 struct cert_key_and_chain *ckch;
William Lallemand614ca0d2019-10-07 13:52:11 +02004077 struct ckch_inst *ckch_inst = NULL;
Emeric Brun054563d2019-10-17 13:16:58 +02004078 int errcode = 0;
4079
4080 *ckchi = NULL;
William Lallemanda59191b2019-05-15 16:08:56 +02004081
William Lallemande3af8fb2019-10-08 11:36:53 +02004082 if (!ckchs || !ckchs->ckch)
Emeric Brun054563d2019-10-17 13:16:58 +02004083 return ERR_FATAL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004084
William Lallemande3af8fb2019-10-08 11:36:53 +02004085 ckch = ckchs->ckch;
William Lallemand36b84632019-07-18 19:28:17 +02004086
William Lallemand150bfa82019-09-19 17:12:49 +02004087 /* at least one of the instances is using filters during the config
4088 * parsing, that's ok to inherit this during loading on CLI */
William Lallemand920b0352019-12-04 15:33:01 +01004089 ckchs->filters |= !!fcount;
William Lallemand150bfa82019-09-19 17:12:49 +02004090
William Lallemandc9402072019-05-15 15:33:54 +02004091 ctx = SSL_CTX_new(SSLv23_server_method());
4092 if (!ctx) {
4093 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
4094 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02004095 errcode |= ERR_ALERT | ERR_FATAL;
4096 goto error;
William Lallemandc9402072019-05-15 15:33:54 +02004097 }
4098
Emeric Bruna96b5822019-10-17 13:25:14 +02004099 errcode |= ssl_sock_put_ckch_into_ctx(path, ckch, ctx, err);
4100 if (errcode & ERR_CODE)
William Lallemand614ca0d2019-10-07 13:52:11 +02004101 goto error;
William Lallemand614ca0d2019-10-07 13:52:11 +02004102
4103 ckch_inst = ckch_inst_new();
4104 if (!ckch_inst) {
4105 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
4106 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02004107 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02004108 goto error;
William Lallemandc9402072019-05-15 15:33:54 +02004109 }
4110
William Lallemand36b84632019-07-18 19:28:17 +02004111 pkey = X509_get_pubkey(ckch->cert);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01004112 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02004113 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01004114 switch(EVP_PKEY_base_id(pkey)) {
4115 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02004116 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01004117 break;
4118 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02004119 kinfo.sig = TLSEXT_signature_ecdsa;
4120 break;
4121 case EVP_PKEY_DSA:
4122 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01004123 break;
4124 }
4125 EVP_PKEY_free(pkey);
4126 }
4127
Emeric Brun50bcecc2013-04-22 13:05:23 +02004128 if (fcount) {
William Lallemandfe49bb32019-10-03 23:46:33 +02004129 while (fcount--) {
William Lallemand1d29c742019-10-04 00:53:29 +02004130 order = ckch_inst_add_cert_sni(ctx, ckch_inst, bind_conf, ssl_conf, kinfo, sni_filter[fcount], order);
William Lallemandfe49bb32019-10-03 23:46:33 +02004131 if (order < 0) {
4132 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02004133 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02004134 goto error;
William Lallemandfe49bb32019-10-03 23:46:33 +02004135 }
4136 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004137 }
4138 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02004139#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
William Lallemand36b84632019-07-18 19:28:17 +02004140 names = X509_get_ext_d2i(ckch->cert, NID_subject_alt_name, NULL, NULL);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004141 if (names) {
4142 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
4143 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
4144 if (name->type == GEN_DNS) {
4145 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
William Lallemand1d29c742019-10-04 00:53:29 +02004146 order = ckch_inst_add_cert_sni(ctx, ckch_inst, bind_conf, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004147 OPENSSL_free(str);
William Lallemandfe49bb32019-10-03 23:46:33 +02004148 if (order < 0) {
4149 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02004150 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02004151 goto error;
William Lallemandfe49bb32019-10-03 23:46:33 +02004152 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004153 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004154 }
4155 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004156 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004157 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004158#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
William Lallemand36b84632019-07-18 19:28:17 +02004159 xname = X509_get_subject_name(ckch->cert);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004160 i = -1;
4161 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
4162 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02004163 ASN1_STRING *value;
4164
4165 value = X509_NAME_ENTRY_get_data(entry);
4166 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
William Lallemand1d29c742019-10-04 00:53:29 +02004167 order = ckch_inst_add_cert_sni(ctx, ckch_inst, bind_conf, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004168 OPENSSL_free(str);
William Lallemandfe49bb32019-10-03 23:46:33 +02004169 if (order < 0) {
4170 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02004171 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02004172 goto error;
William Lallemandfe49bb32019-10-03 23:46:33 +02004173 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004174 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004175 }
4176 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004177 /* we must not free the SSL_CTX anymore below, since it's already in
4178 * the tree, so it will be discovered and cleaned in time.
4179 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02004180
Emeric Brunfc0421f2012-09-07 17:30:07 +02004181#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004182 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02004183 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
4184 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02004185 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02004186 goto error;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004187 }
4188#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004189 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004190 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004191 bind_conf->default_ssl_conf = ssl_conf;
William Lallemand21724f02019-11-04 17:56:13 +01004192 ckch_inst->is_default = 1;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004193 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004194
William Lallemand9117de92019-10-04 00:29:42 +02004195 /* everything succeed, the ckch instance can be used */
4196 ckch_inst->bind_conf = bind_conf;
William Lallemand150bfa82019-09-19 17:12:49 +02004197 ckch_inst->ssl_conf = ssl_conf;
William Lallemand9117de92019-10-04 00:29:42 +02004198
Emeric Brun054563d2019-10-17 13:16:58 +02004199 *ckchi = ckch_inst;
4200 return errcode;
William Lallemandd9199372019-10-04 15:37:05 +02004201
4202error:
4203 /* free the allocated sni_ctxs */
William Lallemand614ca0d2019-10-07 13:52:11 +02004204 if (ckch_inst) {
William Lallemandd9199372019-10-04 15:37:05 +02004205 struct sni_ctx *sc0, *sc0b;
4206
4207 list_for_each_entry_safe(sc0, sc0b, &ckch_inst->sni_ctx, by_ckch_inst) {
4208
4209 ebmb_delete(&sc0->name);
4210 LIST_DEL(&sc0->by_ckch_inst);
4211 free(sc0);
4212 }
William Lallemand614ca0d2019-10-07 13:52:11 +02004213 free(ckch_inst);
4214 ckch_inst = NULL;
William Lallemandd9199372019-10-04 15:37:05 +02004215 }
4216 /* We only created 1 SSL_CTX so we can free it there */
4217 SSL_CTX_free(ctx);
4218
Emeric Brun054563d2019-10-17 13:16:58 +02004219 return errcode;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004220}
4221
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004222/* Returns a set of ERR_* flags possibly with an error in <err>. */
William Lallemand614ca0d2019-10-07 13:52:11 +02004223static int ssl_sock_load_ckchs(const char *path, struct ckch_store *ckchs,
4224 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
4225 char **sni_filter, int fcount, char **err)
4226{
4227 struct ckch_inst *ckch_inst = NULL;
Emeric Brun054563d2019-10-17 13:16:58 +02004228 int errcode = 0;
William Lallemand614ca0d2019-10-07 13:52:11 +02004229
4230 /* we found the ckchs in the tree, we can use it directly */
4231 if (ckchs->multi)
Emeric Brun054563d2019-10-17 13:16:58 +02004232 errcode |= ckch_inst_new_load_multi_store(path, ckchs, bind_conf, ssl_conf, sni_filter, fcount, &ckch_inst, err);
William Lallemand614ca0d2019-10-07 13:52:11 +02004233 else
Emeric Brun054563d2019-10-17 13:16:58 +02004234 errcode |= ckch_inst_new_load_store(path, ckchs, bind_conf, ssl_conf, sni_filter, fcount, &ckch_inst, err);
William Lallemand614ca0d2019-10-07 13:52:11 +02004235
Emeric Brun054563d2019-10-17 13:16:58 +02004236 if (errcode & ERR_CODE)
4237 return errcode;
William Lallemand614ca0d2019-10-07 13:52:11 +02004238
4239 ssl_sock_load_cert_sni(ckch_inst, bind_conf);
4240
4241 /* succeed, add the instance to the ckch_store's list of instance */
4242 LIST_ADDQ(&ckchs->ckch_inst, &ckch_inst->by_ckchs);
Emeric Brun054563d2019-10-17 13:16:58 +02004243 return errcode;
William Lallemand614ca0d2019-10-07 13:52:11 +02004244}
4245
4246
Willy Tarreaubbc91962019-10-16 16:42:19 +02004247/* Returns a set of ERR_* flags possibly with an error in <err>. */
Willy Tarreau03209342016-12-22 17:08:28 +01004248int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004249{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01004250 struct dirent **de_list;
4251 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004252 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01004253 char *end;
4254 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02004255 int cfgerr = 0;
William Lallemande3af8fb2019-10-08 11:36:53 +02004256 struct ckch_store *ckchs;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004257#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05004258 int is_bundle;
4259 int j;
4260#endif
William Lallemande3af8fb2019-10-08 11:36:53 +02004261 if ((ckchs = ckchs_lookup(path))) {
William Lallemande3af8fb2019-10-08 11:36:53 +02004262 /* we found the ckchs in the tree, we can use it directly */
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004263 return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
William Lallemand6af03992019-07-23 15:00:54 +02004264 }
4265
yanbzhu08ce6ab2015-12-02 13:01:29 -05004266 if (stat(path, &buf) == 0) {
William Dauchy9a8ef7f2020-01-13 17:52:49 +01004267 if (S_ISDIR(buf.st_mode) == 0) {
William Lallemande3af8fb2019-10-08 11:36:53 +02004268 ckchs = ckchs_load_cert_file(path, 0, err);
4269 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004270 return ERR_ALERT | ERR_FATAL;
4271
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004272 return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
William Lallemand36b84632019-07-18 19:28:17 +02004273 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004274
yanbzhu08ce6ab2015-12-02 13:01:29 -05004275 /* strip trailing slashes, including first one */
4276 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
4277 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004278
yanbzhu08ce6ab2015-12-02 13:01:29 -05004279 n = scandir(path, &de_list, 0, alphasort);
4280 if (n < 0) {
4281 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
4282 err && *err ? *err : "", path, strerror(errno));
Willy Tarreaubbc91962019-10-16 16:42:19 +02004283 cfgerr |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004284 }
4285 else {
4286 for (i = 0; i < n; i++) {
4287 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02004288
yanbzhu08ce6ab2015-12-02 13:01:29 -05004289 end = strrchr(de->d_name, '.');
4290 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
4291 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01004292
yanbzhu08ce6ab2015-12-02 13:01:29 -05004293 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
4294 if (stat(fp, &buf) != 0) {
4295 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
4296 err && *err ? *err : "", fp, strerror(errno));
Willy Tarreaubbc91962019-10-16 16:42:19 +02004297 cfgerr |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004298 goto ignore_entry;
4299 }
4300 if (!S_ISREG(buf.st_mode))
4301 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05004302
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004303#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05004304 is_bundle = 0;
4305 /* Check if current entry in directory is part of a multi-cert bundle */
4306
4307 if (end) {
4308 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
4309 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
4310 is_bundle = 1;
4311 break;
4312 }
4313 }
4314
4315 if (is_bundle) {
yanbzhu63ea8462015-12-09 13:35:14 -05004316 int dp_len;
4317
4318 dp_len = end - de->d_name;
yanbzhu63ea8462015-12-09 13:35:14 -05004319
4320 /* increment i and free de until we get to a non-bundle cert
4321 * Note here that we look at de_list[i + 1] before freeing de
Willy Tarreau05800522019-10-29 10:48:50 +01004322 * this is important since ignore_entry will free de. This also
4323 * guarantees that de->d_name continues to hold the same prefix.
yanbzhu63ea8462015-12-09 13:35:14 -05004324 */
Willy Tarreau05800522019-10-29 10:48:50 +01004325 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, de->d_name, dp_len)) {
yanbzhu63ea8462015-12-09 13:35:14 -05004326 free(de);
4327 i++;
4328 de = de_list[i];
4329 }
4330
Willy Tarreau05800522019-10-29 10:48:50 +01004331 snprintf(fp, sizeof(fp), "%s/%.*s", path, dp_len, de->d_name);
William Lallemande3af8fb2019-10-08 11:36:53 +02004332 if ((ckchs = ckchs_lookup(fp)) == NULL)
4333 ckchs = ckchs_load_cert_file(fp, 1, err);
4334 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004335 cfgerr |= ERR_ALERT | ERR_FATAL;
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004336 else
4337 cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05004338 /* Successfully processed the bundle */
4339 goto ignore_entry;
4340 }
4341 }
4342
4343#endif
William Lallemande3af8fb2019-10-08 11:36:53 +02004344 if ((ckchs = ckchs_lookup(fp)) == NULL)
4345 ckchs = ckchs_load_cert_file(fp, 0, err);
4346 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004347 cfgerr |= ERR_ALERT | ERR_FATAL;
William Lallemand614ca0d2019-10-07 13:52:11 +02004348 else
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004349 cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
William Lallemand36b84632019-07-18 19:28:17 +02004350
yanbzhu08ce6ab2015-12-02 13:01:29 -05004351ignore_entry:
4352 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01004353 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05004354 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004355 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05004356 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004357 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05004358
William Lallemande3af8fb2019-10-08 11:36:53 +02004359 ckchs = ckchs_load_cert_file(path, 1, err);
4360 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004361 return ERR_ALERT | ERR_FATAL;
4362
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004363 cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05004364
Emeric Brunfc0421f2012-09-07 17:30:07 +02004365 return cfgerr;
4366}
4367
Thierry Fournier383085f2013-01-24 14:15:43 +01004368/* Make sure openssl opens /dev/urandom before the chroot. The work is only
4369 * done once. Zero is returned if the operation fails. No error is returned
4370 * if the random is said as not implemented, because we expect that openssl
4371 * will use another method once needed.
4372 */
4373static int ssl_initialize_random()
4374{
4375 unsigned char random;
4376 static int random_initialized = 0;
4377
4378 if (!random_initialized && RAND_bytes(&random, 1) != 0)
4379 random_initialized = 1;
4380
4381 return random_initialized;
4382}
4383
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004384/* release ssl bind conf */
4385void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004386{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004387 if (conf) {
Bernard Spil13c53f82018-02-15 13:34:58 +01004388#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004389 free(conf->npn_str);
4390 conf->npn_str = NULL;
4391#endif
4392#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4393 free(conf->alpn_str);
4394 conf->alpn_str = NULL;
4395#endif
4396 free(conf->ca_file);
4397 conf->ca_file = NULL;
4398 free(conf->crl_file);
4399 conf->crl_file = NULL;
4400 free(conf->ciphers);
4401 conf->ciphers = NULL;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004402#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004403 free(conf->ciphersuites);
4404 conf->ciphersuites = NULL;
4405#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004406 free(conf->curves);
4407 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004408 free(conf->ecdhe);
4409 conf->ecdhe = NULL;
4410 }
4411}
4412
Willy Tarreaubbc91962019-10-16 16:42:19 +02004413/* Returns a set of ERR_* flags possibly with an error in <err>. */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004414int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
4415{
4416 char thisline[CRT_LINESIZE];
4417 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004418 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05004419 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004420 int linenum = 0;
4421 int cfgerr = 0;
William Lallemande3af8fb2019-10-08 11:36:53 +02004422 struct ckch_store *ckchs;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004423
Willy Tarreauad1731d2013-04-02 17:35:58 +02004424 if ((f = fopen(file, "r")) == NULL) {
4425 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Willy Tarreaubbc91962019-10-16 16:42:19 +02004426 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004427 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004428
4429 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004430 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004431 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004432 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004433 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004434 char *crt_path;
4435 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004436
4437 linenum++;
4438 end = line + strlen(line);
4439 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
4440 /* Check if we reached the limit and the last char is not \n.
4441 * Watch out for the last line without the terminating '\n'!
4442 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02004443 memprintf(err, "line %d too long in file '%s', limit is %d characters",
4444 linenum, file, (int)sizeof(thisline)-1);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004445 cfgerr |= ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004446 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004447 }
4448
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004449 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02004450 newarg = 1;
4451 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004452 if (*line == '#' || *line == '\n' || *line == '\r') {
4453 /* end of string, end of loop */
4454 *line = 0;
4455 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004456 } else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02004457 newarg = 1;
4458 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004459 } else if (*line == '[') {
4460 if (ssl_b) {
4461 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004462 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004463 break;
4464 }
4465 if (!arg) {
4466 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004467 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004468 break;
4469 }
4470 ssl_b = arg;
4471 newarg = 1;
4472 *line = 0;
4473 } else if (*line == ']') {
4474 if (ssl_e) {
4475 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004476 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brun50bcecc2013-04-22 13:05:23 +02004477 break;
4478 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004479 if (!ssl_b) {
4480 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004481 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004482 break;
4483 }
4484 ssl_e = arg;
4485 newarg = 1;
4486 *line = 0;
4487 } else if (newarg) {
4488 if (arg == MAX_CRT_ARGS) {
4489 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004490 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004491 break;
4492 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02004493 newarg = 0;
4494 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004495 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02004496 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004497 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02004498 if (cfgerr)
4499 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004500 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004501
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004502 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004503 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004504 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004505
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004506 crt_path = args[0];
4507 if (*crt_path != '/' && global_ssl.crt_base) {
4508 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
4509 memprintf(err, "'%s' : path too long on line %d in file '%s'",
4510 crt_path, linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004511 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004512 break;
4513 }
4514 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
4515 crt_path = path;
4516 }
4517
4518 ssl_conf = calloc(1, sizeof *ssl_conf);
4519 cur_arg = ssl_b ? ssl_b : 1;
4520 while (cur_arg < ssl_e) {
4521 newarg = 0;
4522 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
4523 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
4524 newarg = 1;
Willy Tarreaubbc91962019-10-16 16:42:19 +02004525 cfgerr |= ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004526 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
4527 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
4528 args[cur_arg], linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004529 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004530 }
4531 cur_arg += 1 + ssl_bind_kws[i].skip;
4532 break;
4533 }
4534 }
4535 if (!cfgerr && !newarg) {
4536 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
4537 args[cur_arg], linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004538 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004539 break;
4540 }
4541 }
Willy Tarreaubbc91962019-10-16 16:42:19 +02004542
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004543 if (cfgerr) {
4544 ssl_sock_free_ssl_conf(ssl_conf);
4545 free(ssl_conf);
4546 ssl_conf = NULL;
4547 break;
4548 }
4549
William Lallemande3af8fb2019-10-08 11:36:53 +02004550 if ((ckchs = ckchs_lookup(crt_path)) == NULL) {
William Lallemandeed4bf22019-10-10 11:38:13 +02004551 if (stat(crt_path, &buf) == 0)
William Lallemande3af8fb2019-10-08 11:36:53 +02004552 ckchs = ckchs_load_cert_file(crt_path, 0, err);
Emmanuel Hocdet1503e052019-07-31 18:30:33 +02004553 else
William Lallemande3af8fb2019-10-08 11:36:53 +02004554 ckchs = ckchs_load_cert_file(crt_path, 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05004555 }
4556
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004557 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004558 cfgerr |= ERR_ALERT | ERR_FATAL;
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004559 else
4560 cfgerr |= ssl_sock_load_ckchs(crt_path, ckchs, bind_conf, ssl_conf, &args[cur_arg], arg - cur_arg - 1, err);
William Lallemandeed4bf22019-10-10 11:38:13 +02004561
Willy Tarreauad1731d2013-04-02 17:35:58 +02004562 if (cfgerr) {
4563 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004564 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004565 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004566 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004567 fclose(f);
4568 return cfgerr;
4569}
4570
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004571/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004572static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004573ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004574{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004575 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004576 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02004577 SSL_OP_ALL | /* all known workarounds for bugs */
4578 SSL_OP_NO_SSLv2 |
4579 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02004580 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02004581 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02004582 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02004583 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02004584 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004585 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02004586 SSL_MODE_ENABLE_PARTIAL_WRITE |
4587 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004588 SSL_MODE_RELEASE_BUFFERS |
4589 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004590 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004591 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004592 int flags = MC_SSL_O_ALL;
4593 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004594
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004595 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004596 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004597
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004598 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004599 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
4600 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4601 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004602 else
4603 flags = conf_ssl_methods->flags;
4604
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02004605 min = conf_ssl_methods->min;
4606 max = conf_ssl_methods->max;
4607 /* start with TLSv10 to remove SSLv3 per default */
4608 if (!min && (!max || max >= CONF_TLSV10))
4609 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004610 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02004611 if (min)
4612 flags |= (methodVersions[min].flag - 1);
4613 if (max)
4614 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004615 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004616 min = max = CONF_TLSV_NONE;
4617 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004618 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004619 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004620 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004621 if (min) {
4622 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004623 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
4624 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4625 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
4626 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004627 hole = 0;
4628 }
4629 max = i;
4630 }
4631 else {
4632 min = max = i;
4633 }
4634 }
4635 else {
4636 if (min)
4637 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004638 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004639 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004640 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4641 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004642 cfgerr += 1;
4643 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004644 /* save real min/max in bind_conf */
4645 conf_ssl_methods->min = min;
4646 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004647
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004648#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004649 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08004650 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004651 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004652 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004653 else
4654 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4655 if (flags & methodVersions[i].flag)
4656 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004657#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004658 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004659 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4660 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02004661#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004662
4663 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
4664 options |= SSL_OP_NO_TICKET;
4665 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
4666 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
Dirkjan Bussink526894f2019-01-21 09:35:03 -08004667
4668#ifdef SSL_OP_NO_RENEGOTIATION
4669 options |= SSL_OP_NO_RENEGOTIATION;
4670#endif
4671
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004672 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004673
Willy Tarreau5db847a2019-05-09 14:13:35 +02004674#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004675 if (global_ssl.async)
4676 mode |= SSL_MODE_ASYNC;
4677#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004678 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004679 if (global_ssl.life_time)
4680 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004681
4682#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
4683#ifdef OPENSSL_IS_BORINGSSL
4684 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
4685 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Willy Tarreau5db847a2019-05-09 14:13:35 +02004686#elif (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard545989f2019-12-17 15:39:54 +01004687 if (bind_conf->ssl_conf.early_data)
Olivier Houchard51088ce2019-01-02 18:46:41 +01004688 SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02004689 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
4690 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004691#else
4692 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004693#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02004694 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004695#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004696 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004697}
4698
William Lallemand4f45bb92017-10-30 20:08:51 +01004699
4700static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
4701{
4702 if (first == block) {
4703 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4704 if (first->len > 0)
4705 sh_ssl_sess_tree_delete(sh_ssl_sess);
4706 }
4707}
4708
4709/* return first block from sh_ssl_sess */
4710static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
4711{
4712 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
4713
4714}
4715
4716/* store a session into the cache
4717 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
4718 * data: asn1 encoded session
4719 * data_len: asn1 encoded session length
4720 * Returns 1 id session was stored (else 0)
4721 */
4722static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
4723{
4724 struct shared_block *first;
4725 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
4726
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004727 first = shctx_row_reserve_hot(ssl_shctx, NULL, data_len + sizeof(struct sh_ssl_sess_hdr));
William Lallemand4f45bb92017-10-30 20:08:51 +01004728 if (!first) {
4729 /* Could not retrieve enough free blocks to store that session */
4730 return 0;
4731 }
4732
4733 /* STORE the key in the first elem */
4734 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4735 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
4736 first->len = sizeof(struct sh_ssl_sess_hdr);
4737
4738 /* it returns the already existing node
4739 or current node if none, never returns null */
4740 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
4741 if (oldsh_ssl_sess != sh_ssl_sess) {
4742 /* NOTE: Row couldn't be in use because we lock read & write function */
4743 /* release the reserved row */
4744 shctx_row_dec_hot(ssl_shctx, first);
4745 /* replace the previous session already in the tree */
4746 sh_ssl_sess = oldsh_ssl_sess;
4747 /* ignore the previous session data, only use the header */
4748 first = sh_ssl_sess_first_block(sh_ssl_sess);
4749 shctx_row_inc_hot(ssl_shctx, first);
4750 first->len = sizeof(struct sh_ssl_sess_hdr);
4751 }
4752
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004753 if (shctx_row_data_append(ssl_shctx, first, NULL, data, data_len) < 0) {
William Lallemand99b90af2018-01-03 19:15:51 +01004754 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004755 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01004756 }
4757
4758 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004759
4760 return 1;
4761}
William Lallemanded0b5ad2017-10-30 19:36:36 +01004762
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004763/* SSL callback used when a new session is created while connecting to a server */
4764static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
4765{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004766 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004767 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004768
Willy Tarreau07d94e42018-09-20 10:57:52 +02004769 s = __objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004770
Olivier Houcharde6060c52017-11-16 17:42:52 +01004771 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
4772 int len;
4773 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004774
Olivier Houcharde6060c52017-11-16 17:42:52 +01004775 len = i2d_SSL_SESSION(sess, NULL);
4776 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
4777 ptr = s->ssl_ctx.reused_sess[tid].ptr;
4778 } else {
4779 free(s->ssl_ctx.reused_sess[tid].ptr);
4780 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
4781 s->ssl_ctx.reused_sess[tid].allocated_size = len;
4782 }
4783 if (s->ssl_ctx.reused_sess[tid].ptr) {
4784 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
4785 &ptr);
4786 }
4787 } else {
4788 free(s->ssl_ctx.reused_sess[tid].ptr);
4789 s->ssl_ctx.reused_sess[tid].ptr = NULL;
4790 }
4791
4792 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004793}
4794
Olivier Houcharde6060c52017-11-16 17:42:52 +01004795
William Lallemanded0b5ad2017-10-30 19:36:36 +01004796/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01004797int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004798{
4799 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
4800 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
4801 unsigned char *p;
4802 int data_len;
Emeric Bruneb469652019-10-08 18:27:37 +02004803 unsigned int sid_length;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004804 const unsigned char *sid_data;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004805
4806 /* Session id is already stored in to key and session id is known
4807 * so we dont store it to keep size.
Emeric Bruneb469652019-10-08 18:27:37 +02004808 * note: SSL_SESSION_set1_id is using
4809 * a memcpy so we need to use a different pointer
4810 * than sid_data or sid_ctx_data to avoid valgrind
4811 * complaining.
William Lallemanded0b5ad2017-10-30 19:36:36 +01004812 */
4813
4814 sid_data = SSL_SESSION_get_id(sess, &sid_length);
Emeric Bruneb469652019-10-08 18:27:37 +02004815
4816 /* copy value in an other buffer */
4817 memcpy(encid, sid_data, sid_length);
4818
4819 /* pad with 0 */
4820 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
4821 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
4822
4823 /* force length to zero to avoid ASN1 encoding */
4824 SSL_SESSION_set1_id(sess, encid, 0);
4825
4826 /* force length to zero to avoid ASN1 encoding */
4827 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, 0);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004828
4829 /* check if buffer is large enough for the ASN1 encoded session */
4830 data_len = i2d_SSL_SESSION(sess, NULL);
4831 if (data_len > SHSESS_MAX_DATA_LEN)
4832 goto err;
4833
4834 p = encsess;
4835
4836 /* process ASN1 session encoding before the lock */
4837 i2d_SSL_SESSION(sess, &p);
4838
William Lallemanded0b5ad2017-10-30 19:36:36 +01004839
William Lallemanda3c77cf2017-10-30 23:44:40 +01004840 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004841 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004842 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01004843 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004844err:
4845 /* reset original length values */
Emeric Bruneb469652019-10-08 18:27:37 +02004846 SSL_SESSION_set1_id(sess, encid, sid_length);
4847 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004848
4849 return 0; /* do not increment session reference count */
4850}
4851
4852/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004853SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004854{
William Lallemand4f45bb92017-10-30 20:08:51 +01004855 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004856 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
4857 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01004858 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01004859 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004860
4861 global.shctx_lookups++;
4862
4863 /* allow the session to be freed automatically by openssl */
4864 *do_copy = 0;
4865
4866 /* tree key is zeros padded sessionid */
4867 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4868 memcpy(tmpkey, key, key_len);
4869 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
4870 key = tmpkey;
4871 }
4872
4873 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004874 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004875
4876 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004877 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
4878 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004879 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004880 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004881 global.shctx_misses++;
4882 return NULL;
4883 }
4884
William Lallemand4f45bb92017-10-30 20:08:51 +01004885 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
4886 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004887
William Lallemand4f45bb92017-10-30 20:08:51 +01004888 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004889
William Lallemanda3c77cf2017-10-30 23:44:40 +01004890 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004891
4892 /* decode ASN1 session */
4893 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004894 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004895 /* Reset session id and session id contenxt */
4896 if (sess) {
4897 SSL_SESSION_set1_id(sess, key, key_len);
4898 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4899 }
4900
4901 return sess;
4902}
4903
William Lallemand4f45bb92017-10-30 20:08:51 +01004904
William Lallemanded0b5ad2017-10-30 19:36:36 +01004905/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004906void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004907{
William Lallemand4f45bb92017-10-30 20:08:51 +01004908 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004909 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4910 unsigned int sid_length;
4911 const unsigned char *sid_data;
4912 (void)ctx;
4913
4914 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4915 /* tree key is zeros padded sessionid */
4916 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4917 memcpy(tmpkey, sid_data, sid_length);
4918 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4919 sid_data = tmpkey;
4920 }
4921
William Lallemanda3c77cf2017-10-30 23:44:40 +01004922 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004923
4924 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004925 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4926 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004927 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004928 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004929 }
4930
4931 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004932 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004933}
4934
4935/* Set session cache mode to server and disable openssl internal cache.
4936 * Set shared cache callbacks on an ssl context.
4937 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004938void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004939{
4940 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4941
4942 if (!ssl_shctx) {
4943 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4944 return;
4945 }
4946
4947 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4948 SSL_SESS_CACHE_NO_INTERNAL |
4949 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4950
4951 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004952 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4953 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4954 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004955}
4956
William Lallemand8b453912019-11-21 15:48:10 +01004957/*
4958 * This function applies the SSL configuration on a SSL_CTX
4959 * It returns an error code and fills the <err> buffer
4960 */
4961int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx, char **err)
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004962{
4963 struct proxy *curproxy = bind_conf->frontend;
4964 int cfgerr = 0;
4965 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004966 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004967 const char *conf_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004968#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004969 const char *conf_ciphersuites;
4970#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004971 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004972
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004973 if (ssl_conf) {
4974 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4975 int i, min, max;
4976 int flags = MC_SSL_O_ALL;
4977
4978 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004979 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4980 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004981 if (min)
4982 flags |= (methodVersions[min].flag - 1);
4983 if (max)
4984 flags |= ~((methodVersions[max].flag << 1) - 1);
4985 min = max = CONF_TLSV_NONE;
4986 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4987 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4988 if (min)
4989 max = i;
4990 else
4991 min = max = i;
4992 }
4993 /* save real min/max */
4994 conf_ssl_methods->min = min;
4995 conf_ssl_methods->max = max;
4996 if (!min) {
Tim Duesterhus93128532019-11-23 23:45:10 +01004997 memprintf(err, "%sProxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4998 err && *err ? *err : "", bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01004999 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02005000 }
5001 }
5002
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005003 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01005004 case SSL_SOCK_VERIFY_NONE:
5005 verify = SSL_VERIFY_NONE;
5006 break;
5007 case SSL_SOCK_VERIFY_OPTIONAL:
5008 verify = SSL_VERIFY_PEER;
5009 break;
5010 case SSL_SOCK_VERIFY_REQUIRED:
5011 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
5012 break;
5013 }
5014 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
5015 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005016 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
5017 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
5018 if (ca_file) {
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +02005019 /* set CAfile to verify */
5020 if (!ssl_set_verify_locations_file(ctx, ca_file)) {
5021 memprintf(err, "%sProxy '%s': unable to set CA file '%s' for bind '%s' at [%s:%d].\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01005022 err && *err ? *err : "", curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005023 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02005024 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02005025 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
5026 /* set CA names for client cert request, function returns void */
Emmanuel Hocdet129d3282019-10-24 18:08:51 +02005027 SSL_CTX_set_client_CA_list(ctx, SSL_dup_CA_list(ssl_get_client_ca_file(ca_file)));
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02005028 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02005029 }
Emeric Brun850efd52014-01-29 12:24:34 +01005030 else {
Tim Duesterhus93128532019-11-23 23:45:10 +01005031 memprintf(err, "%sProxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
5032 err && *err ? *err : "", curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005033 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brun850efd52014-01-29 12:24:34 +01005034 }
Emeric Brun051cdab2012-10-02 19:25:50 +02005035#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005036 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02005037 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
5038
Emmanuel Hocdetb270e812019-11-21 19:09:31 +01005039 if (!ssl_set_cert_crl_file(store, crl_file)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005040 memprintf(err, "%sProxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
5041 err && *err ? *err : "", curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005042 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02005043 }
Emeric Brun561e5742012-10-02 15:20:55 +02005044 else {
5045 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
5046 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02005047 }
Emeric Brun051cdab2012-10-02 19:25:50 +02005048#endif
Emeric Brun644cde02012-12-14 11:21:13 +01005049 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02005050 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01005051#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02005052 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01005053 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005054 memprintf(err, "%sProxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
5055 err && *err ? *err : "", curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005056 cfgerr |= ERR_ALERT | ERR_FATAL;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01005057 }
5058 }
5059#endif
5060
William Lallemand4f45bb92017-10-30 20:08:51 +01005061 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005062 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
5063 if (conf_ciphers &&
5064 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005065 memprintf(err, "%sProxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
5066 err && *err ? *err : "", curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005067 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02005068 }
5069
Emmanuel Hocdet839af572019-05-14 16:27:35 +02005070#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005071 conf_ciphersuites = (ssl_conf && ssl_conf->ciphersuites) ? ssl_conf->ciphersuites : bind_conf->ssl_conf.ciphersuites;
5072 if (conf_ciphersuites &&
5073 !SSL_CTX_set_ciphersuites(ctx, conf_ciphersuites)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005074 memprintf(err, "%sProxy '%s': unable to set TLS 1.3 cipher suites to '%s' for bind '%s' at [%s:%d].\n",
5075 err && *err ? *err : "", curproxy->id, conf_ciphersuites, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005076 cfgerr |= ERR_ALERT | ERR_FATAL;
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005077 }
5078#endif
5079
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01005080#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02005081 /* If tune.ssl.default-dh-param has not been set,
5082 neither has ssl-default-dh-file and no static DH
5083 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01005084 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02005085 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02005086 (ssl_dh_ptr_index == -1 ||
5087 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01005088 STACK_OF(SSL_CIPHER) * ciphers = NULL;
5089 const SSL_CIPHER * cipher = NULL;
5090 char cipher_description[128];
5091 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
5092 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
5093 which is not ephemeral DH. */
5094 const char dhe_description[] = " Kx=DH ";
5095 const char dhe_export_description[] = " Kx=DH(";
5096 int idx = 0;
5097 int dhe_found = 0;
5098 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02005099
Remi Gacogne23d5d372014-10-10 17:04:26 +02005100 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02005101
Remi Gacogne23d5d372014-10-10 17:04:26 +02005102 if (ssl) {
5103 ciphers = SSL_get_ciphers(ssl);
5104
5105 if (ciphers) {
5106 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
5107 cipher = sk_SSL_CIPHER_value(ciphers, idx);
5108 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
5109 if (strstr(cipher_description, dhe_description) != NULL ||
5110 strstr(cipher_description, dhe_export_description) != NULL) {
5111 dhe_found = 1;
5112 break;
5113 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02005114 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02005115 }
5116 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02005117 SSL_free(ssl);
5118 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02005119 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02005120
Lukas Tribus90132722014-08-18 00:56:33 +02005121 if (dhe_found) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005122 memprintf(err, "%sSetting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n",
5123 err && *err ? *err : "");
William Lallemand8b453912019-11-21 15:48:10 +01005124 cfgerr |= ERR_WARN;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02005125 }
5126
Willy Tarreauef934602016-12-22 23:12:01 +01005127 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02005128 }
Remi Gacogne8de54152014-07-15 11:36:40 +02005129
Willy Tarreauef934602016-12-22 23:12:01 +01005130 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02005131 if (local_dh_1024 == NULL) {
5132 local_dh_1024 = ssl_get_dh_1024();
5133 }
Willy Tarreauef934602016-12-22 23:12:01 +01005134 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02005135 if (local_dh_2048 == NULL) {
5136 local_dh_2048 = ssl_get_dh_2048();
5137 }
Willy Tarreauef934602016-12-22 23:12:01 +01005138 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02005139 if (local_dh_4096 == NULL) {
5140 local_dh_4096 = ssl_get_dh_4096();
5141 }
Remi Gacogne8de54152014-07-15 11:36:40 +02005142 }
5143 }
5144 }
5145#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02005146
Emeric Brunfc0421f2012-09-07 17:30:07 +02005147 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005148#if HA_OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02005149 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02005150#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02005151
Bernard Spil13c53f82018-02-15 13:34:58 +01005152#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005153 ssl_conf_cur = NULL;
5154 if (ssl_conf && ssl_conf->npn_str)
5155 ssl_conf_cur = ssl_conf;
5156 else if (bind_conf->ssl_conf.npn_str)
5157 ssl_conf_cur = &bind_conf->ssl_conf;
5158 if (ssl_conf_cur)
5159 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02005160#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01005161#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005162 ssl_conf_cur = NULL;
5163 if (ssl_conf && ssl_conf->alpn_str)
5164 ssl_conf_cur = ssl_conf;
5165 else if (bind_conf->ssl_conf.alpn_str)
5166 ssl_conf_cur = &bind_conf->ssl_conf;
5167 if (ssl_conf_cur)
5168 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02005169#endif
Lukas Tribusd14b49c2019-11-24 18:20:40 +01005170#if ((HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL) || defined(LIBRESSL_VERSION_NUMBER))
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01005171 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
5172 if (conf_curves) {
5173 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005174 memprintf(err, "%sProxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
5175 err && *err ? *err : "", curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005176 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01005177 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01005178 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01005179 }
5180#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02005181#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01005182 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02005183 int i;
5184 EC_KEY *ecdh;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005185#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005186 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02005187 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
5188 NULL);
5189
5190 if (ecdhe == NULL) {
Eric Salama3c8bde82019-11-20 11:33:40 +01005191 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005192 return cfgerr;
5193 }
5194#else
5195 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
5196 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
5197 ECDHE_DEFAULT_CURVE);
5198#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02005199
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005200 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02005201 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005202 memprintf(err, "%sProxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
5203 err && *err ? *err : "", curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005204 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brun2b58d042012-09-20 17:10:03 +02005205 }
5206 else {
5207 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
5208 EC_KEY_free(ecdh);
5209 }
5210 }
5211#endif
5212
Emeric Brunfc0421f2012-09-07 17:30:07 +02005213 return cfgerr;
5214}
5215
Evan Broderbe554312013-06-27 00:05:25 -07005216static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
5217{
5218 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
5219 size_t prefixlen, suffixlen;
5220
5221 /* Trivial case */
5222 if (strcmp(pattern, hostname) == 0)
5223 return 1;
5224
Evan Broderbe554312013-06-27 00:05:25 -07005225 /* The rest of this logic is based on RFC 6125, section 6.4.3
5226 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
5227
Emeric Bruna848dae2013-10-08 11:27:28 +02005228 pattern_wildcard = NULL;
5229 pattern_left_label_end = pattern;
5230 while (*pattern_left_label_end != '.') {
5231 switch (*pattern_left_label_end) {
5232 case 0:
5233 /* End of label not found */
5234 return 0;
5235 case '*':
5236 /* If there is more than one wildcards */
5237 if (pattern_wildcard)
5238 return 0;
5239 pattern_wildcard = pattern_left_label_end;
5240 break;
5241 }
5242 pattern_left_label_end++;
5243 }
5244
5245 /* If it's not trivial and there is no wildcard, it can't
5246 * match */
5247 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07005248 return 0;
5249
5250 /* Make sure all labels match except the leftmost */
5251 hostname_left_label_end = strchr(hostname, '.');
5252 if (!hostname_left_label_end
5253 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
5254 return 0;
5255
5256 /* Make sure the leftmost label of the hostname is long enough
5257 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02005258 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07005259 return 0;
5260
5261 /* Finally compare the string on either side of the
5262 * wildcard */
5263 prefixlen = pattern_wildcard - pattern;
5264 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02005265 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
5266 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07005267 return 0;
5268
5269 return 1;
5270}
5271
5272static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
5273{
5274 SSL *ssl;
5275 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005276 struct ssl_sock_ctx *ssl_ctx;
Willy Tarreau2ab88672017-07-05 18:23:03 +02005277 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02005278 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07005279
5280 int depth;
5281 X509 *cert;
5282 STACK_OF(GENERAL_NAME) *alt_names;
5283 int i;
5284 X509_NAME *cert_subject;
5285 char *str;
5286
5287 if (ok == 0)
5288 return ok;
5289
5290 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02005291 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005292 ssl_ctx = conn->xprt_ctx;
Evan Broderbe554312013-06-27 00:05:25 -07005293
Willy Tarreauad92a9a2017-07-28 11:38:41 +02005294 /* We're checking if the provided hostnames match the desired one. The
5295 * desired hostname comes from the SNI we presented if any, or if not
5296 * provided then it may have been explicitly stated using a "verifyhost"
5297 * directive. If neither is set, we don't care about the name so the
5298 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02005299 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005300 servername = SSL_get_servername(ssl_ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02005301 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02005302 if (!servername) {
Willy Tarreau07d94e42018-09-20 10:57:52 +02005303 servername = __objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02005304 if (!servername)
5305 return ok;
5306 }
Evan Broderbe554312013-06-27 00:05:25 -07005307
5308 /* We only need to verify the CN on the actual server cert,
5309 * not the indirect CAs */
5310 depth = X509_STORE_CTX_get_error_depth(ctx);
5311 if (depth != 0)
5312 return ok;
5313
5314 /* At this point, the cert is *not* OK unless we can find a
5315 * hostname match */
5316 ok = 0;
5317
5318 cert = X509_STORE_CTX_get_current_cert(ctx);
5319 /* It seems like this might happen if verify peer isn't set */
5320 if (!cert)
5321 return ok;
5322
5323 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
5324 if (alt_names) {
5325 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
5326 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
5327 if (name->type == GEN_DNS) {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005328#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Emeric Bruna33410c2013-09-17 15:47:48 +02005329 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
5330#else
Evan Broderbe554312013-06-27 00:05:25 -07005331 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02005332#endif
Evan Broderbe554312013-06-27 00:05:25 -07005333 ok = ssl_sock_srv_hostcheck(str, servername);
5334 OPENSSL_free(str);
5335 }
5336 }
5337 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02005338 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07005339 }
5340
5341 cert_subject = X509_get_subject_name(cert);
5342 i = -1;
5343 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
5344 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005345 ASN1_STRING *value;
5346 value = X509_NAME_ENTRY_get_data(entry);
5347 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07005348 ok = ssl_sock_srv_hostcheck(str, servername);
5349 OPENSSL_free(str);
5350 }
5351 }
5352
Willy Tarreau71d058c2017-07-26 20:09:56 +02005353 /* report the mismatch and indicate if SNI was used or not */
5354 if (!ok && !conn->err_code)
5355 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07005356 return ok;
5357}
5358
Emeric Brun94324a42012-10-11 14:00:19 +02005359/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01005360int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02005361{
Willy Tarreau03209342016-12-22 17:08:28 +01005362 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02005363 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02005364 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02005365 SSL_OP_ALL | /* all known workarounds for bugs */
5366 SSL_OP_NO_SSLv2 |
5367 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02005368 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02005369 SSL_MODE_ENABLE_PARTIAL_WRITE |
5370 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01005371 SSL_MODE_RELEASE_BUFFERS |
5372 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01005373 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005374 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005375 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005376 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005377 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02005378
Thierry Fournier383085f2013-01-24 14:15:43 +01005379 /* Make sure openssl opens /dev/urandom before the chroot */
5380 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005381 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01005382 cfgerr++;
5383 }
5384
Willy Tarreaufce03112015-01-15 21:32:40 +01005385 /* Automatic memory computations need to know we use SSL there */
5386 global.ssl_used_backend = 1;
5387
5388 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02005389 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005390 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005391 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
5392 curproxy->id, srv->id,
5393 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005394 cfgerr++;
5395 return cfgerr;
5396 }
5397 }
Emeric Brun94324a42012-10-11 14:00:19 +02005398 if (srv->use_ssl)
5399 srv->xprt = &ssl_sock;
5400 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01005401 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02005402
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005403 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005404 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005405 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
5406 proxy_type_str(curproxy), curproxy->id,
5407 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02005408 cfgerr++;
5409 return cfgerr;
5410 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005411
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005412 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01005413 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
5414 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
5415 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005416 else
5417 flags = conf_ssl_methods->flags;
5418
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005419 /* Real min and max should be determinate with configuration and openssl's capabilities */
5420 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005421 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005422 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005423 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005424
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02005425 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005426 min = max = CONF_TLSV_NONE;
5427 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005428 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005429 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005430 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005431 if (min) {
5432 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005433 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
5434 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
5435 proxy_type_str(curproxy), curproxy->id, srv->id,
5436 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005437 hole = 0;
5438 }
5439 max = i;
5440 }
5441 else {
5442 min = max = i;
5443 }
5444 }
5445 else {
5446 if (min)
5447 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005448 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005449 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005450 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
5451 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005452 cfgerr += 1;
5453 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005454
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005455#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005456 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08005457 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005458 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02005459 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005460 else
5461 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
5462 if (flags & methodVersions[i].flag)
5463 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005464#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005465 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02005466 methodVersions[min].ctx_set_version(ctx, SET_MIN);
5467 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005468#endif
5469
5470 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
5471 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005472 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005473
Willy Tarreau5db847a2019-05-09 14:13:35 +02005474#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005475 if (global_ssl.async)
5476 mode |= SSL_MODE_ASYNC;
5477#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005478 SSL_CTX_set_mode(ctx, mode);
5479 srv->ssl_ctx.ctx = ctx;
5480
Emeric Bruna7aa3092012-10-26 12:58:00 +02005481 if (srv->ssl_ctx.client_crt) {
5482 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005483 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
5484 proxy_type_str(curproxy), curproxy->id,
5485 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02005486 cfgerr++;
5487 }
5488 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005489 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
5490 proxy_type_str(curproxy), curproxy->id,
5491 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02005492 cfgerr++;
5493 }
5494 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005495 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
5496 proxy_type_str(curproxy), curproxy->id,
5497 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02005498 cfgerr++;
5499 }
5500 }
Emeric Brun94324a42012-10-11 14:00:19 +02005501
Emeric Brun850efd52014-01-29 12:24:34 +01005502 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
5503 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01005504 switch (srv->ssl_ctx.verify) {
5505 case SSL_SOCK_VERIFY_NONE:
5506 verify = SSL_VERIFY_NONE;
5507 break;
5508 case SSL_SOCK_VERIFY_REQUIRED:
5509 verify = SSL_VERIFY_PEER;
5510 break;
5511 }
Evan Broderbe554312013-06-27 00:05:25 -07005512 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01005513 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02005514 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01005515 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02005516 if (srv->ssl_ctx.ca_file) {
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +02005517 /* set CAfile to verify */
5518 if (!ssl_set_verify_locations_file(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file)) {
5519 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to set CA file '%s'.\n",
Christopher Faulet767a84b2017-11-24 16:50:31 +01005520 curproxy->id, srv->id,
5521 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02005522 cfgerr++;
5523 }
5524 }
Emeric Brun850efd52014-01-29 12:24:34 +01005525 else {
5526 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01005527 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
5528 curproxy->id, srv->id,
5529 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01005530 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01005531 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
5532 curproxy->id, srv->id,
5533 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01005534 cfgerr++;
5535 }
Emeric Brunef42d922012-10-11 16:11:36 +02005536#ifdef X509_V_FLAG_CRL_CHECK
5537 if (srv->ssl_ctx.crl_file) {
5538 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
5539
Emmanuel Hocdetb270e812019-11-21 19:09:31 +01005540 if (!ssl_set_cert_crl_file(store, srv->ssl_ctx.crl_file)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005541 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
5542 curproxy->id, srv->id,
5543 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02005544 cfgerr++;
5545 }
5546 else {
5547 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
5548 }
5549 }
5550#endif
5551 }
5552
Olivier Houchardbd84ac82017-11-03 13:43:35 +01005553 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
5554 SSL_SESS_CACHE_NO_INTERNAL_STORE);
5555 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02005556 if (srv->ssl_ctx.ciphers &&
5557 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005558 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
5559 curproxy->id, srv->id,
5560 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02005561 cfgerr++;
5562 }
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005563
Emmanuel Hocdet839af572019-05-14 16:27:35 +02005564#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005565 if (srv->ssl_ctx.ciphersuites &&
Pierre Cheynierbc34cd12019-03-21 16:15:47 +00005566 !SSL_CTX_set_ciphersuites(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphersuites)) {
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005567 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set TLS 1.3 cipher suites to '%s'.\n",
5568 curproxy->id, srv->id,
5569 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphersuites);
5570 cfgerr++;
5571 }
5572#endif
Olivier Houchardc7566002018-11-20 23:33:50 +01005573#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
5574 if (srv->ssl_ctx.npn_str)
5575 SSL_CTX_set_next_proto_select_cb(ctx, ssl_sock_srv_select_protos, srv);
5576#endif
5577#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
5578 if (srv->ssl_ctx.alpn_str)
5579 SSL_CTX_set_alpn_protos(ctx, (unsigned char *)srv->ssl_ctx.alpn_str, srv->ssl_ctx.alpn_len);
5580#endif
5581
Emeric Brun94324a42012-10-11 14:00:19 +02005582
5583 return cfgerr;
5584}
5585
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005586/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02005587 * be NULL, in which case nothing is done. Returns the number of errors
5588 * encountered.
5589 */
Willy Tarreau03209342016-12-22 17:08:28 +01005590int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02005591{
5592 struct ebmb_node *node;
5593 struct sni_ctx *sni;
5594 int err = 0;
William Lallemand8b453912019-11-21 15:48:10 +01005595 int errcode = 0;
5596 char *errmsg = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02005597
Willy Tarreaufce03112015-01-15 21:32:40 +01005598 /* Automatic memory computations need to know we use SSL there */
5599 global.ssl_used_frontend = 1;
5600
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005601 /* Make sure openssl opens /dev/urandom before the chroot */
5602 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005603 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005604 err++;
5605 }
5606 /* Create initial_ctx used to start the ssl connection before do switchctx */
5607 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005608 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005609 /* It should not be necessary to call this function, but it's
5610 necessary first to check and move all initialisation related
5611 to initial_ctx in ssl_sock_initial_ctx. */
William Lallemand8b453912019-11-21 15:48:10 +01005612 errcode |= ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx, &errmsg);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005613 }
Emeric Brun0bed9942014-10-30 19:25:24 +01005614 if (bind_conf->default_ctx)
William Lallemand8b453912019-11-21 15:48:10 +01005615 errcode |= ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx, &errmsg);
Emeric Brun0bed9942014-10-30 19:25:24 +01005616
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005617 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005618 while (node) {
5619 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01005620 if (!sni->order && sni->ctx != bind_conf->default_ctx)
5621 /* only initialize the CTX on its first occurrence and
5622 if it is not the default_ctx */
William Lallemand8b453912019-11-21 15:48:10 +01005623 errcode |= ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx, &errmsg);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005624 node = ebmb_next(node);
5625 }
5626
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005627 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005628 while (node) {
5629 sni = ebmb_entry(node, struct sni_ctx, name);
William Lallemand8b453912019-11-21 15:48:10 +01005630 if (!sni->order && sni->ctx != bind_conf->default_ctx) {
Emeric Brun0bed9942014-10-30 19:25:24 +01005631 /* only initialize the CTX on its first occurrence and
5632 if it is not the default_ctx */
William Lallemand8b453912019-11-21 15:48:10 +01005633 errcode |= ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx, &errmsg);
5634 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005635 node = ebmb_next(node);
5636 }
William Lallemand8b453912019-11-21 15:48:10 +01005637
5638 if (errcode & ERR_WARN) {
Tim Duesterhusc0e820c2019-11-23 23:52:30 +01005639 ha_warning("%s", errmsg);
William Lallemand8b453912019-11-21 15:48:10 +01005640 } else if (errcode & ERR_CODE) {
Tim Duesterhusc0e820c2019-11-23 23:52:30 +01005641 ha_alert("%s", errmsg);
William Lallemand8b453912019-11-21 15:48:10 +01005642 err++;
5643 }
5644
5645 free(errmsg);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005646 return err;
5647}
5648
Willy Tarreau55d37912016-12-21 23:38:39 +01005649/* Prepares all the contexts for a bind_conf and allocates the shared SSL
5650 * context if needed. Returns < 0 on error, 0 on success. The warnings and
5651 * alerts are directly emitted since the rest of the stack does it below.
5652 */
5653int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
5654{
5655 struct proxy *px = bind_conf->frontend;
5656 int alloc_ctx;
5657 int err;
5658
5659 if (!bind_conf->is_ssl) {
5660 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005661 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
5662 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01005663 }
5664 return 0;
5665 }
5666 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005667 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005668 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
5669 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005670 }
5671 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005672 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
5673 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005674 return -1;
5675 }
Willy Tarreau55d37912016-12-21 23:38:39 +01005676 }
William Lallemandc61c0b32017-12-04 18:46:39 +01005677 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01005678 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
Frédéric Lécailleb7838af2018-10-22 16:21:39 +02005679 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE, -1,
William Lallemandc3cd35f2017-11-28 11:04:43 +01005680 sizeof(*sh_ssl_sess_tree),
5681 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
Frédéric Lécaille4c8aa112018-10-25 20:22:46 +02005682 if (alloc_ctx <= 0) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01005683 if (alloc_ctx == SHCTX_E_INIT_LOCK)
5684 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
5685 else
5686 ha_alert("Unable to allocate SSL session cache.\n");
5687 return -1;
5688 }
5689 /* free block callback */
5690 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
5691 /* init the root tree within the extra space */
5692 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
5693 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01005694 }
Willy Tarreau55d37912016-12-21 23:38:39 +01005695 err = 0;
5696 /* initialize all certificate contexts */
5697 err += ssl_sock_prepare_all_ctx(bind_conf);
5698
5699 /* initialize CA variables if the certificates generation is enabled */
5700 err += ssl_sock_load_ca(bind_conf);
5701
5702 return -err;
5703}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005704
5705/* release ssl context allocated for servers. */
5706void ssl_sock_free_srv_ctx(struct server *srv)
5707{
Olivier Houchardc7566002018-11-20 23:33:50 +01005708#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
5709 if (srv->ssl_ctx.alpn_str)
5710 free(srv->ssl_ctx.alpn_str);
5711#endif
Lukas Tribusda95fd92018-11-25 13:21:27 +01005712#ifdef OPENSSL_NPN_NEGOTIATED
Olivier Houchardc7566002018-11-20 23:33:50 +01005713 if (srv->ssl_ctx.npn_str)
5714 free(srv->ssl_ctx.npn_str);
Lukas Tribus7706b852018-11-26 22:57:17 +01005715#endif
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005716 if (srv->ssl_ctx.ctx)
5717 SSL_CTX_free(srv->ssl_ctx.ctx);
5718}
5719
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005720/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02005721 * be NULL, in which case nothing is done. The default_ctx is nullified too.
5722 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005723void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02005724{
5725 struct ebmb_node *node, *back;
5726 struct sni_ctx *sni;
5727
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005728 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005729 while (node) {
5730 sni = ebmb_entry(node, struct sni_ctx, name);
5731 back = ebmb_next(node);
5732 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005733 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005734 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005735 ssl_sock_free_ssl_conf(sni->conf);
5736 free(sni->conf);
5737 sni->conf = NULL;
5738 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005739 free(sni);
5740 node = back;
5741 }
5742
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005743 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005744 while (node) {
5745 sni = ebmb_entry(node, struct sni_ctx, name);
5746 back = ebmb_next(node);
5747 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005748 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005749 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005750 ssl_sock_free_ssl_conf(sni->conf);
5751 free(sni->conf);
5752 sni->conf = NULL;
5753 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005754 free(sni);
5755 node = back;
5756 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005757 SSL_CTX_free(bind_conf->initial_ctx);
5758 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005759 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005760 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02005761}
5762
Willy Tarreau795cdab2016-12-22 17:30:54 +01005763/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
5764void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
5765{
5766 ssl_sock_free_ca(bind_conf);
5767 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005768 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01005769 free(bind_conf->ca_sign_file);
5770 free(bind_conf->ca_sign_pass);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02005771 if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) {
Willy Tarreau795cdab2016-12-22 17:30:54 +01005772 free(bind_conf->keys_ref->filename);
5773 free(bind_conf->keys_ref->tlskeys);
5774 LIST_DEL(&bind_conf->keys_ref->list);
5775 free(bind_conf->keys_ref);
5776 }
5777 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005778 bind_conf->ca_sign_pass = NULL;
5779 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005780}
5781
Christopher Faulet31af49d2015-06-09 17:29:50 +02005782/* Load CA cert file and private key used to generate certificates */
5783int
Willy Tarreau03209342016-12-22 17:08:28 +01005784ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005785{
Willy Tarreau03209342016-12-22 17:08:28 +01005786 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005787 FILE *fp;
5788 X509 *cacert = NULL;
5789 EVP_PKEY *capkey = NULL;
5790 int err = 0;
5791
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02005792 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005793 return err;
5794
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005795#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02005796 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01005797 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005798 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02005799 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005800 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02005801#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02005802
Christopher Faulet31af49d2015-06-09 17:29:50 +02005803 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005804 ha_alert("Proxy '%s': cannot enable certificate generation, "
5805 "no CA certificate File configured at [%s:%d].\n",
5806 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005807 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005808 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005809
5810 /* read in the CA certificate */
5811 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005812 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5813 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005814 goto load_error;
5815 }
5816 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005817 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5818 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005819 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005820 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005821 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005822 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005823 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
5824 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005825 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005826 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005827
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005828 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005829 bind_conf->ca_sign_cert = cacert;
5830 bind_conf->ca_sign_pkey = capkey;
5831 return err;
5832
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005833 read_error:
5834 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005835 if (capkey) EVP_PKEY_free(capkey);
5836 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005837 load_error:
5838 bind_conf->generate_certs = 0;
5839 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005840 return err;
5841}
5842
5843/* Release CA cert and private key used to generate certificated */
5844void
5845ssl_sock_free_ca(struct bind_conf *bind_conf)
5846{
Christopher Faulet31af49d2015-06-09 17:29:50 +02005847 if (bind_conf->ca_sign_pkey)
5848 EVP_PKEY_free(bind_conf->ca_sign_pkey);
5849 if (bind_conf->ca_sign_cert)
5850 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01005851 bind_conf->ca_sign_pkey = NULL;
5852 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005853}
5854
Emeric Brun46591952012-05-18 15:47:34 +02005855/*
5856 * This function is called if SSL * context is not yet allocated. The function
5857 * is designed to be called before any other data-layer operation and sets the
5858 * handshake flag on the connection. It is safe to call it multiple times.
5859 * It returns 0 on success and -1 in error case.
5860 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005861static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005862{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005863 struct ssl_sock_ctx *ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005864 /* already initialized */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005865 if (*xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005866 return 0;
5867
Willy Tarreau3c728722014-01-23 13:50:42 +01005868 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005869 return 0;
5870
Olivier Houchard66ab4982019-02-26 18:37:15 +01005871 ctx = pool_alloc(ssl_sock_ctx_pool);
5872 if (!ctx) {
5873 conn->err_code = CO_ER_SSL_NO_MEM;
5874 return -1;
5875 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005876 ctx->wait_event.tasklet = tasklet_new();
5877 if (!ctx->wait_event.tasklet) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005878 conn->err_code = CO_ER_SSL_NO_MEM;
5879 pool_free(ssl_sock_ctx_pool, ctx);
5880 return -1;
5881 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005882 ctx->wait_event.tasklet->process = ssl_sock_io_cb;
5883 ctx->wait_event.tasklet->context = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005884 ctx->wait_event.events = 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005885 ctx->sent_early_data = 0;
Olivier Houchard54907bb2019-12-19 15:02:39 +01005886 ctx->early_buf = BUF_NULL;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005887 ctx->conn = conn;
Olivier Houchard81284e62019-06-06 13:21:23 +02005888 ctx->send_wait = NULL;
5889 ctx->recv_wait = NULL;
Emeric Brun5762a0d2019-09-06 15:36:02 +02005890 ctx->xprt_st = 0;
5891 ctx->xprt_ctx = NULL;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005892
5893 /* Only work with sockets for now, this should be adapted when we'll
5894 * add QUIC support.
5895 */
5896 ctx->xprt = xprt_get(XPRT_RAW);
Olivier Houchard19afb272019-05-23 18:24:07 +02005897 if (ctx->xprt->init) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005898 if (ctx->xprt->init(conn, &ctx->xprt_ctx) != 0)
5899 goto err;
Olivier Houchard19afb272019-05-23 18:24:07 +02005900 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005901
Willy Tarreau20879a02012-12-03 16:32:10 +01005902 if (global.maxsslconn && sslconns >= global.maxsslconn) {
5903 conn->err_code = CO_ER_SSL_TOO_MANY;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005904 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005905 }
Willy Tarreau403edff2012-09-06 11:58:37 +02005906
Emeric Brun46591952012-05-18 15:47:34 +02005907 /* If it is in client mode initiate SSL session
5908 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005909 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005910 int may_retry = 1;
5911
5912 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02005913 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005914 ctx->ssl = SSL_new(__objt_server(conn->target)->ssl_ctx.ctx);
5915 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005916 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005917 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005918 goto retry_connect;
5919 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005920 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005921 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005922 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005923 ctx->bio = BIO_new(ha_meth);
5924 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005925 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005926 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005927 goto retry_connect;
5928 }
Emeric Brun55476152014-11-12 17:35:37 +01005929 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005930 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005931 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005932 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005933 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005934
Evan Broderbe554312013-06-27 00:05:25 -07005935 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005936 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5937 SSL_free(ctx->ssl);
5938 ctx->ssl = NULL;
Emeric Brun55476152014-11-12 17:35:37 +01005939 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005940 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005941 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005942 goto retry_connect;
5943 }
Emeric Brun55476152014-11-12 17:35:37 +01005944 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005945 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005946 }
5947
Olivier Houchard66ab4982019-02-26 18:37:15 +01005948 SSL_set_connect_state(ctx->ssl);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005949 if (__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5950 const unsigned char *ptr = __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
5951 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, __objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005952 if (sess && !SSL_set_session(ctx->ssl, sess)) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005953 SSL_SESSION_free(sess);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005954 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5955 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Olivier Houcharde6060c52017-11-16 17:42:52 +01005956 } else if (sess) {
5957 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01005958 }
5959 }
Evan Broderbe554312013-06-27 00:05:25 -07005960
Emeric Brun46591952012-05-18 15:47:34 +02005961 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005962 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02005963
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005964 _HA_ATOMIC_ADD(&sslconns, 1);
5965 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005966 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005967 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005968 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005969 if (conn->flags & CO_FL_ERROR)
5970 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005971 return 0;
5972 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005973 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005974 int may_retry = 1;
5975
5976 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02005977 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005978 ctx->ssl = SSL_new(__objt_listener(conn->target)->bind_conf->initial_ctx);
5979 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005980 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005981 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005982 goto retry_accept;
5983 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005984 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005985 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005986 }
Olivier Houchard545989f2019-12-17 15:39:54 +01005987#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard54907bb2019-12-19 15:02:39 +01005988 if (__objt_listener(conn->target)->bind_conf->ssl_conf.early_data) {
5989 b_alloc(&ctx->early_buf);
5990 SSL_set_max_early_data(ctx->ssl,
5991 /* Only allow early data if we managed to allocate
5992 * a buffer.
5993 */
5994 (!b_is_null(&ctx->early_buf)) ?
5995 global.tune.bufsize - global.tune.maxrewrite : 0);
5996 }
Olivier Houchard545989f2019-12-17 15:39:54 +01005997#endif
Emeric Brun46591952012-05-18 15:47:34 +02005998
Olivier Houcharda8955d52019-04-07 22:00:38 +02005999 ctx->bio = BIO_new(ha_meth);
6000 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01006001 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01006002 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01006003 goto retry_accept;
6004 }
Emeric Brun55476152014-11-12 17:35:37 +01006005 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006006 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01006007 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02006008 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02006009 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02006010
Emeric Brune1f38db2012-09-03 20:36:47 +02006011 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006012 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
6013 SSL_free(ctx->ssl);
6014 ctx->ssl = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01006015 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01006016 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01006017 goto retry_accept;
6018 }
Emeric Brun55476152014-11-12 17:35:37 +01006019 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006020 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01006021 }
6022
Olivier Houchard66ab4982019-02-26 18:37:15 +01006023 SSL_set_accept_state(ctx->ssl);
Emeric Brune1f38db2012-09-03 20:36:47 +02006024
Emeric Brun46591952012-05-18 15:47:34 +02006025 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02006026 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Emmanuel Hocdetf967c312019-08-05 18:04:16 +02006027#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02006028 conn->flags |= CO_FL_EARLY_SSL_HS;
6029#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02006030
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006031 _HA_ATOMIC_ADD(&sslconns, 1);
6032 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006033 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006034 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006035 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006036 if (conn->flags & CO_FL_ERROR)
6037 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02006038 return 0;
6039 }
6040 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01006041 conn->err_code = CO_ER_SSL_NO_TARGET;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006042err:
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006043 if (ctx && ctx->wait_event.tasklet)
6044 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006045 pool_free(ssl_sock_ctx_pool, ctx);
Emeric Brun46591952012-05-18 15:47:34 +02006046 return -1;
6047}
6048
6049
6050/* This is the callback which is used when an SSL handshake is pending. It
6051 * updates the FD status if it wants some polling before being called again.
6052 * It returns 0 if it fails in a fatal way or needs to poll to go further,
6053 * otherwise it returns non-zero and removes itself from the connection's
6054 * flags (the bit is provided in <flag> by the caller).
6055 */
Olivier Houchard000694c2019-05-23 14:45:12 +02006056static int ssl_sock_handshake(struct connection *conn, unsigned int flag)
Emeric Brun46591952012-05-18 15:47:34 +02006057{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006058 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brun46591952012-05-18 15:47:34 +02006059 int ret;
6060
Willy Tarreau3c728722014-01-23 13:50:42 +01006061 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02006062 return 0;
6063
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02006064 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02006065 goto out_error;
6066
Willy Tarreau5db847a2019-05-09 14:13:35 +02006067#if HA_OPENSSL_VERSION_NUMBER >= 0x10101000L
Olivier Houchardc2aae742017-09-22 18:26:28 +02006068 /*
6069 * Check if we have early data. If we do, we have to read them
6070 * before SSL_do_handshake() is called, And there's no way to
6071 * detect early data, except to try to read them
6072 */
6073 if (conn->flags & CO_FL_EARLY_SSL_HS) {
Olivier Houchard54907bb2019-12-19 15:02:39 +01006074 size_t read_data = 0;
Olivier Houchardc2aae742017-09-22 18:26:28 +02006075
Olivier Houchard54907bb2019-12-19 15:02:39 +01006076 while (1) {
6077 ret = SSL_read_early_data(ctx->ssl,
6078 b_tail(&ctx->early_buf), b_room(&ctx->early_buf),
6079 &read_data);
6080 if (ret == SSL_READ_EARLY_DATA_ERROR)
6081 goto check_error;
6082 if (read_data > 0) {
6083 conn->flags |= CO_FL_EARLY_DATA;
6084 b_add(&ctx->early_buf, read_data);
6085 }
6086 if (ret == SSL_READ_EARLY_DATA_FINISH) {
6087 conn->flags &= ~CO_FL_EARLY_SSL_HS;
6088 if (!b_data(&ctx->early_buf))
6089 b_free(&ctx->early_buf);
6090 break;
6091 }
6092 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02006093 }
6094#endif
Emeric Brun674b7432012-11-08 19:21:55 +01006095 /* If we use SSL_do_handshake to process a reneg initiated by
6096 * the remote peer, it sometimes returns SSL_ERROR_SSL.
6097 * Usually SSL_write and SSL_read are used and process implicitly
6098 * the reneg handshake.
6099 * Here we use SSL_peek as a workaround for reneg.
6100 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006101 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01006102 char c;
6103
Olivier Houchard66ab4982019-02-26 18:37:15 +01006104 ret = SSL_peek(ctx->ssl, &c, 1);
Emeric Brun674b7432012-11-08 19:21:55 +01006105 if (ret <= 0) {
6106 /* handshake may have not been completed, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006107 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006108
Emeric Brun674b7432012-11-08 19:21:55 +01006109 if (ret == SSL_ERROR_WANT_WRITE) {
6110 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02006111 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02006112 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01006113 return 0;
6114 }
6115 else if (ret == SSL_ERROR_WANT_READ) {
6116 /* handshake may have been completed but we have
6117 * no more data to read.
6118 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006119 if (!SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01006120 ret = 1;
6121 goto reneg_ok;
6122 }
6123 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02006124 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02006125 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01006126 return 0;
6127 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02006128#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006129 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006130 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006131 return 0;
6132 }
6133#endif
Emeric Brun674b7432012-11-08 19:21:55 +01006134 else if (ret == SSL_ERROR_SYSCALL) {
6135 /* if errno is null, then connection was successfully established */
6136 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
6137 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01006138 if (!conn->err_code) {
Lukas Tribus49799162019-07-08 14:29:15 +02006139#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
6140 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006141 conn->err_code = CO_ER_SSL_HANDSHAKE;
6142#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006143 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02006144#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus49799162019-07-08 14:29:15 +02006145 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006146 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)ctx->ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006147 empty_handshake = state == TLS_ST_BEFORE;
6148#else
Lukas Tribus49799162019-07-08 14:29:15 +02006149 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
6150 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006151#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006152 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02006153 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006154 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02006155 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6156 else
6157 conn->err_code = CO_ER_SSL_EMPTY;
6158 }
6159 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006160 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02006161 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6162 else
6163 conn->err_code = CO_ER_SSL_ABORT;
6164 }
6165 }
6166 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006167 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02006168 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01006169 else
Emeric Brun29f037d2014-04-25 19:05:36 +02006170 conn->err_code = CO_ER_SSL_HANDSHAKE;
6171 }
Lukas Tribus49799162019-07-08 14:29:15 +02006172#endif /* BoringSSL or LibreSSL */
Willy Tarreau20879a02012-12-03 16:32:10 +01006173 }
Emeric Brun674b7432012-11-08 19:21:55 +01006174 goto out_error;
6175 }
6176 else {
6177 /* Fail on all other handshake errors */
6178 /* Note: OpenSSL may leave unread bytes in the socket's
6179 * buffer, causing an RST to be emitted upon close() on
6180 * TCP sockets. We first try to drain possibly pending
6181 * data to avoid this as much as possible.
6182 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01006183 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01006184 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006185 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02006186 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01006187 goto out_error;
6188 }
6189 }
6190 /* read some data: consider handshake completed */
6191 goto reneg_ok;
6192 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01006193 ret = SSL_do_handshake(ctx->ssl);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006194check_error:
Emeric Brun46591952012-05-18 15:47:34 +02006195 if (ret != 1) {
6196 /* handshake did not complete, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006197 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02006198
6199 if (ret == SSL_ERROR_WANT_WRITE) {
6200 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02006201 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02006202 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02006203 return 0;
6204 }
6205 else if (ret == SSL_ERROR_WANT_READ) {
6206 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchardea8dd942019-05-20 14:02:16 +02006207 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02006208 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6209 SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02006210 return 0;
6211 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02006212#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006213 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006214 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006215 return 0;
6216 }
6217#endif
Willy Tarreau89230192012-09-28 20:22:13 +02006218 else if (ret == SSL_ERROR_SYSCALL) {
6219 /* if errno is null, then connection was successfully established */
6220 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
6221 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006222 if (!conn->err_code) {
Lukas Tribus49799162019-07-08 14:29:15 +02006223#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
6224 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006225 conn->err_code = CO_ER_SSL_HANDSHAKE;
6226#else
6227 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02006228#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus49799162019-07-08 14:29:15 +02006229 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006230 OSSL_HANDSHAKE_STATE state = SSL_get_state(ctx->ssl);
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006231 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006232#else
Lukas Tribus49799162019-07-08 14:29:15 +02006233 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
6234 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006235#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006236 if (empty_handshake) {
6237 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006238 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006239 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6240 else
6241 conn->err_code = CO_ER_SSL_EMPTY;
6242 }
6243 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006244 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006245 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6246 else
6247 conn->err_code = CO_ER_SSL_ABORT;
6248 }
Emeric Brun29f037d2014-04-25 19:05:36 +02006249 }
6250 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006251 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02006252 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6253 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006254 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02006255 }
Lukas Tribus49799162019-07-08 14:29:15 +02006256#endif /* BoringSSL or LibreSSL */
Emeric Brun29f037d2014-04-25 19:05:36 +02006257 }
Willy Tarreau89230192012-09-28 20:22:13 +02006258 goto out_error;
6259 }
Emeric Brun46591952012-05-18 15:47:34 +02006260 else {
6261 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02006262 /* Note: OpenSSL may leave unread bytes in the socket's
6263 * buffer, causing an RST to be emitted upon close() on
6264 * TCP sockets. We first try to drain possibly pending
6265 * data to avoid this as much as possible.
6266 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01006267 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01006268 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006269 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02006270 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02006271 goto out_error;
6272 }
6273 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02006274#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard522eea72017-11-03 16:27:47 +01006275 else {
6276 /*
6277 * If the server refused the early data, we have to send a
6278 * 425 to the client, as we no longer have the data to sent
6279 * them again.
6280 */
6281 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006282 if (SSL_get_early_data_status(ctx->ssl) == SSL_EARLY_DATA_REJECTED) {
Olivier Houchard522eea72017-11-03 16:27:47 +01006283 conn->err_code = CO_ER_SSL_EARLY_FAILED;
6284 goto out_error;
6285 }
6286 }
6287 }
6288#endif
6289
Emeric Brun46591952012-05-18 15:47:34 +02006290
Emeric Brun674b7432012-11-08 19:21:55 +01006291reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00006292
Willy Tarreau5db847a2019-05-09 14:13:35 +02006293#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006294 /* ASYNC engine API doesn't support moving read/write
6295 * buffers. So we disable ASYNC mode right after
6296 * the handshake to avoid buffer oveflows.
6297 */
6298 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006299 SSL_clear_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006300#endif
Emeric Brun46591952012-05-18 15:47:34 +02006301 /* Handshake succeeded */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006302 if (!SSL_session_reused(ctx->ssl)) {
Willy Tarreau0c9c2722014-05-28 12:28:58 +02006303 if (objt_server(conn->target)) {
6304 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
6305 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
6306 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02006307 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02006308 else {
6309 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
6310 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
6311 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
6312 }
Emeric Brun46591952012-05-18 15:47:34 +02006313 }
6314
6315 /* The connection is now established at both layers, it's time to leave */
6316 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
6317 return 1;
6318
6319 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01006320 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006321 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006322 ERR_clear_error();
6323
Emeric Brun9fa89732012-10-04 17:09:56 +02006324 /* free resumed session if exists */
Willy Tarreau07d94e42018-09-20 10:57:52 +02006325 if (objt_server(conn->target) && __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
6326 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
6327 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02006328 }
6329
Emeric Brun46591952012-05-18 15:47:34 +02006330 /* Fail on all other handshake errors */
6331 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01006332 if (!conn->err_code)
6333 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02006334 return 0;
6335}
6336
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006337static int ssl_subscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01006338{
Olivier Houchardea8dd942019-05-20 14:02:16 +02006339 struct wait_event *sw;
6340 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006341
Olivier Houchard0ff28652019-06-24 18:57:39 +02006342 if (!ctx)
6343 return -1;
6344
Olivier Houchardea8dd942019-05-20 14:02:16 +02006345 if (event_type & SUB_RETRY_RECV) {
6346 sw = param;
6347 BUG_ON(ctx->recv_wait != NULL || (sw->events & SUB_RETRY_RECV));
6348 sw->events |= SUB_RETRY_RECV;
6349 ctx->recv_wait = sw;
6350 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
6351 !(ctx->wait_event.events & SUB_RETRY_RECV))
6352 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
6353 event_type &= ~SUB_RETRY_RECV;
6354 }
6355 if (event_type & SUB_RETRY_SEND) {
6356sw = param;
6357 BUG_ON(ctx->send_wait != NULL || (sw->events & SUB_RETRY_SEND));
6358 sw->events |= SUB_RETRY_SEND;
6359 ctx->send_wait = sw;
6360 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
6361 !(ctx->wait_event.events & SUB_RETRY_SEND))
6362 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
6363 event_type &= ~SUB_RETRY_SEND;
6364
6365 }
6366 if (event_type != 0)
6367 return -1;
6368 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01006369}
6370
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006371static int ssl_unsubscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01006372{
Olivier Houchardea8dd942019-05-20 14:02:16 +02006373 struct wait_event *sw;
6374 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006375
Olivier Houchardea8dd942019-05-20 14:02:16 +02006376 if (event_type & SUB_RETRY_RECV) {
6377 sw = param;
6378 BUG_ON(ctx->recv_wait != sw);
6379 ctx->recv_wait = NULL;
6380 sw->events &= ~SUB_RETRY_RECV;
6381 /* If we subscribed, and we're not doing the handshake,
6382 * then we subscribed because the upper layer asked for it,
6383 * as the upper layer is no longer interested, we can
6384 * unsubscribe too.
6385 */
6386 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
6387 (ctx->wait_event.events & SUB_RETRY_RECV))
6388 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV,
6389 &ctx->wait_event);
6390 }
6391 if (event_type & SUB_RETRY_SEND) {
6392 sw = param;
6393 BUG_ON(ctx->send_wait != sw);
6394 ctx->send_wait = NULL;
6395 sw->events &= ~SUB_RETRY_SEND;
6396 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
6397 (ctx->wait_event.events & SUB_RETRY_SEND))
6398 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND,
6399 &ctx->wait_event);
6400
6401 }
6402
6403 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01006404}
6405
Olivier Houchard2e055482019-05-27 19:50:12 +02006406/* Use the provided XPRT as an underlying XPRT, and provide the old one.
6407 * Returns 0 on success, and non-zero on failure.
6408 */
6409static int ssl_add_xprt(struct connection *conn, void *xprt_ctx, void *toadd_ctx, const struct xprt_ops *toadd_ops, void **oldxprt_ctx, const struct xprt_ops **oldxprt_ops)
6410{
6411 struct ssl_sock_ctx *ctx = xprt_ctx;
6412
6413 if (oldxprt_ops != NULL)
6414 *oldxprt_ops = ctx->xprt;
6415 if (oldxprt_ctx != NULL)
6416 *oldxprt_ctx = ctx->xprt_ctx;
6417 ctx->xprt = toadd_ops;
6418 ctx->xprt_ctx = toadd_ctx;
6419 return 0;
6420}
6421
Olivier Houchard5149b592019-05-23 17:47:36 +02006422/* Remove the specified xprt. If if it our underlying XPRT, remove it and
6423 * return 0, otherwise just call the remove_xprt method from the underlying
6424 * XPRT.
6425 */
6426static int ssl_remove_xprt(struct connection *conn, void *xprt_ctx, void *toremove_ctx, const struct xprt_ops *newops, void *newctx)
6427{
6428 struct ssl_sock_ctx *ctx = xprt_ctx;
6429
6430 if (ctx->xprt_ctx == toremove_ctx) {
6431 ctx->xprt_ctx = newctx;
6432 ctx->xprt = newops;
6433 return 0;
6434 }
6435 return (ctx->xprt->remove_xprt(conn, ctx->xprt_ctx, toremove_ctx, newops, newctx));
6436}
6437
Olivier Houchardea8dd942019-05-20 14:02:16 +02006438static struct task *ssl_sock_io_cb(struct task *t, void *context, unsigned short state)
6439{
6440 struct ssl_sock_ctx *ctx = context;
6441
6442 /* First if we're doing an handshake, try that */
6443 if (ctx->conn->flags & CO_FL_SSL_WAIT_HS)
6444 ssl_sock_handshake(ctx->conn, CO_FL_SSL_WAIT_HS);
6445 /* If we had an error, or the handshake is done and I/O is available,
6446 * let the upper layer know.
6447 * If no mux was set up yet, and nobody subscribed, then call
6448 * xprt_done_cb() ourself if it's set, or destroy the connection,
6449 * we can't be sure conn_fd_handler() will be called again.
6450 */
6451 if ((ctx->conn->flags & CO_FL_ERROR) ||
6452 !(ctx->conn->flags & CO_FL_SSL_WAIT_HS)) {
6453 int ret = 0;
6454 int woke = 0;
6455
6456 /* On error, wake any waiter */
6457 if (ctx->recv_wait) {
6458 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006459 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006460 ctx->recv_wait = NULL;
6461 woke = 1;
6462 }
6463 if (ctx->send_wait) {
6464 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006465 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006466 ctx->send_wait = NULL;
6467 woke = 1;
6468 }
6469 /* If we're the first xprt for the connection, let the
6470 * upper layers know. If xprt_done_cb() is set, call it,
6471 * otherwise, we should have a mux, so call its wake
6472 * method if we didn't woke a tasklet already.
6473 */
6474 if (ctx->conn->xprt_ctx == ctx) {
6475 if (ctx->conn->xprt_done_cb)
6476 ret = ctx->conn->xprt_done_cb(ctx->conn);
6477 if (ret >= 0 && !woke && ctx->conn->mux && ctx->conn->mux->wake)
6478 ctx->conn->mux->wake(ctx->conn);
6479 return NULL;
6480 }
6481 }
Olivier Houchard54907bb2019-12-19 15:02:39 +01006482#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
6483 /* If we have early data and somebody wants to receive, let them */
6484 else if (b_data(&ctx->early_buf) && ctx->recv_wait) {
6485 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
6486 tasklet_wakeup(ctx->recv_wait->tasklet);
6487 ctx->recv_wait = NULL;
6488
6489 }
6490#endif
Olivier Houchardea8dd942019-05-20 14:02:16 +02006491 return NULL;
6492}
6493
Emeric Brun46591952012-05-18 15:47:34 +02006494/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01006495 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02006496 * buffer wraps, in which case a second call may be performed. The connection's
6497 * flags are updated with whatever special event is detected (error, read0,
6498 * empty). The caller is responsible for taking care of those events and
6499 * avoiding the call if inappropriate. The function does not call the
6500 * connection's polling update function, so the caller is responsible for this.
6501 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006502static size_t ssl_sock_to_buf(struct connection *conn, void *xprt_ctx, struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02006503{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006504 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreaubfc4d772018-07-18 11:22:03 +02006505 ssize_t ret;
6506 size_t try, done = 0;
Emeric Brun46591952012-05-18 15:47:34 +02006507
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006508 conn_refresh_polling_flags(conn);
6509
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006510 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02006511 goto out_error;
6512
Olivier Houchard54907bb2019-12-19 15:02:39 +01006513#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
6514 if (b_data(&ctx->early_buf)) {
6515 try = b_contig_space(buf);
6516 if (try > b_data(&ctx->early_buf))
6517 try = b_data(&ctx->early_buf);
6518 memcpy(b_tail(buf), b_head(&ctx->early_buf), try);
6519 b_add(buf, try);
6520 b_del(&ctx->early_buf, try);
6521 if (b_data(&ctx->early_buf) == 0)
6522 b_free(&ctx->early_buf);
6523 return try;
6524 }
6525#endif
6526
Emeric Brun46591952012-05-18 15:47:34 +02006527 if (conn->flags & CO_FL_HANDSHAKE)
6528 /* a handshake was requested */
6529 return 0;
6530
Emeric Brun46591952012-05-18 15:47:34 +02006531 /* read the largest possible block. For this, we perform only one call
6532 * to recv() unless the buffer wraps and we exactly fill the first hunk,
6533 * in which case we accept to do it once again. A new attempt is made on
6534 * EINTR too.
6535 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01006536 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02006537
Willy Tarreau591d4452018-06-15 17:21:00 +02006538 try = b_contig_space(buf);
6539 if (!try)
6540 break;
6541
Willy Tarreauabf08d92014-01-14 11:31:27 +01006542 if (try > count)
6543 try = count;
Willy Tarreau591d4452018-06-15 17:21:00 +02006544
Olivier Houchard66ab4982019-02-26 18:37:15 +01006545 ret = SSL_read(ctx->ssl, b_tail(buf), try);
Emmanuel Hocdetf967c312019-08-05 18:04:16 +02006546
Emeric Brune1f38db2012-09-03 20:36:47 +02006547 if (conn->flags & CO_FL_ERROR) {
6548 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01006549 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02006550 }
Emeric Brun46591952012-05-18 15:47:34 +02006551 if (ret > 0) {
Olivier Houchardacd14032018-06-28 18:17:23 +02006552 b_add(buf, ret);
Emeric Brun46591952012-05-18 15:47:34 +02006553 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02006554 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02006555 }
Emeric Brun46591952012-05-18 15:47:34 +02006556 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006557 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02006558 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01006559 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02006560 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006561 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006562#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006563 /* Async mode can be re-enabled, because we're leaving data state.*/
6564 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006565 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006566#endif
Emeric Brun46591952012-05-18 15:47:34 +02006567 break;
6568 }
6569 else if (ret == SSL_ERROR_WANT_READ) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006570 if (SSL_renegotiate_pending(ctx->ssl)) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006571 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6572 SUB_RETRY_RECV,
6573 &ctx->wait_event);
Emeric Brun282a76a2012-11-08 18:02:56 +01006574 /* handshake is running, and it may need to re-enable read */
6575 conn->flags |= CO_FL_SSL_WAIT_HS;
Willy Tarreau5db847a2019-05-09 14:13:35 +02006576#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006577 /* Async mode can be re-enabled, because we're leaving data state.*/
6578 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006579 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006580#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01006581 break;
6582 }
Emeric Brun46591952012-05-18 15:47:34 +02006583 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02006584 } else if (ret == SSL_ERROR_ZERO_RETURN)
6585 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01006586 /* For SSL_ERROR_SYSCALL, make sure to clear the error
6587 * stack before shutting down the connection for
6588 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01006589 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
6590 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02006591 /* otherwise it's a real error */
6592 goto out_error;
6593 }
6594 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006595 leave:
Emeric Brun46591952012-05-18 15:47:34 +02006596 return done;
6597
Christopher Faulet4ac77a92018-02-19 14:25:15 +01006598 clear_ssl_error:
6599 /* Clear openssl global errors stack */
6600 ssl_sock_dump_errors(conn);
6601 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02006602 read0:
6603 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006604 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01006605
Emeric Brun46591952012-05-18 15:47:34 +02006606 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01006607 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01006608 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006609 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006610 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006611 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02006612}
6613
6614
Willy Tarreau787db9a2018-06-14 18:31:46 +02006615/* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s
6616 * socket. <flags> may contain some CO_SFL_* flags to hint the system about
6617 * other pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02006618 * Only one call to send() is performed, unless the buffer wraps, in which case
6619 * a second call may be performed. The connection's flags are updated with
6620 * whatever special event is detected (error, empty). The caller is responsible
6621 * for taking care of those events and avoiding the call if inappropriate. The
6622 * function does not call the connection's polling update function, so the caller
Willy Tarreau787db9a2018-06-14 18:31:46 +02006623 * is responsible for this. The buffer's output is not adjusted, it's up to the
6624 * caller to take care of this. It's up to the caller to update the buffer's
6625 * contents based on the return value.
Emeric Brun46591952012-05-18 15:47:34 +02006626 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006627static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02006628{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006629 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreau787db9a2018-06-14 18:31:46 +02006630 ssize_t ret;
6631 size_t try, done;
Emeric Brun46591952012-05-18 15:47:34 +02006632
6633 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006634 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02006635
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006636 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02006637 goto out_error;
6638
Olivier Houchard010941f2019-05-03 20:56:19 +02006639 if (conn->flags & (CO_FL_HANDSHAKE | CO_FL_EARLY_SSL_HS))
Emeric Brun46591952012-05-18 15:47:34 +02006640 /* a handshake was requested */
6641 return 0;
6642
6643 /* send the largest possible block. For this we perform only one call
6644 * to send() unless the buffer wraps and we exactly fill the first hunk,
6645 * in which case we accept to do it once again.
6646 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02006647 while (count) {
Willy Tarreau5db847a2019-05-09 14:13:35 +02006648#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02006649 size_t written_data;
6650#endif
6651
Willy Tarreau787db9a2018-06-14 18:31:46 +02006652 try = b_contig_data(buf, done);
6653 if (try > count)
6654 try = count;
Willy Tarreaubfd59462013-02-21 07:46:09 +01006655
Willy Tarreau7bed9452014-02-02 02:00:24 +01006656 if (!(flags & CO_SFL_STREAMER) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006657 !(ctx->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01006658 global_ssl.max_record && try > global_ssl.max_record) {
6659 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01006660 }
6661 else {
6662 /* we need to keep the information about the fact that
6663 * we're not limiting the upcoming send(), because if it
6664 * fails, we'll have to retry with at least as many data.
6665 */
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006666 ctx->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau518cedd2014-02-17 15:43:01 +01006667 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01006668
Willy Tarreau5db847a2019-05-09 14:13:35 +02006669#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard010941f2019-05-03 20:56:19 +02006670 if (!SSL_is_init_finished(ctx->ssl) && conn_is_back(conn)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02006671 unsigned int max_early;
6672
Olivier Houchard522eea72017-11-03 16:27:47 +01006673 if (objt_listener(conn->target))
Olivier Houchard66ab4982019-02-26 18:37:15 +01006674 max_early = SSL_get_max_early_data(ctx->ssl);
Olivier Houchard522eea72017-11-03 16:27:47 +01006675 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006676 if (SSL_get0_session(ctx->ssl))
6677 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(ctx->ssl));
Olivier Houchard522eea72017-11-03 16:27:47 +01006678 else
6679 max_early = 0;
6680 }
6681
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006682 if (try + ctx->sent_early_data > max_early) {
6683 try -= (try + ctx->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01006684 if (try <= 0) {
Olivier Houchard010941f2019-05-03 20:56:19 +02006685 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006686 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006687 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01006688 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02006689 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01006690 ret = SSL_write_early_data(ctx->ssl, b_peek(buf, done), try, &written_data);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006691 if (ret == 1) {
6692 ret = written_data;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006693 ctx->sent_early_data += ret;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006694 if (objt_server(conn->target)) {
Olivier Houchard522eea72017-11-03 16:27:47 +01006695 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006696 /* Initiate the handshake, now */
6697 tasklet_wakeup(ctx->wait_event.tasklet);
6698 }
Olivier Houchard522eea72017-11-03 16:27:47 +01006699
Olivier Houchardc2aae742017-09-22 18:26:28 +02006700 }
6701
6702 } else
6703#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006704 ret = SSL_write(ctx->ssl, b_peek(buf, done), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01006705
Emeric Brune1f38db2012-09-03 20:36:47 +02006706 if (conn->flags & CO_FL_ERROR) {
6707 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01006708 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02006709 }
Emeric Brun46591952012-05-18 15:47:34 +02006710 if (ret > 0) {
Olivier Houchardf24502b2019-01-17 19:09:11 +01006711 /* A send succeeded, so we can consier ourself connected */
6712 conn->flags |= CO_FL_CONNECTED;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006713 ctx->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau787db9a2018-06-14 18:31:46 +02006714 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02006715 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02006716 }
6717 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006718 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006719
Emeric Brun46591952012-05-18 15:47:34 +02006720 if (ret == SSL_ERROR_WANT_WRITE) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006721 if (SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun282a76a2012-11-08 18:02:56 +01006722 /* handshake is running, and it may need to re-enable write */
6723 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006724 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006725#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006726 /* Async mode can be re-enabled, because we're leaving data state.*/
6727 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006728 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006729#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01006730 break;
6731 }
Olivier Houchardea8dd942019-05-20 14:02:16 +02006732
Emeric Brun46591952012-05-18 15:47:34 +02006733 break;
6734 }
6735 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01006736 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02006737 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006738 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6739 SUB_RETRY_RECV,
6740 &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006741#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006742 /* Async mode can be re-enabled, because we're leaving data state.*/
6743 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006744 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006745#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006746 break;
6747 }
Emeric Brun46591952012-05-18 15:47:34 +02006748 goto out_error;
6749 }
6750 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006751 leave:
Emeric Brun46591952012-05-18 15:47:34 +02006752 return done;
6753
6754 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01006755 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006756 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006757 ERR_clear_error();
6758
Emeric Brun46591952012-05-18 15:47:34 +02006759 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006760 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02006761}
6762
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006763static void ssl_sock_close(struct connection *conn, void *xprt_ctx) {
Emeric Brun46591952012-05-18 15:47:34 +02006764
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006765 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006766
Olivier Houchardea8dd942019-05-20 14:02:16 +02006767
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006768 if (ctx) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006769 if (ctx->wait_event.events != 0)
6770 ctx->xprt->unsubscribe(ctx->conn, ctx->xprt_ctx,
6771 ctx->wait_event.events,
6772 &ctx->wait_event);
6773 if (ctx->send_wait) {
6774 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006775 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006776 }
6777 if (ctx->recv_wait) {
6778 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006779 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006780 }
Olivier Houchard692c1d02019-05-23 18:41:47 +02006781 if (ctx->xprt->close)
6782 ctx->xprt->close(conn, ctx->xprt_ctx);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006783#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02006784 if (global_ssl.async) {
6785 OSSL_ASYNC_FD all_fd[32], afd;
6786 size_t num_all_fds = 0;
6787 int i;
6788
Olivier Houchard66ab4982019-02-26 18:37:15 +01006789 SSL_get_all_async_fds(ctx->ssl, NULL, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006790 if (num_all_fds > 32) {
6791 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
6792 return;
6793 }
6794
Olivier Houchard66ab4982019-02-26 18:37:15 +01006795 SSL_get_all_async_fds(ctx->ssl, all_fd, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006796
6797 /* If an async job is pending, we must try to
6798 to catch the end using polling before calling
6799 SSL_free */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006800 if (num_all_fds && SSL_waiting_for_async(ctx->ssl)) {
Emeric Brun3854e012017-05-17 20:42:48 +02006801 for (i=0 ; i < num_all_fds ; i++) {
6802 /* switch on an handler designed to
6803 * handle the SSL_free
6804 */
6805 afd = all_fd[i];
6806 fdtab[afd].iocb = ssl_async_fd_free;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006807 fdtab[afd].owner = ctx->ssl;
Emeric Brun3854e012017-05-17 20:42:48 +02006808 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00006809 /* To ensure that the fd cache won't be used
6810 * and we'll catch a real RD event.
6811 */
6812 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02006813 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006814 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006815 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006816 _HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006817 return;
6818 }
Emeric Brun3854e012017-05-17 20:42:48 +02006819 /* Else we can remove the fds from the fdtab
6820 * and call SSL_free.
6821 * note: we do a fd_remove and not a delete
6822 * because the fd is owned by the engine.
6823 * the engine is responsible to close
6824 */
6825 for (i=0 ; i < num_all_fds ; i++)
6826 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006827 }
6828#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006829 SSL_free(ctx->ssl);
Olivier Houchard54907bb2019-12-19 15:02:39 +01006830 b_free(&ctx->early_buf);
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006831 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006832 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006833 _HA_ATOMIC_SUB(&sslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006834 }
Emeric Brun46591952012-05-18 15:47:34 +02006835}
6836
6837/* This function tries to perform a clean shutdown on an SSL connection, and in
6838 * any case, flags the connection as reusable if no handshake was in progress.
6839 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006840static void ssl_sock_shutw(struct connection *conn, void *xprt_ctx, int clean)
Emeric Brun46591952012-05-18 15:47:34 +02006841{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006842 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006843
Emeric Brun46591952012-05-18 15:47:34 +02006844 if (conn->flags & CO_FL_HANDSHAKE)
6845 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01006846 if (!clean)
6847 /* don't sent notify on SSL_shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006848 SSL_set_quiet_shutdown(ctx->ssl, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006849 /* no handshake was in progress, try a clean ssl shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006850 if (SSL_shutdown(ctx->ssl) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01006851 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006852 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006853 ERR_clear_error();
6854 }
Emeric Brun46591952012-05-18 15:47:34 +02006855}
6856
William Lallemandd4f946c2019-12-05 10:26:40 +01006857/* fill a buffer with the algorithm and size of a public key */
6858static int cert_get_pkey_algo(X509 *crt, struct buffer *out)
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006859{
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006860 int bits = 0;
6861 int sig = TLSEXT_signature_anonymous;
6862 int len = -1;
Emmanuel Hocdetc3775d22019-11-04 18:19:32 +01006863 EVP_PKEY *pkey;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006864
Emmanuel Hocdetc3775d22019-11-04 18:19:32 +01006865 pkey = X509_get_pubkey(crt);
6866 if (pkey) {
6867 bits = EVP_PKEY_bits(pkey);
6868 switch(EVP_PKEY_base_id(pkey)) {
6869 case EVP_PKEY_RSA:
6870 sig = TLSEXT_signature_rsa;
6871 break;
6872 case EVP_PKEY_EC:
6873 sig = TLSEXT_signature_ecdsa;
6874 break;
6875 case EVP_PKEY_DSA:
6876 sig = TLSEXT_signature_dsa;
6877 break;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006878 }
Emmanuel Hocdetc3775d22019-11-04 18:19:32 +01006879 EVP_PKEY_free(pkey);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006880 }
6881
6882 switch(sig) {
6883 case TLSEXT_signature_rsa:
6884 len = chunk_printf(out, "RSA%d", bits);
6885 break;
6886 case TLSEXT_signature_ecdsa:
6887 len = chunk_printf(out, "EC%d", bits);
6888 break;
6889 case TLSEXT_signature_dsa:
6890 len = chunk_printf(out, "DSA%d", bits);
6891 break;
6892 default:
6893 return 0;
6894 }
6895 if (len < 0)
6896 return 0;
6897 return 1;
6898}
6899
William Lallemandd4f946c2019-12-05 10:26:40 +01006900/* used for ppv2 pkey alog (can be used for logging) */
6901int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
6902{
6903 struct ssl_sock_ctx *ctx;
6904 X509 *crt;
6905
6906 if (!ssl_sock_is_ssl(conn))
6907 return 0;
6908
6909 ctx = conn->xprt_ctx;
6910
6911 crt = SSL_get_certificate(ctx->ssl);
6912 if (!crt)
6913 return 0;
6914
6915 return cert_get_pkey_algo(crt, out);
6916}
6917
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006918/* used for ppv2 cert signature (can be used for logging) */
6919const char *ssl_sock_get_cert_sig(struct connection *conn)
6920{
Christopher Faulet82004142019-09-10 10:12:03 +02006921 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006922
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006923 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
6924 X509 *crt;
6925
6926 if (!ssl_sock_is_ssl(conn))
6927 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006928 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006929 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006930 if (!crt)
6931 return NULL;
6932 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6933 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
6934}
6935
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006936/* used for ppv2 authority */
6937const char *ssl_sock_get_sni(struct connection *conn)
6938{
6939#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet82004142019-09-10 10:12:03 +02006940 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006941
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006942 if (!ssl_sock_is_ssl(conn))
6943 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006944 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006945 return SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006946#else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006947 return NULL;
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006948#endif
6949}
6950
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006951/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006952const char *ssl_sock_get_cipher_name(struct connection *conn)
6953{
Christopher Faulet82004142019-09-10 10:12:03 +02006954 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006955
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006956 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006957 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006958 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006959 return SSL_get_cipher_name(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006960}
6961
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006962/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006963const char *ssl_sock_get_proto_version(struct connection *conn)
6964{
Christopher Faulet82004142019-09-10 10:12:03 +02006965 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006966
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006967 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006968 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006969 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006970 return SSL_get_version(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006971}
6972
Willy Tarreau8d598402012-10-22 17:58:39 +02006973/* Extract a serial from a cert, and copy it to a chunk.
6974 * Returns 1 if serial is found and copied, 0 if no serial found and
6975 * -1 if output is not large enough.
6976 */
6977static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006978ssl_sock_get_serial(X509 *crt, struct buffer *out)
Willy Tarreau8d598402012-10-22 17:58:39 +02006979{
6980 ASN1_INTEGER *serial;
6981
6982 serial = X509_get_serialNumber(crt);
6983 if (!serial)
6984 return 0;
6985
6986 if (out->size < serial->length)
6987 return -1;
6988
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006989 memcpy(out->area, serial->data, serial->length);
6990 out->data = serial->length;
Willy Tarreau8d598402012-10-22 17:58:39 +02006991 return 1;
6992}
6993
Emeric Brun43e79582014-10-29 19:03:26 +01006994/* Extract a cert to der, and copy it to a chunk.
Joseph Herlant017b3da2018-11-15 09:07:59 -08006995 * Returns 1 if the cert is found and copied, 0 on der conversion failure
6996 * and -1 if the output is not large enough.
Emeric Brun43e79582014-10-29 19:03:26 +01006997 */
6998static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006999ssl_sock_crt2der(X509 *crt, struct buffer *out)
Emeric Brun43e79582014-10-29 19:03:26 +01007000{
7001 int len;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007002 unsigned char *p = (unsigned char *) out->area;;
Emeric Brun43e79582014-10-29 19:03:26 +01007003
7004 len =i2d_X509(crt, NULL);
7005 if (len <= 0)
7006 return 1;
7007
7008 if (out->size < len)
7009 return -1;
7010
7011 i2d_X509(crt,&p);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007012 out->data = len;
Emeric Brun43e79582014-10-29 19:03:26 +01007013 return 1;
7014}
7015
Emeric Brunce5ad802012-10-22 14:11:22 +02007016
Willy Tarreau83061a82018-07-13 11:56:34 +02007017/* Copy Date in ASN1_UTCTIME format in struct buffer out.
Emeric Brunce5ad802012-10-22 14:11:22 +02007018 * Returns 1 if serial is found and copied, 0 if no valid time found
7019 * and -1 if output is not large enough.
7020 */
7021static int
Willy Tarreau83061a82018-07-13 11:56:34 +02007022ssl_sock_get_time(ASN1_TIME *tm, struct buffer *out)
Emeric Brunce5ad802012-10-22 14:11:22 +02007023{
7024 if (tm->type == V_ASN1_GENERALIZEDTIME) {
7025 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
7026
7027 if (gentm->length < 12)
7028 return 0;
7029 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
7030 return 0;
7031 if (out->size < gentm->length-2)
7032 return -1;
7033
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007034 memcpy(out->area, gentm->data+2, gentm->length-2);
7035 out->data = gentm->length-2;
Emeric Brunce5ad802012-10-22 14:11:22 +02007036 return 1;
7037 }
7038 else if (tm->type == V_ASN1_UTCTIME) {
7039 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
7040
7041 if (utctm->length < 10)
7042 return 0;
7043 if (utctm->data[0] >= 0x35)
7044 return 0;
7045 if (out->size < utctm->length)
7046 return -1;
7047
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007048 memcpy(out->area, utctm->data, utctm->length);
7049 out->data = utctm->length;
Emeric Brunce5ad802012-10-22 14:11:22 +02007050 return 1;
7051 }
7052
7053 return 0;
7054}
7055
Emeric Brun87855892012-10-17 17:39:35 +02007056/* Extract an entry from a X509_NAME and copy its value to an output chunk.
7057 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
7058 */
7059static int
Willy Tarreau83061a82018-07-13 11:56:34 +02007060ssl_sock_get_dn_entry(X509_NAME *a, const struct buffer *entry, int pos,
7061 struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02007062{
7063 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007064 ASN1_OBJECT *obj;
7065 ASN1_STRING *data;
7066 const unsigned char *data_ptr;
7067 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02007068 int i, j, n;
7069 int cur = 0;
7070 const char *s;
7071 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007072 int name_count;
7073
7074 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02007075
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007076 out->data = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007077 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02007078 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007079 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02007080 else
7081 j = i;
7082
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007083 ne = X509_NAME_get_entry(a, j);
7084 obj = X509_NAME_ENTRY_get_object(ne);
7085 data = X509_NAME_ENTRY_get_data(ne);
7086 data_ptr = ASN1_STRING_get0_data(data);
7087 data_len = ASN1_STRING_length(data);
7088 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02007089 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007090 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02007091 s = tmp;
7092 }
7093
7094 if (chunk_strcasecmp(entry, s) != 0)
7095 continue;
7096
7097 if (pos < 0)
7098 cur--;
7099 else
7100 cur++;
7101
7102 if (cur != pos)
7103 continue;
7104
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007105 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02007106 return -1;
7107
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007108 memcpy(out->area, data_ptr, data_len);
7109 out->data = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02007110 return 1;
7111 }
7112
7113 return 0;
7114
William Lallemandd4f946c2019-12-05 10:26:40 +01007115}
7116
7117/*
7118 * Extract and format the DNS SAN extensions and copy result into a chuink
7119 * Return 0;
7120 */
7121#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
7122static int ssl_sock_get_san_oneline(X509 *cert, struct buffer *out)
7123{
7124 int i;
7125 char *str;
7126 STACK_OF(GENERAL_NAME) *names = NULL;
7127
7128 names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
7129 if (names) {
7130 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
7131 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
7132 if (i > 0)
7133 chunk_appendf(out, ", ");
7134 if (name->type == GEN_DNS) {
7135 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
7136 chunk_appendf(out, "DNS:%s", str);
7137 OPENSSL_free(str);
7138 }
7139 }
7140 }
7141 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
7142 }
7143 return 0;
Emeric Brun87855892012-10-17 17:39:35 +02007144}
William Lallemandd4f946c2019-12-05 10:26:40 +01007145#endif
Emeric Brun87855892012-10-17 17:39:35 +02007146
7147/* Extract and format full DN from a X509_NAME and copy result into a chunk
7148 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
7149 */
7150static int
Willy Tarreau83061a82018-07-13 11:56:34 +02007151ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02007152{
7153 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007154 ASN1_OBJECT *obj;
7155 ASN1_STRING *data;
7156 const unsigned char *data_ptr;
7157 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02007158 int i, n, ln;
7159 int l = 0;
7160 const char *s;
7161 char *p;
7162 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007163 int name_count;
7164
7165
7166 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02007167
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007168 out->data = 0;
7169 p = out->area;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007170 for (i = 0; i < name_count; i++) {
7171 ne = X509_NAME_get_entry(a, i);
7172 obj = X509_NAME_ENTRY_get_object(ne);
7173 data = X509_NAME_ENTRY_get_data(ne);
7174 data_ptr = ASN1_STRING_get0_data(data);
7175 data_len = ASN1_STRING_length(data);
7176 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02007177 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007178 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02007179 s = tmp;
7180 }
7181 ln = strlen(s);
7182
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007183 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02007184 if (l > out->size)
7185 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007186 out->data = l;
Emeric Brun87855892012-10-17 17:39:35 +02007187
7188 *(p++)='/';
7189 memcpy(p, s, ln);
7190 p += ln;
7191 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007192 memcpy(p, data_ptr, data_len);
7193 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02007194 }
7195
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007196 if (!out->data)
Emeric Brun87855892012-10-17 17:39:35 +02007197 return 0;
7198
7199 return 1;
7200}
7201
Olivier Houchardab28a322018-12-21 19:45:40 +01007202void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int len)
7203{
7204#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Christopher Faulet82004142019-09-10 10:12:03 +02007205 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007206
Olivier Houcharde488ea82019-06-28 14:10:33 +02007207 if (!ssl_sock_is_ssl(conn))
7208 return;
Christopher Faulet82004142019-09-10 10:12:03 +02007209 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007210 SSL_set_alpn_protos(ctx->ssl, alpn, len);
Olivier Houchardab28a322018-12-21 19:45:40 +01007211#endif
7212}
7213
Willy Tarreau119a4082016-12-22 21:58:38 +01007214/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
7215 * to disable SNI.
7216 */
Willy Tarreau63076412015-07-10 11:33:32 +02007217void ssl_sock_set_servername(struct connection *conn, const char *hostname)
7218{
7219#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet82004142019-09-10 10:12:03 +02007220 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007221
Willy Tarreau119a4082016-12-22 21:58:38 +01007222 char *prev_name;
7223
Willy Tarreau63076412015-07-10 11:33:32 +02007224 if (!ssl_sock_is_ssl(conn))
7225 return;
Christopher Faulet82004142019-09-10 10:12:03 +02007226 ctx = conn->xprt_ctx;
Willy Tarreau63076412015-07-10 11:33:32 +02007227
Willy Tarreau119a4082016-12-22 21:58:38 +01007228 /* if the SNI changes, we must destroy the reusable context so that a
7229 * new connection will present a new SNI. As an optimization we could
7230 * later imagine having a small cache of ssl_ctx to hold a few SNI per
7231 * server.
7232 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007233 prev_name = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau119a4082016-12-22 21:58:38 +01007234 if ((!prev_name && hostname) ||
7235 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
Olivier Houchard66ab4982019-02-26 18:37:15 +01007236 SSL_set_session(ctx->ssl, NULL);
Willy Tarreau119a4082016-12-22 21:58:38 +01007237
Olivier Houchard66ab4982019-02-26 18:37:15 +01007238 SSL_set_tlsext_host_name(ctx->ssl, hostname);
Willy Tarreau63076412015-07-10 11:33:32 +02007239#endif
7240}
7241
Emeric Brun0abf8362014-06-24 18:26:41 +02007242/* Extract peer certificate's common name into the chunk dest
7243 * Returns
7244 * the len of the extracted common name
7245 * or 0 if no CN found in DN
7246 * or -1 on error case (i.e. no peer certificate)
7247 */
Willy Tarreau83061a82018-07-13 11:56:34 +02007248int ssl_sock_get_remote_common_name(struct connection *conn,
7249 struct buffer *dest)
David Safb76832014-05-08 23:42:08 -04007250{
Christopher Faulet82004142019-09-10 10:12:03 +02007251 struct ssl_sock_ctx *ctx;
David Safb76832014-05-08 23:42:08 -04007252 X509 *crt = NULL;
7253 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04007254 const char find_cn[] = "CN";
Willy Tarreau83061a82018-07-13 11:56:34 +02007255 const struct buffer find_cn_chunk = {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007256 .area = (char *)&find_cn,
7257 .data = sizeof(find_cn)-1
David Safb76832014-05-08 23:42:08 -04007258 };
Emeric Brun0abf8362014-06-24 18:26:41 +02007259 int result = -1;
David Safb76832014-05-08 23:42:08 -04007260
7261 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02007262 goto out;
Christopher Faulet82004142019-09-10 10:12:03 +02007263 ctx = conn->xprt_ctx;
David Safb76832014-05-08 23:42:08 -04007264
7265 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007266 crt = SSL_get_peer_certificate(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04007267 if (!crt)
7268 goto out;
7269
7270 name = X509_get_subject_name(crt);
7271 if (!name)
7272 goto out;
David Safb76832014-05-08 23:42:08 -04007273
Emeric Brun0abf8362014-06-24 18:26:41 +02007274 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
7275out:
David Safb76832014-05-08 23:42:08 -04007276 if (crt)
7277 X509_free(crt);
7278
7279 return result;
7280}
7281
Dave McCowan328fb582014-07-30 10:39:13 -04007282/* returns 1 if client passed a certificate for this session, 0 if not */
7283int ssl_sock_get_cert_used_sess(struct connection *conn)
7284{
Christopher Faulet82004142019-09-10 10:12:03 +02007285 struct ssl_sock_ctx *ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04007286 X509 *crt = NULL;
7287
7288 if (!ssl_sock_is_ssl(conn))
7289 return 0;
Christopher Faulet82004142019-09-10 10:12:03 +02007290 ctx = conn->xprt_ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04007291
7292 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007293 crt = SSL_get_peer_certificate(ctx->ssl);
Dave McCowan328fb582014-07-30 10:39:13 -04007294 if (!crt)
7295 return 0;
7296
7297 X509_free(crt);
7298 return 1;
7299}
7300
7301/* returns 1 if client passed a certificate for this connection, 0 if not */
7302int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04007303{
Christopher Faulet82004142019-09-10 10:12:03 +02007304 struct ssl_sock_ctx *ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007305
David Safb76832014-05-08 23:42:08 -04007306 if (!ssl_sock_is_ssl(conn))
7307 return 0;
Christopher Faulet82004142019-09-10 10:12:03 +02007308 ctx = conn->xprt_ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007309 return SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
David Safb76832014-05-08 23:42:08 -04007310}
7311
7312/* returns result from SSL verify */
7313unsigned int ssl_sock_get_verify_result(struct connection *conn)
7314{
Christopher Faulet82004142019-09-10 10:12:03 +02007315 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007316
David Safb76832014-05-08 23:42:08 -04007317 if (!ssl_sock_is_ssl(conn))
7318 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
Christopher Faulet82004142019-09-10 10:12:03 +02007319 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007320 return (unsigned int)SSL_get_verify_result(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04007321}
7322
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007323/* Returns the application layer protocol name in <str> and <len> when known.
7324 * Zero is returned if the protocol name was not found, otherwise non-zero is
7325 * returned. The string is allocated in the SSL context and doesn't have to be
7326 * freed by the caller. NPN is also checked if available since older versions
7327 * of openssl (1.0.1) which are more common in field only support this one.
7328 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01007329static int ssl_sock_get_alpn(const struct connection *conn, void *xprt_ctx, const char **str, int *len)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007330{
Olivier Houchard66ab4982019-02-26 18:37:15 +01007331#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) || \
7332 defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houcharde179d0e2019-03-21 18:27:17 +01007333 struct ssl_sock_ctx *ctx = xprt_ctx;
7334 if (!ctx)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007335 return 0;
7336
7337 *str = NULL;
7338
7339#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Olivier Houchard66ab4982019-02-26 18:37:15 +01007340 SSL_get0_alpn_selected(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007341 if (*str)
7342 return 1;
7343#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01007344#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007345 SSL_get0_next_proto_negotiated(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007346 if (*str)
7347 return 1;
7348#endif
Olivier Houcharde179d0e2019-03-21 18:27:17 +01007349#endif
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007350 return 0;
7351}
7352
Willy Tarreau7875d092012-09-10 08:20:03 +02007353/***** Below are some sample fetching functions for ACL/patterns *****/
7354
Olivier Houchardccaa7de2017-10-02 11:51:03 +02007355static int
7356smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
7357{
7358 struct connection *conn;
7359
7360 conn = objt_conn(smp->sess->origin);
7361 if (!conn || conn->xprt != &ssl_sock)
7362 return 0;
7363
7364 smp->flags = 0;
7365 smp->data.type = SMP_T_BOOL;
Emmanuel Hocdetc9858012019-08-07 14:44:49 +02007366#ifdef OPENSSL_IS_BORINGSSL
7367 {
7368 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
7369 smp->data.u.sint = (SSL_in_early_data(ctx->ssl) &&
7370 SSL_early_data_accepted(ctx->ssl));
7371 }
7372#else
Olivier Houchard25ae45a2017-11-29 19:51:19 +01007373 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
7374 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_HANDSHAKE))) ? 1 : 0;
Emmanuel Hocdetc9858012019-08-07 14:44:49 +02007375#endif
Olivier Houchardccaa7de2017-10-02 11:51:03 +02007376 return 1;
7377}
7378
Emeric Brune64aef12012-09-21 13:15:06 +02007379/* boolean, returns true if client cert was present */
7380static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007381smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02007382{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007383 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007384 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007385
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007386 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007387 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02007388 return 0;
7389
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007390 ctx = conn->xprt_ctx;
7391
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007392 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02007393 smp->flags |= SMP_F_MAY_CHANGE;
7394 return 0;
7395 }
7396
7397 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007398 smp->data.type = SMP_T_BOOL;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007399 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02007400
7401 return 1;
7402}
7403
Emeric Brun43e79582014-10-29 19:03:26 +01007404/* binary, returns a certificate in a binary chunk (der/raw).
7405 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7406 * should be use.
7407 */
7408static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007409smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01007410{
7411 int cert_peer = (kw[4] == 'c') ? 1 : 0;
7412 X509 *crt = NULL;
7413 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007414 struct buffer *smp_trash;
Emeric Brun43e79582014-10-29 19:03:26 +01007415 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007416 struct ssl_sock_ctx *ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01007417
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007418 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01007419 if (!conn || conn->xprt != &ssl_sock)
7420 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007421 ctx = conn->xprt_ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01007422
7423 if (!(conn->flags & CO_FL_CONNECTED)) {
7424 smp->flags |= SMP_F_MAY_CHANGE;
7425 return 0;
7426 }
7427
7428 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007429 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01007430 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007431 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01007432
7433 if (!crt)
7434 goto out;
7435
7436 smp_trash = get_trash_chunk();
7437 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
7438 goto out;
7439
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007440 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007441 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01007442 ret = 1;
7443out:
7444 /* SSL_get_peer_certificate, it increase X509 * ref count */
7445 if (cert_peer && crt)
7446 X509_free(crt);
7447 return ret;
7448}
7449
Emeric Brunba841a12014-04-30 17:05:08 +02007450/* binary, returns serial of certificate in a binary chunk.
7451 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7452 * should be use.
7453 */
Willy Tarreau8d598402012-10-22 17:58:39 +02007454static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007455smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02007456{
Emeric Brunba841a12014-04-30 17:05:08 +02007457 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02007458 X509 *crt = NULL;
7459 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007460 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007461 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007462 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007463
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007464 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007465 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02007466 return 0;
7467
Olivier Houchard66ab4982019-02-26 18:37:15 +01007468 ctx = conn->xprt_ctx;
7469
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007470 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02007471 smp->flags |= SMP_F_MAY_CHANGE;
7472 return 0;
7473 }
7474
Emeric Brunba841a12014-04-30 17:05:08 +02007475 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007476 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007477 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007478 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007479
Willy Tarreau8d598402012-10-22 17:58:39 +02007480 if (!crt)
7481 goto out;
7482
Willy Tarreau47ca5452012-12-23 20:22:19 +01007483 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02007484 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
7485 goto out;
7486
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007487 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007488 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02007489 ret = 1;
7490out:
Emeric Brunba841a12014-04-30 17:05:08 +02007491 /* SSL_get_peer_certificate, it increase X509 * ref count */
7492 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02007493 X509_free(crt);
7494 return ret;
7495}
Emeric Brune64aef12012-09-21 13:15:06 +02007496
Emeric Brunba841a12014-04-30 17:05:08 +02007497/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
7498 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7499 * should be use.
7500 */
James Votha051b4a2013-05-14 20:37:59 +02007501static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007502smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02007503{
Emeric Brunba841a12014-04-30 17:05:08 +02007504 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02007505 X509 *crt = NULL;
7506 const EVP_MD *digest;
7507 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007508 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007509 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007510 struct ssl_sock_ctx *ctx;
James Votha051b4a2013-05-14 20:37:59 +02007511
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007512 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007513 if (!conn || conn->xprt != &ssl_sock)
7514 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007515 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007516
7517 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02007518 smp->flags |= SMP_F_MAY_CHANGE;
7519 return 0;
7520 }
7521
Emeric Brunba841a12014-04-30 17:05:08 +02007522 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007523 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007524 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007525 crt = SSL_get_certificate(ctx->ssl);
James Votha051b4a2013-05-14 20:37:59 +02007526 if (!crt)
7527 goto out;
7528
7529 smp_trash = get_trash_chunk();
7530 digest = EVP_sha1();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007531 X509_digest(crt, digest, (unsigned char *) smp_trash->area,
7532 (unsigned int *)&smp_trash->data);
James Votha051b4a2013-05-14 20:37:59 +02007533
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007534 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007535 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02007536 ret = 1;
7537out:
Emeric Brunba841a12014-04-30 17:05:08 +02007538 /* SSL_get_peer_certificate, it increase X509 * ref count */
7539 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02007540 X509_free(crt);
7541 return ret;
7542}
7543
Emeric Brunba841a12014-04-30 17:05:08 +02007544/* string, returns certificate's notafter date in ASN1_UTCTIME format.
7545 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7546 * should be use.
7547 */
Emeric Brunce5ad802012-10-22 14:11:22 +02007548static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007549smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02007550{
Emeric Brunba841a12014-04-30 17:05:08 +02007551 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02007552 X509 *crt = NULL;
7553 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007554 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007555 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007556 struct ssl_sock_ctx *ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02007557
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007558 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007559 if (!conn || conn->xprt != &ssl_sock)
7560 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007561 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007562
7563 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02007564 smp->flags |= SMP_F_MAY_CHANGE;
7565 return 0;
7566 }
7567
Emeric Brunba841a12014-04-30 17:05:08 +02007568 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007569 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007570 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007571 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02007572 if (!crt)
7573 goto out;
7574
Willy Tarreau47ca5452012-12-23 20:22:19 +01007575 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08007576 if (ssl_sock_get_time(X509_getm_notAfter(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02007577 goto out;
7578
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007579 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007580 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02007581 ret = 1;
7582out:
Emeric Brunba841a12014-04-30 17:05:08 +02007583 /* SSL_get_peer_certificate, it increase X509 * ref count */
7584 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02007585 X509_free(crt);
7586 return ret;
7587}
7588
Emeric Brunba841a12014-04-30 17:05:08 +02007589/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
7590 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7591 * should be use.
7592 */
Emeric Brun87855892012-10-17 17:39:35 +02007593static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007594smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02007595{
Emeric Brunba841a12014-04-30 17:05:08 +02007596 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02007597 X509 *crt = NULL;
7598 X509_NAME *name;
7599 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007600 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007601 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007602 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02007603
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007604 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007605 if (!conn || conn->xprt != &ssl_sock)
7606 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007607 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007608
7609 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02007610 smp->flags |= SMP_F_MAY_CHANGE;
7611 return 0;
7612 }
7613
Emeric Brunba841a12014-04-30 17:05:08 +02007614 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007615 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007616 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007617 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02007618 if (!crt)
7619 goto out;
7620
7621 name = X509_get_issuer_name(crt);
7622 if (!name)
7623 goto out;
7624
Willy Tarreau47ca5452012-12-23 20:22:19 +01007625 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02007626 if (args && args[0].type == ARGT_STR) {
7627 int pos = 1;
7628
7629 if (args[1].type == ARGT_SINT)
7630 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02007631
7632 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
7633 goto out;
7634 }
7635 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
7636 goto out;
7637
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007638 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007639 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02007640 ret = 1;
7641out:
Emeric Brunba841a12014-04-30 17:05:08 +02007642 /* SSL_get_peer_certificate, it increase X509 * ref count */
7643 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02007644 X509_free(crt);
7645 return ret;
7646}
7647
Emeric Brunba841a12014-04-30 17:05:08 +02007648/* string, returns notbefore date in ASN1_UTCTIME format.
7649 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7650 * should be use.
7651 */
Emeric Brunce5ad802012-10-22 14:11:22 +02007652static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007653smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02007654{
Emeric Brunba841a12014-04-30 17:05:08 +02007655 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02007656 X509 *crt = NULL;
7657 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007658 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007659 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007660 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007661
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007662 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007663 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02007664 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007665 ctx = conn->xprt_ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02007666
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007667 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02007668 smp->flags |= SMP_F_MAY_CHANGE;
7669 return 0;
7670 }
7671
Emeric Brunba841a12014-04-30 17:05:08 +02007672 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007673 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007674 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007675 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02007676 if (!crt)
7677 goto out;
7678
Willy Tarreau47ca5452012-12-23 20:22:19 +01007679 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08007680 if (ssl_sock_get_time(X509_getm_notBefore(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02007681 goto out;
7682
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007683 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007684 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02007685 ret = 1;
7686out:
Emeric Brunba841a12014-04-30 17:05:08 +02007687 /* SSL_get_peer_certificate, it increase X509 * ref count */
7688 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02007689 X509_free(crt);
7690 return ret;
7691}
7692
Emeric Brunba841a12014-04-30 17:05:08 +02007693/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
7694 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7695 * should be use.
7696 */
Emeric Brun87855892012-10-17 17:39:35 +02007697static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007698smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02007699{
Emeric Brunba841a12014-04-30 17:05:08 +02007700 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02007701 X509 *crt = NULL;
7702 X509_NAME *name;
7703 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007704 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007705 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007706 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02007707
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007708 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007709 if (!conn || conn->xprt != &ssl_sock)
7710 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007711 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007712
7713 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02007714 smp->flags |= SMP_F_MAY_CHANGE;
7715 return 0;
7716 }
7717
Emeric Brunba841a12014-04-30 17:05:08 +02007718 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007719 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007720 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007721 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02007722 if (!crt)
7723 goto out;
7724
7725 name = X509_get_subject_name(crt);
7726 if (!name)
7727 goto out;
7728
Willy Tarreau47ca5452012-12-23 20:22:19 +01007729 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02007730 if (args && args[0].type == ARGT_STR) {
7731 int pos = 1;
7732
7733 if (args[1].type == ARGT_SINT)
7734 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02007735
7736 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
7737 goto out;
7738 }
7739 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
7740 goto out;
7741
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007742 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007743 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02007744 ret = 1;
7745out:
Emeric Brunba841a12014-04-30 17:05:08 +02007746 /* SSL_get_peer_certificate, it increase X509 * ref count */
7747 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02007748 X509_free(crt);
7749 return ret;
7750}
Emeric Brun9143d372012-12-20 15:44:16 +01007751
7752/* integer, returns true if current session use a client certificate */
7753static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007754smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01007755{
7756 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007757 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007758 struct ssl_sock_ctx *ctx;
Emeric Brun9143d372012-12-20 15:44:16 +01007759
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007760 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007761 if (!conn || conn->xprt != &ssl_sock)
7762 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007763 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007764
7765 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01007766 smp->flags |= SMP_F_MAY_CHANGE;
7767 return 0;
7768 }
7769
7770 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007771 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun9143d372012-12-20 15:44:16 +01007772 if (crt) {
7773 X509_free(crt);
7774 }
7775
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007776 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007777 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01007778 return 1;
7779}
7780
Emeric Brunba841a12014-04-30 17:05:08 +02007781/* integer, returns the certificate version
7782 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7783 * should be use.
7784 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02007785static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007786smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007787{
Emeric Brunba841a12014-04-30 17:05:08 +02007788 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007789 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007790 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007791 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007792
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007793 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007794 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007795 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007796 ctx = conn->xprt_ctx;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007797
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007798 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02007799 smp->flags |= SMP_F_MAY_CHANGE;
7800 return 0;
7801 }
7802
Emeric Brunba841a12014-04-30 17:05:08 +02007803 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007804 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007805 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007806 crt = SSL_get_certificate(ctx->ssl);
Emeric Bruna7359fd2012-10-17 15:03:11 +02007807 if (!crt)
7808 return 0;
7809
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007810 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02007811 /* SSL_get_peer_certificate increase X509 * ref count */
7812 if (cert_peer)
7813 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007814 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007815
7816 return 1;
7817}
7818
Emeric Brunba841a12014-04-30 17:05:08 +02007819/* string, returns the certificate's signature algorithm.
7820 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7821 * should be use.
7822 */
Emeric Brun7f56e742012-10-19 18:15:40 +02007823static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007824smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02007825{
Emeric Brunba841a12014-04-30 17:05:08 +02007826 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02007827 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007828 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02007829 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007830 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007831 struct ssl_sock_ctx *ctx;
Emeric Brun7f56e742012-10-19 18:15:40 +02007832
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007833 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007834 if (!conn || conn->xprt != &ssl_sock)
7835 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007836 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007837
7838 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02007839 smp->flags |= SMP_F_MAY_CHANGE;
7840 return 0;
7841 }
7842
Emeric Brunba841a12014-04-30 17:05:08 +02007843 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007844 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007845 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007846 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun7f56e742012-10-19 18:15:40 +02007847 if (!crt)
7848 return 0;
7849
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007850 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
7851 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02007852
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007853 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7854 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007855 /* SSL_get_peer_certificate increase X509 * ref count */
7856 if (cert_peer)
7857 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007858 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007859 }
Emeric Brun7f56e742012-10-19 18:15:40 +02007860
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007861 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007862 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007863 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007864 /* SSL_get_peer_certificate increase X509 * ref count */
7865 if (cert_peer)
7866 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007867
7868 return 1;
7869}
7870
Emeric Brunba841a12014-04-30 17:05:08 +02007871/* string, returns the certificate's key algorithm.
7872 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7873 * should be use.
7874 */
Emeric Brun521a0112012-10-22 12:22:55 +02007875static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007876smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02007877{
Emeric Brunba841a12014-04-30 17:05:08 +02007878 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02007879 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007880 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02007881 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007882 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007883 struct ssl_sock_ctx *ctx;
Emeric Brun521a0112012-10-22 12:22:55 +02007884
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007885 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007886 if (!conn || conn->xprt != &ssl_sock)
7887 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007888 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007889
7890 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02007891 smp->flags |= SMP_F_MAY_CHANGE;
7892 return 0;
7893 }
7894
Emeric Brunba841a12014-04-30 17:05:08 +02007895 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007896 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007897 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007898 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun521a0112012-10-22 12:22:55 +02007899 if (!crt)
7900 return 0;
7901
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007902 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
7903 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02007904
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007905 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7906 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007907 /* SSL_get_peer_certificate increase X509 * ref count */
7908 if (cert_peer)
7909 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007910 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007911 }
Emeric Brun521a0112012-10-22 12:22:55 +02007912
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007913 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007914 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007915 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007916 if (cert_peer)
7917 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007918
7919 return 1;
7920}
7921
Emeric Brun645ae792014-04-30 14:21:06 +02007922/* boolean, returns true if front conn. transport layer is SSL.
7923 * This function is also usable on backend conn if the fetch keyword 5th
7924 * char is 'b'.
7925 */
Willy Tarreau7875d092012-09-10 08:20:03 +02007926static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007927smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007928{
Emeric Bruneb8def92018-02-19 15:59:48 +01007929 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7930 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007931
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007932 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007933 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02007934 return 1;
7935}
7936
Emeric Brun2525b6b2012-10-18 15:59:43 +02007937/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02007938static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007939smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007940{
7941#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007942 struct connection *conn = objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007943 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007944
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007945 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007946 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007947 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007948 SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02007949 return 1;
7950#else
7951 return 0;
7952#endif
7953}
7954
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007955/* boolean, returns true if client session has been resumed.
7956 * This function is also usable on backend conn if the fetch keyword 5th
7957 * char is 'b'.
7958 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007959static int
7960smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
7961{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007962 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7963 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007964 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007965
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007966
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007967 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007968 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007969 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007970 SSL_session_reused(ctx->ssl);
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007971 return 1;
7972}
7973
Emeric Brun645ae792014-04-30 14:21:06 +02007974/* string, returns the used cipher if front conn. transport layer is SSL.
7975 * This function is also usable on backend conn if the fetch keyword 5th
7976 * char is 'b'.
7977 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007978static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007979smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007980{
Emeric Bruneb8def92018-02-19 15:59:48 +01007981 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7982 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007983 struct ssl_sock_ctx *ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007984
Willy Tarreaube508f12016-03-10 11:47:01 +01007985 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007986 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007987 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007988 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007989
Olivier Houchard66ab4982019-02-26 18:37:15 +01007990 smp->data.u.str.area = (char *)SSL_get_cipher_name(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007991 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007992 return 0;
7993
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007994 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007995 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007996 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007997
7998 return 1;
7999}
8000
Emeric Brun645ae792014-04-30 14:21:06 +02008001/* integer, returns the algoritm's keysize if front conn. transport layer
8002 * is SSL.
8003 * This function is also usable on backend conn if the fetch keyword 5th
8004 * char is 'b'.
8005 */
Emeric Brun589fcad2012-10-16 14:13:26 +02008006static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008007smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02008008{
Emeric Bruneb8def92018-02-19 15:59:48 +01008009 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8010 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008011 struct ssl_sock_ctx *ctx;
Willy Tarreaue237fe12016-03-10 17:05:28 +01008012 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01008013
Emeric Brun589fcad2012-10-16 14:13:26 +02008014 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008015 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02008016 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008017 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02008018
Olivier Houchard66ab4982019-02-26 18:37:15 +01008019 if (!SSL_get_cipher_bits(ctx->ssl, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008020 return 0;
8021
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02008022 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008023 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02008024
8025 return 1;
8026}
8027
Emeric Brun645ae792014-04-30 14:21:06 +02008028/* integer, returns the used keysize if front conn. transport layer is SSL.
8029 * This function is also usable on backend conn if the fetch keyword 5th
8030 * char is 'b'.
8031 */
Emeric Brun589fcad2012-10-16 14:13:26 +02008032static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008033smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02008034{
Emeric Bruneb8def92018-02-19 15:59:48 +01008035 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8036 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008037 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01008038
Emeric Brun589fcad2012-10-16 14:13:26 +02008039 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008040 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8041 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008042 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008043
Olivier Houchard66ab4982019-02-26 18:37:15 +01008044 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(ctx->ssl, NULL);
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02008045 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02008046 return 0;
8047
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008048 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02008049
8050 return 1;
8051}
8052
Bernard Spil13c53f82018-02-15 13:34:58 +01008053#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau7875d092012-09-10 08:20:03 +02008054static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008055smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02008056{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008057 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008058 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008059
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008060 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008061 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02008062
Olivier Houchard6b77f492018-11-22 18:18:29 +01008063 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
8064 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008065 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8066 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008067 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008068
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008069 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008070 SSL_get0_next_proto_negotiated(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008071 (const unsigned char **)&smp->data.u.str.area,
8072 (unsigned *)&smp->data.u.str.data);
Willy Tarreaua33c6542012-10-15 13:19:06 +02008073
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008074 if (!smp->data.u.str.area)
Willy Tarreaua33c6542012-10-15 13:19:06 +02008075 return 0;
8076
8077 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02008078}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008079#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02008080
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008081#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02008082static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008083smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02008084{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008085 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008086 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008087
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008088 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008089 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02008090
Olivier Houchard6b77f492018-11-22 18:18:29 +01008091 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
8092 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
8093
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008094 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02008095 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008096 ctx = conn->xprt_ctx;
Willy Tarreauab861d32013-04-02 02:30:41 +02008097
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008098 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008099 SSL_get0_alpn_selected(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008100 (const unsigned char **)&smp->data.u.str.area,
8101 (unsigned *)&smp->data.u.str.data);
Willy Tarreauab861d32013-04-02 02:30:41 +02008102
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008103 if (!smp->data.u.str.area)
Willy Tarreauab861d32013-04-02 02:30:41 +02008104 return 0;
8105
8106 return 1;
8107}
8108#endif
8109
Emeric Brun645ae792014-04-30 14:21:06 +02008110/* string, returns the used protocol if front conn. transport layer is SSL.
8111 * This function is also usable on backend conn if the fetch keyword 5th
8112 * char is 'b'.
8113 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02008114static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008115smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02008116{
Emeric Bruneb8def92018-02-19 15:59:48 +01008117 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8118 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008119 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01008120
Emeric Brun589fcad2012-10-16 14:13:26 +02008121 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008122 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8123 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008124 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008125
Olivier Houchard66ab4982019-02-26 18:37:15 +01008126 smp->data.u.str.area = (char *)SSL_get_version(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008127 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02008128 return 0;
8129
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008130 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008131 smp->flags = SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008132 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02008133
8134 return 1;
8135}
8136
Willy Tarreau87b09662015-04-03 00:22:06 +02008137/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02008138 * This function is also usable on backend conn if the fetch keyword 5th
8139 * char is 'b'.
8140 */
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008141#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun589fcad2012-10-16 14:13:26 +02008142static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008143smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02008144{
Emeric Bruneb8def92018-02-19 15:59:48 +01008145 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8146 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01008147 SSL_SESSION *ssl_sess;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008148 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01008149
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008150 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008151 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02008152
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008153 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8154 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008155 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008156
Olivier Houchard66ab4982019-02-26 18:37:15 +01008157 ssl_sess = SSL_get_session(ctx->ssl);
Willy Tarreau192252e2015-04-04 01:47:55 +02008158 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02008159 return 0;
8160
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008161 smp->data.u.str.area = (char *)SSL_SESSION_get_id(ssl_sess,
8162 (unsigned int *)&smp->data.u.str.data);
8163 if (!smp->data.u.str.area || !smp->data.u.str.data)
Emeric Brunfe68f682012-10-16 14:59:28 +02008164 return 0;
8165
8166 return 1;
Emeric Brunfe68f682012-10-16 14:59:28 +02008167}
Patrick Hemmer41966772018-04-28 19:15:48 -04008168#endif
8169
Emeric Brunfe68f682012-10-16 14:59:28 +02008170
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008171#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmere0275472018-04-28 19:15:51 -04008172static int
Patrick Hemmer65674662019-06-04 08:13:03 -04008173smp_fetch_ssl_fc_random(const struct arg *args, struct sample *smp, const char *kw, void *private)
8174{
8175 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8176 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
8177 struct buffer *data;
8178 struct ssl_sock_ctx *ctx;
8179
8180 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8181 return 0;
8182 ctx = conn->xprt_ctx;
8183
8184 data = get_trash_chunk();
8185 if (kw[7] == 'c')
8186 data->data = SSL_get_client_random(ctx->ssl,
8187 (unsigned char *) data->area,
8188 data->size);
8189 else
8190 data->data = SSL_get_server_random(ctx->ssl,
8191 (unsigned char *) data->area,
8192 data->size);
8193 if (!data->data)
8194 return 0;
8195
8196 smp->flags = 0;
8197 smp->data.type = SMP_T_BIN;
8198 smp->data.u.str = *data;
8199
8200 return 1;
8201}
8202
8203static int
Patrick Hemmere0275472018-04-28 19:15:51 -04008204smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
8205{
8206 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8207 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
8208 SSL_SESSION *ssl_sess;
Willy Tarreau83061a82018-07-13 11:56:34 +02008209 struct buffer *data;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008210 struct ssl_sock_ctx *ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04008211
8212 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8213 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008214 ctx = conn->xprt_ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04008215
Olivier Houchard66ab4982019-02-26 18:37:15 +01008216 ssl_sess = SSL_get_session(ctx->ssl);
Patrick Hemmere0275472018-04-28 19:15:51 -04008217 if (!ssl_sess)
8218 return 0;
8219
8220 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008221 data->data = SSL_SESSION_get_master_key(ssl_sess,
8222 (unsigned char *) data->area,
8223 data->size);
8224 if (!data->data)
Patrick Hemmere0275472018-04-28 19:15:51 -04008225 return 0;
8226
8227 smp->flags = 0;
8228 smp->data.type = SMP_T_BIN;
8229 smp->data.u.str = *data;
8230
8231 return 1;
8232}
8233#endif
8234
Patrick Hemmer41966772018-04-28 19:15:48 -04008235#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emeric Brunfe68f682012-10-16 14:59:28 +02008236static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008237smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02008238{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008239 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008240 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008241
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008242 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008243 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02008244
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008245 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008246 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8247 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008248 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008249
Olivier Houchard66ab4982019-02-26 18:37:15 +01008250 smp->data.u.str.area = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008251 if (!smp->data.u.str.area)
Willy Tarreau3e394c92012-09-14 23:56:58 +02008252 return 0;
8253
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008254 smp->data.u.str.data = strlen(smp->data.u.str.area);
Willy Tarreau7875d092012-09-10 08:20:03 +02008255 return 1;
Willy Tarreau7875d092012-09-10 08:20:03 +02008256}
Patrick Hemmer41966772018-04-28 19:15:48 -04008257#endif
Willy Tarreau7875d092012-09-10 08:20:03 +02008258
David Sc1ad52e2014-04-08 18:48:47 -04008259static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008260smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
8261{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008262 struct connection *conn;
8263 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008264 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008265
8266 conn = objt_conn(smp->sess->origin);
8267 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8268 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008269 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008270
Olivier Houchard66ab4982019-02-26 18:37:15 +01008271 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008272 if (!capture)
8273 return 0;
8274
8275 smp->flags = SMP_F_CONST;
8276 smp->data.type = SMP_T_BIN;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008277 smp->data.u.str.area = capture->ciphersuite;
8278 smp->data.u.str.data = capture->ciphersuite_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008279 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008280}
8281
8282static int
8283smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
8284{
Willy Tarreau83061a82018-07-13 11:56:34 +02008285 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008286
8287 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
8288 return 0;
8289
8290 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008291 dump_binary(data, smp->data.u.str.area, smp->data.u.str.data);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008292 smp->data.type = SMP_T_BIN;
8293 smp->data.u.str = *data;
8294 return 1;
8295}
8296
8297static int
8298smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
8299{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008300 struct connection *conn;
8301 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008302 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008303
8304 conn = objt_conn(smp->sess->origin);
8305 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8306 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008307 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008308
Olivier Houchard66ab4982019-02-26 18:37:15 +01008309 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008310 if (!capture)
8311 return 0;
8312
8313 smp->data.type = SMP_T_SINT;
8314 smp->data.u.sint = capture->xxh64;
8315 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008316}
8317
8318static int
8319smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
8320{
Willy Tarreau5db847a2019-05-09 14:13:35 +02008321#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL)
Willy Tarreau83061a82018-07-13 11:56:34 +02008322 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008323 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008324
8325 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
8326 return 0;
8327
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008328 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008329 for (i = 0; i + 1 < smp->data.u.str.data; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02008330 const char *str;
8331 const SSL_CIPHER *cipher;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008332 const unsigned char *bin = (const unsigned char *) smp->data.u.str.area + i;
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02008333 uint16_t id = (bin[0] << 8) | bin[1];
8334#if defined(OPENSSL_IS_BORINGSSL)
8335 cipher = SSL_get_cipher_by_value(id);
8336#else
Willy Tarreaub7290772018-10-15 11:01:59 +02008337 struct connection *conn = __objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01008338 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
8339 cipher = SSL_CIPHER_find(ctx->ssl, bin);
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02008340#endif
8341 str = SSL_CIPHER_get_name(cipher);
8342 if (!str || strcmp(str, "(NONE)") == 0)
8343 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008344 else
8345 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
8346 }
8347 smp->data.type = SMP_T_STR;
8348 smp->data.u.str = *data;
8349 return 1;
8350#else
8351 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
8352#endif
8353}
8354
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008355#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008356static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008357smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04008358{
Emeric Bruneb8def92018-02-19 15:59:48 +01008359 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8360 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04008361 int finished_len;
Willy Tarreau83061a82018-07-13 11:56:34 +02008362 struct buffer *finished_trash;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008363 struct ssl_sock_ctx *ctx;
David Sc1ad52e2014-04-08 18:48:47 -04008364
8365 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04008366 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8367 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008368 ctx = conn->xprt_ctx;
David Sc1ad52e2014-04-08 18:48:47 -04008369
8370 if (!(conn->flags & CO_FL_CONNECTED)) {
8371 smp->flags |= SMP_F_MAY_CHANGE;
8372 return 0;
8373 }
8374
8375 finished_trash = get_trash_chunk();
Olivier Houchard66ab4982019-02-26 18:37:15 +01008376 if (!SSL_session_reused(ctx->ssl))
8377 finished_len = SSL_get_peer_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008378 finished_trash->area,
8379 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04008380 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01008381 finished_len = SSL_get_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008382 finished_trash->area,
8383 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04008384
8385 if (!finished_len)
8386 return 0;
8387
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008388 finished_trash->data = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02008389 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008390 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04008391
8392 return 1;
David Sc1ad52e2014-04-08 18:48:47 -04008393}
Patrick Hemmer41966772018-04-28 19:15:48 -04008394#endif
David Sc1ad52e2014-04-08 18:48:47 -04008395
Emeric Brun2525b6b2012-10-18 15:59:43 +02008396/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02008397static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008398smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02008399{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008400 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008401 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008402
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008403 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008404 if (!conn || conn->xprt != &ssl_sock)
8405 return 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008406 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008407
8408 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02008409 smp->flags = SMP_F_MAY_CHANGE;
8410 return 0;
8411 }
8412
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008413 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008414 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02008415 smp->flags = 0;
8416
8417 return 1;
8418}
8419
Emeric Brun2525b6b2012-10-18 15:59:43 +02008420/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02008421static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008422smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02008423{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008424 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008425 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008426
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008427 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008428 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02008429 return 0;
8430
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008431 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02008432 smp->flags = SMP_F_MAY_CHANGE;
8433 return 0;
8434 }
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008435 ctx = conn->xprt_ctx;
Emeric Brunf282a812012-09-21 15:27:54 +02008436
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008437 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008438 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02008439 smp->flags = 0;
8440
8441 return 1;
8442}
8443
Emeric Brun2525b6b2012-10-18 15:59:43 +02008444/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02008445static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008446smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02008447{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008448 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008449 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008450
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008451 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008452 if (!conn || conn->xprt != &ssl_sock)
8453 return 0;
8454
8455 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02008456 smp->flags = SMP_F_MAY_CHANGE;
8457 return 0;
8458 }
8459
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008460 ctx = conn->xprt_ctx;
8461
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008462 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008463 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02008464 smp->flags = 0;
8465
8466 return 1;
8467}
8468
Emeric Brun2525b6b2012-10-18 15:59:43 +02008469/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008470static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008471smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008472{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008473 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008474 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008475
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008476 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008477 if (!conn || conn->xprt != &ssl_sock)
8478 return 0;
8479
8480 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008481 smp->flags = SMP_F_MAY_CHANGE;
8482 return 0;
8483 }
8484
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008485 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008486 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008487 ctx = conn->xprt_ctx;
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008488
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008489 smp->data.type = SMP_T_SINT;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008490 smp->data.u.sint = (long long int)SSL_get_verify_result(ctx->ssl);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008491 smp->flags = 0;
8492
8493 return 1;
8494}
8495
Emeric Brunfb510ea2012-10-05 12:00:26 +02008496/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008497static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008498{
8499 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008500 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
Emeric Brund94b3fe2012-09-20 18:23:56 +02008501 return ERR_ALERT | ERR_FATAL;
8502 }
8503
Willy Tarreauef934602016-12-22 23:12:01 +01008504 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
8505 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008506 else
8507 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02008508
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +02008509 if (!ssl_store_load_locations_file(conf->ca_file)) {
8510 memprintf(err, "'%s' : unable to load %s", args[cur_arg], conf->ca_file);
8511 return ERR_ALERT | ERR_FATAL;
8512 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02008513 return 0;
8514}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008515static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8516{
8517 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
8518}
Emeric Brund94b3fe2012-09-20 18:23:56 +02008519
Christopher Faulet31af49d2015-06-09 17:29:50 +02008520/* parse the "ca-sign-file" bind keyword */
8521static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8522{
8523 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008524 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02008525 return ERR_ALERT | ERR_FATAL;
8526 }
8527
Willy Tarreauef934602016-12-22 23:12:01 +01008528 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
8529 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02008530 else
8531 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
8532
8533 return 0;
8534}
8535
Bertrand Jacquinff13c062016-11-13 16:37:11 +00008536/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02008537static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8538{
8539 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008540 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02008541 return ERR_ALERT | ERR_FATAL;
8542 }
8543 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
8544 return 0;
8545}
8546
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008547/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008548static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008549{
8550 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02008551 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008552 return ERR_ALERT | ERR_FATAL;
8553 }
8554
Emeric Brun76d88952012-10-05 15:47:31 +02008555 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02008556 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008557 return 0;
8558}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008559static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8560{
8561 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
8562}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008563
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008564#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008565/* parse the "ciphersuites" bind keyword */
8566static int ssl_bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8567{
8568 if (!*args[cur_arg + 1]) {
8569 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
8570 return ERR_ALERT | ERR_FATAL;
8571 }
8572
8573 free(conf->ciphersuites);
8574 conf->ciphersuites = strdup(args[cur_arg + 1]);
8575 return 0;
8576}
8577static int bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8578{
8579 return ssl_bind_parse_ciphersuites(args, cur_arg, px, &conf->ssl_conf, err);
8580}
8581#endif
8582
Willy Tarreaubbc91962019-10-16 16:42:19 +02008583/* parse the "crt" bind keyword. Returns a set of ERR_* flags possibly with an error in <err>. */
Willy Tarreau4348fad2012-09-20 16:48:07 +02008584static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008585{
Willy Tarreau38011032013-08-13 16:59:39 +02008586 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02008587
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008588 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02008589 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008590 return ERR_ALERT | ERR_FATAL;
8591 }
8592
Willy Tarreauef934602016-12-22 23:12:01 +01008593 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
8594 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02008595 memprintf(err, "'%s' : path too long", args[cur_arg]);
8596 return ERR_ALERT | ERR_FATAL;
8597 }
Willy Tarreauef934602016-12-22 23:12:01 +01008598 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreaubbc91962019-10-16 16:42:19 +02008599 return ssl_sock_load_cert(path, conf, err);
Emeric Brunc8e8d122012-10-02 18:42:10 +02008600 }
8601
Willy Tarreaubbc91962019-10-16 16:42:19 +02008602 return ssl_sock_load_cert(args[cur_arg + 1], conf, err);
Emeric Brund94b3fe2012-09-20 18:23:56 +02008603}
8604
Willy Tarreaubbc91962019-10-16 16:42:19 +02008605/* parse the "crt-list" bind keyword. Returns a set of ERR_* flags possibly with an error in <err>. */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008606static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8607{
Willy Tarreaubbc91962019-10-16 16:42:19 +02008608 int err_code;
8609
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008610 if (!*args[cur_arg + 1]) {
8611 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
8612 return ERR_ALERT | ERR_FATAL;
8613 }
8614
Willy Tarreaubbc91962019-10-16 16:42:19 +02008615 err_code = ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err);
8616 if (err_code)
Willy Tarreauad1731d2013-04-02 17:35:58 +02008617 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008618
Willy Tarreaubbc91962019-10-16 16:42:19 +02008619 return err_code;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008620}
8621
Emeric Brunfb510ea2012-10-05 12:00:26 +02008622/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008623static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008624{
Emeric Brun051cdab2012-10-02 19:25:50 +02008625#ifndef X509_V_FLAG_CRL_CHECK
Tim Duesterhus93128532019-11-23 23:45:10 +01008626 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
Emeric Brun051cdab2012-10-02 19:25:50 +02008627 return ERR_ALERT | ERR_FATAL;
8628#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02008629 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008630 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
Emeric Brund94b3fe2012-09-20 18:23:56 +02008631 return ERR_ALERT | ERR_FATAL;
8632 }
Emeric Brun2b58d042012-09-20 17:10:03 +02008633
Willy Tarreauef934602016-12-22 23:12:01 +01008634 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
8635 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008636 else
8637 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02008638
Emmanuel Hocdetb270e812019-11-21 19:09:31 +01008639 if (!ssl_store_load_locations_file(conf->crl_file)) {
8640 memprintf(err, "'%s' : unable to load %s", args[cur_arg], conf->crl_file);
8641 return ERR_ALERT | ERR_FATAL;
8642 }
Emeric Brun2b58d042012-09-20 17:10:03 +02008643 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02008644#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02008645}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008646static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8647{
8648 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
8649}
Emeric Brun2b58d042012-09-20 17:10:03 +02008650
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008651/* parse the "curves" bind keyword keyword */
8652static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8653{
Lukas Tribusd14b49c2019-11-24 18:20:40 +01008654#if ((HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL) || defined(LIBRESSL_VERSION_NUMBER))
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008655 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008656 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008657 return ERR_ALERT | ERR_FATAL;
8658 }
8659 conf->curves = strdup(args[cur_arg + 1]);
8660 return 0;
8661#else
Tim Duesterhus93128532019-11-23 23:45:10 +01008662 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008663 return ERR_ALERT | ERR_FATAL;
8664#endif
8665}
8666static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8667{
8668 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
8669}
8670
Bertrand Jacquinff13c062016-11-13 16:37:11 +00008671/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008672static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02008673{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008674#if HA_OPENSSL_VERSION_NUMBER < 0x0090800fL
Tim Duesterhus93128532019-11-23 23:45:10 +01008675 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
Emeric Brun2b58d042012-09-20 17:10:03 +02008676 return ERR_ALERT | ERR_FATAL;
8677#elif defined(OPENSSL_NO_ECDH)
Tim Duesterhus93128532019-11-23 23:45:10 +01008678 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
Emeric Brun2b58d042012-09-20 17:10:03 +02008679 return ERR_ALERT | ERR_FATAL;
8680#else
8681 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008682 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
Emeric Brun2b58d042012-09-20 17:10:03 +02008683 return ERR_ALERT | ERR_FATAL;
8684 }
8685
8686 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008687
8688 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02008689#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008690}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008691static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8692{
8693 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
8694}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008695
Bertrand Jacquinff13c062016-11-13 16:37:11 +00008696/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02008697static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8698{
8699 int code;
8700 char *p = args[cur_arg + 1];
8701 unsigned long long *ignerr = &conf->crt_ignerr;
8702
8703 if (!*p) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008704 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
Emeric Brun81c00f02012-09-21 14:31:21 +02008705 return ERR_ALERT | ERR_FATAL;
8706 }
8707
8708 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
8709 ignerr = &conf->ca_ignerr;
8710
8711 if (strcmp(p, "all") == 0) {
8712 *ignerr = ~0ULL;
8713 return 0;
8714 }
8715
8716 while (p) {
8717 code = atoi(p);
8718 if ((code <= 0) || (code > 63)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008719 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
8720 args[cur_arg], code, args[cur_arg + 1]);
Emeric Brun81c00f02012-09-21 14:31:21 +02008721 return ERR_ALERT | ERR_FATAL;
8722 }
8723 *ignerr |= 1ULL << code;
8724 p = strchr(p, ',');
8725 if (p)
8726 p++;
8727 }
8728
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008729 return 0;
8730}
8731
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008732/* parse tls_method_options "no-xxx" and "force-xxx" */
8733static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008734{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008735 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008736 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008737 p = strchr(arg, '-');
8738 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008739 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008740 p++;
8741 if (!strcmp(p, "sslv3"))
8742 v = CONF_SSLV3;
8743 else if (!strcmp(p, "tlsv10"))
8744 v = CONF_TLSV10;
8745 else if (!strcmp(p, "tlsv11"))
8746 v = CONF_TLSV11;
8747 else if (!strcmp(p, "tlsv12"))
8748 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008749 else if (!strcmp(p, "tlsv13"))
8750 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008751 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008752 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008753 if (!strncmp(arg, "no-", 3))
8754 methods->flags |= methodVersions[v].flag;
8755 else if (!strncmp(arg, "force-", 6))
8756 methods->min = methods->max = v;
8757 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008758 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008759 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008760 fail:
Tim Duesterhus93128532019-11-23 23:45:10 +01008761 memprintf(err, "'%s' : option not implemented", arg);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008762 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008763}
8764
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008765static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008766{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008767 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008768}
8769
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008770static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008771{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008772 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
8773}
8774
8775/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
8776static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
8777{
8778 uint16_t i, v = 0;
8779 char *argv = args[cur_arg + 1];
8780 if (!*argv) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008781 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008782 return ERR_ALERT | ERR_FATAL;
8783 }
8784 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
8785 if (!strcmp(argv, methodVersions[i].name))
8786 v = i;
8787 if (!v) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008788 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008789 return ERR_ALERT | ERR_FATAL;
8790 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008791 if (!strcmp("ssl-min-ver", args[cur_arg]))
8792 methods->min = v;
8793 else if (!strcmp("ssl-max-ver", args[cur_arg]))
8794 methods->max = v;
8795 else {
Tim Duesterhus93128532019-11-23 23:45:10 +01008796 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008797 return ERR_ALERT | ERR_FATAL;
8798 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008799 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008800}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008801
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008802static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8803{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008804#if (HA_OPENSSL_VERSION_NUMBER < 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01008805 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008806#endif
8807 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
8808}
8809
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008810static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8811{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008812 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008813}
8814
8815static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8816{
8817 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
8818}
8819
Emeric Brun2d0c4822012-10-02 13:45:20 +02008820/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008821static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02008822{
Emeric Brun89675492012-10-05 13:48:26 +02008823 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02008824 return 0;
8825}
Emeric Brun2d0c4822012-10-02 13:45:20 +02008826
Olivier Houchardc2aae742017-09-22 18:26:28 +02008827/* parse the "allow-0rtt" bind keyword */
8828static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8829{
8830 conf->early_data = 1;
8831 return 0;
8832}
8833
8834static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8835{
Olivier Houchard9679ac92017-10-27 14:58:08 +02008836 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02008837 return 0;
8838}
8839
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008840/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008841static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008842{
Bernard Spil13c53f82018-02-15 13:34:58 +01008843#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008844 char *p1, *p2;
8845
8846 if (!*args[cur_arg + 1]) {
8847 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
8848 return ERR_ALERT | ERR_FATAL;
8849 }
8850
8851 free(conf->npn_str);
8852
Willy Tarreau3724da12016-02-12 17:11:12 +01008853 /* the NPN string is built as a suite of (<len> <name>)*,
8854 * so we reuse each comma to store the next <len> and need
8855 * one more for the end of the string.
8856 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008857 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01008858 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008859 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
8860
8861 /* replace commas with the name length */
8862 p1 = conf->npn_str;
8863 p2 = p1 + 1;
8864 while (1) {
8865 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
8866 if (!p2)
8867 p2 = p1 + 1 + strlen(p1 + 1);
8868
8869 if (p2 - (p1 + 1) > 255) {
8870 *p2 = '\0';
8871 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8872 return ERR_ALERT | ERR_FATAL;
8873 }
8874
8875 *p1 = p2 - (p1 + 1);
8876 p1 = p2;
8877
8878 if (!*p2)
8879 break;
8880
8881 *(p2++) = '\0';
8882 }
8883 return 0;
8884#else
Tim Duesterhus93128532019-11-23 23:45:10 +01008885 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008886 return ERR_ALERT | ERR_FATAL;
8887#endif
8888}
8889
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008890static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8891{
8892 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
8893}
8894
Willy Tarreauab861d32013-04-02 02:30:41 +02008895/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008896static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02008897{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008898#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02008899 char *p1, *p2;
8900
8901 if (!*args[cur_arg + 1]) {
8902 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
8903 return ERR_ALERT | ERR_FATAL;
8904 }
8905
8906 free(conf->alpn_str);
8907
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008908 /* the ALPN string is built as a suite of (<len> <name>)*,
8909 * so we reuse each comma to store the next <len> and need
8910 * one more for the end of the string.
8911 */
Willy Tarreauab861d32013-04-02 02:30:41 +02008912 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008913 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02008914 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
8915
8916 /* replace commas with the name length */
8917 p1 = conf->alpn_str;
8918 p2 = p1 + 1;
8919 while (1) {
8920 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
8921 if (!p2)
8922 p2 = p1 + 1 + strlen(p1 + 1);
8923
8924 if (p2 - (p1 + 1) > 255) {
8925 *p2 = '\0';
8926 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8927 return ERR_ALERT | ERR_FATAL;
8928 }
8929
8930 *p1 = p2 - (p1 + 1);
8931 p1 = p2;
8932
8933 if (!*p2)
8934 break;
8935
8936 *(p2++) = '\0';
8937 }
8938 return 0;
8939#else
Tim Duesterhus93128532019-11-23 23:45:10 +01008940 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
Willy Tarreauab861d32013-04-02 02:30:41 +02008941 return ERR_ALERT | ERR_FATAL;
8942#endif
8943}
8944
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008945static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8946{
8947 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
8948}
8949
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008950/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02008951static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008952{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01008953 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02008954 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02008955
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008956 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
8957 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008958#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008959 if (global_ssl.listen_default_ciphersuites && !conf->ssl_conf.ciphersuites)
8960 conf->ssl_conf.ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
8961#endif
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008962 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008963 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
8964 if (!conf->ssl_conf.ssl_methods.min)
8965 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
8966 if (!conf->ssl_conf.ssl_methods.max)
8967 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02008968
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008969 return 0;
8970}
8971
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008972/* parse the "prefer-client-ciphers" bind keyword */
8973static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8974{
8975 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
8976 return 0;
8977}
8978
Christopher Faulet31af49d2015-06-09 17:29:50 +02008979/* parse the "generate-certificates" bind keyword */
8980static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8981{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008982#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02008983 conf->generate_certs = 1;
8984#else
8985 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
8986 err && *err ? *err : "");
8987#endif
8988 return 0;
8989}
8990
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008991/* parse the "strict-sni" bind keyword */
8992static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8993{
8994 conf->strict_sni = 1;
8995 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008996}
8997
8998/* parse the "tls-ticket-keys" bind keyword */
8999static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
9000{
9001#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Christopher Faulete566f3d2019-10-21 09:55:49 +02009002 FILE *f = NULL;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009003 int i = 0;
9004 char thisline[LINESIZE];
Christopher Faulete566f3d2019-10-21 09:55:49 +02009005 struct tls_keys_ref *keys_ref = NULL;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009006
9007 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009008 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009009 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009010 }
9011
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02009012 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02009013 if (keys_ref) {
9014 keys_ref->refcount++;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02009015 conf->keys_ref = keys_ref;
9016 return 0;
9017 }
9018
Christopher Faulete566f3d2019-10-21 09:55:49 +02009019 keys_ref = calloc(1, sizeof(*keys_ref));
Emeric Brun09852f72019-01-10 10:51:13 +01009020 if (!keys_ref) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009021 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009022 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01009023 }
9024
Emeric Brun9e754772019-01-10 17:51:55 +01009025 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(union tls_sess_key));
Emeric Brun09852f72019-01-10 10:51:13 +01009026 if (!keys_ref->tlskeys) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009027 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009028 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01009029 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009030
9031 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009032 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009033 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009034 }
9035
Nenad Merdanovic146defa2015-05-09 08:46:00 +02009036 keys_ref->filename = strdup(args[cur_arg + 1]);
Emeric Brun09852f72019-01-10 10:51:13 +01009037 if (!keys_ref->filename) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009038 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009039 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01009040 }
Nenad Merdanovic146defa2015-05-09 08:46:00 +02009041
Emeric Brun9e754772019-01-10 17:51:55 +01009042 keys_ref->key_size_bits = 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009043 while (fgets(thisline, sizeof(thisline), f) != NULL) {
9044 int len = strlen(thisline);
Emeric Brun9e754772019-01-10 17:51:55 +01009045 int dec_size;
9046
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009047 /* Strip newline characters from the end */
9048 if(thisline[len - 1] == '\n')
9049 thisline[--len] = 0;
9050
9051 if(thisline[len - 1] == '\r')
9052 thisline[--len] = 0;
9053
Emeric Brun9e754772019-01-10 17:51:55 +01009054 dec_size = base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(union tls_sess_key));
9055 if (dec_size < 0) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009056 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009057 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009058 }
Emeric Brun9e754772019-01-10 17:51:55 +01009059 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_128))) {
9060 keys_ref->key_size_bits = 128;
9061 }
9062 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_256))) {
9063 keys_ref->key_size_bits = 256;
9064 }
9065 else if (((dec_size != sizeof(struct tls_sess_key_128)) && (dec_size != sizeof(struct tls_sess_key_256)))
9066 || ((dec_size == sizeof(struct tls_sess_key_128) && (keys_ref->key_size_bits != 128)))
9067 || ((dec_size == sizeof(struct tls_sess_key_256) && (keys_ref->key_size_bits != 256)))) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009068 memprintf(err, "'%s' : wrong sized key on line %d", args[cur_arg+1], i + 1);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009069 goto fail;
Emeric Brun9e754772019-01-10 17:51:55 +01009070 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009071 i++;
9072 }
9073
9074 if (i < TLS_TICKETS_NO) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009075 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009076 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009077 }
9078
9079 fclose(f);
9080
9081 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01009082 i -= 2;
9083 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02009084 keys_ref->unique_id = -1;
Willy Tarreau17b4aa12018-07-17 10:05:32 +02009085 keys_ref->refcount = 1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01009086 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02009087 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009088
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02009089 LIST_ADD(&tlskeys_reference, &keys_ref->list);
9090
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009091 return 0;
Christopher Faulete566f3d2019-10-21 09:55:49 +02009092
9093 fail:
9094 if (f)
9095 fclose(f);
9096 if (keys_ref) {
9097 free(keys_ref->filename);
9098 free(keys_ref->tlskeys);
9099 free(keys_ref);
9100 }
9101 return ERR_ALERT | ERR_FATAL;
9102
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009103#else
Tim Duesterhus93128532019-11-23 23:45:10 +01009104 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009105 return ERR_ALERT | ERR_FATAL;
9106#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01009107}
9108
Emeric Brund94b3fe2012-09-20 18:23:56 +02009109/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009110static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02009111{
9112 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009113 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
Emeric Brund94b3fe2012-09-20 18:23:56 +02009114 return ERR_ALERT | ERR_FATAL;
9115 }
9116
9117 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009118 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02009119 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009120 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02009121 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009122 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02009123 else {
Tim Duesterhus93128532019-11-23 23:45:10 +01009124 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
9125 args[cur_arg], args[cur_arg + 1]);
Emeric Brund94b3fe2012-09-20 18:23:56 +02009126 return ERR_ALERT | ERR_FATAL;
9127 }
9128
9129 return 0;
9130}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009131static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
9132{
9133 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
9134}
Emeric Brund94b3fe2012-09-20 18:23:56 +02009135
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009136/* parse the "no-ca-names" bind keyword */
9137static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
9138{
9139 conf->no_ca_names = 1;
9140 return 0;
9141}
9142static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
9143{
9144 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
9145}
9146
Willy Tarreau92faadf2012-10-10 23:04:25 +02009147/************** "server" keywords ****************/
9148
Olivier Houchardc7566002018-11-20 23:33:50 +01009149/* parse the "npn" bind keyword */
9150static int srv_parse_npn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9151{
9152#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
9153 char *p1, *p2;
9154
9155 if (!*args[*cur_arg + 1]) {
9156 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[*cur_arg]);
9157 return ERR_ALERT | ERR_FATAL;
9158 }
9159
9160 free(newsrv->ssl_ctx.npn_str);
9161
9162 /* the NPN string is built as a suite of (<len> <name>)*,
9163 * so we reuse each comma to store the next <len> and need
9164 * one more for the end of the string.
9165 */
9166 newsrv->ssl_ctx.npn_len = strlen(args[*cur_arg + 1]) + 1;
9167 newsrv->ssl_ctx.npn_str = calloc(1, newsrv->ssl_ctx.npn_len + 1);
9168 memcpy(newsrv->ssl_ctx.npn_str + 1, args[*cur_arg + 1],
9169 newsrv->ssl_ctx.npn_len);
9170
9171 /* replace commas with the name length */
9172 p1 = newsrv->ssl_ctx.npn_str;
9173 p2 = p1 + 1;
9174 while (1) {
9175 p2 = memchr(p1 + 1, ',', newsrv->ssl_ctx.npn_str +
9176 newsrv->ssl_ctx.npn_len - (p1 + 1));
9177 if (!p2)
9178 p2 = p1 + 1 + strlen(p1 + 1);
9179
9180 if (p2 - (p1 + 1) > 255) {
9181 *p2 = '\0';
9182 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
9183 return ERR_ALERT | ERR_FATAL;
9184 }
9185
9186 *p1 = p2 - (p1 + 1);
9187 p1 = p2;
9188
9189 if (!*p2)
9190 break;
9191
9192 *(p2++) = '\0';
9193 }
9194 return 0;
9195#else
Tim Duesterhus93128532019-11-23 23:45:10 +01009196 memprintf(err, "'%s' : library does not support TLS NPN extension", args[*cur_arg]);
Olivier Houchardc7566002018-11-20 23:33:50 +01009197 return ERR_ALERT | ERR_FATAL;
9198#endif
9199}
9200
Olivier Houchard92150142018-12-21 19:47:01 +01009201/* parse the "alpn" or the "check-alpn" server keyword */
Olivier Houchardc7566002018-11-20 23:33:50 +01009202static int srv_parse_alpn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9203{
9204#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
9205 char *p1, *p2;
Olivier Houchard92150142018-12-21 19:47:01 +01009206 char **alpn_str;
9207 int *alpn_len;
Olivier Houchardc7566002018-11-20 23:33:50 +01009208
Olivier Houchard92150142018-12-21 19:47:01 +01009209 if (*args[*cur_arg] == 'c') {
9210 alpn_str = &newsrv->check.alpn_str;
9211 alpn_len = &newsrv->check.alpn_len;
9212 } else {
9213 alpn_str = &newsrv->ssl_ctx.alpn_str;
9214 alpn_len = &newsrv->ssl_ctx.alpn_len;
9215
9216 }
Olivier Houchardc7566002018-11-20 23:33:50 +01009217 if (!*args[*cur_arg + 1]) {
9218 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[*cur_arg]);
9219 return ERR_ALERT | ERR_FATAL;
9220 }
9221
Olivier Houchard92150142018-12-21 19:47:01 +01009222 free(*alpn_str);
Olivier Houchardc7566002018-11-20 23:33:50 +01009223
9224 /* the ALPN string is built as a suite of (<len> <name>)*,
9225 * so we reuse each comma to store the next <len> and need
9226 * one more for the end of the string.
9227 */
Olivier Houchard92150142018-12-21 19:47:01 +01009228 *alpn_len = strlen(args[*cur_arg + 1]) + 1;
9229 *alpn_str = calloc(1, *alpn_len + 1);
9230 memcpy(*alpn_str + 1, args[*cur_arg + 1], *alpn_len);
Olivier Houchardc7566002018-11-20 23:33:50 +01009231
9232 /* replace commas with the name length */
Olivier Houchard92150142018-12-21 19:47:01 +01009233 p1 = *alpn_str;
Olivier Houchardc7566002018-11-20 23:33:50 +01009234 p2 = p1 + 1;
9235 while (1) {
Olivier Houchard92150142018-12-21 19:47:01 +01009236 p2 = memchr(p1 + 1, ',', *alpn_str + *alpn_len - (p1 + 1));
Olivier Houchardc7566002018-11-20 23:33:50 +01009237 if (!p2)
9238 p2 = p1 + 1 + strlen(p1 + 1);
9239
9240 if (p2 - (p1 + 1) > 255) {
9241 *p2 = '\0';
9242 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
9243 return ERR_ALERT | ERR_FATAL;
9244 }
9245
9246 *p1 = p2 - (p1 + 1);
9247 p1 = p2;
9248
9249 if (!*p2)
9250 break;
9251
9252 *(p2++) = '\0';
9253 }
9254 return 0;
9255#else
Tim Duesterhus93128532019-11-23 23:45:10 +01009256 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[*cur_arg]);
Olivier Houchardc7566002018-11-20 23:33:50 +01009257 return ERR_ALERT | ERR_FATAL;
9258#endif
9259}
9260
Emeric Brunef42d922012-10-11 16:11:36 +02009261/* parse the "ca-file" server keyword */
9262static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9263{
9264 if (!*args[*cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009265 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
Emeric Brunef42d922012-10-11 16:11:36 +02009266 return ERR_ALERT | ERR_FATAL;
9267 }
9268
Willy Tarreauef934602016-12-22 23:12:01 +01009269 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
9270 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02009271 else
9272 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
9273
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +02009274 if (!ssl_store_load_locations_file(newsrv->ssl_ctx.ca_file)) {
9275 memprintf(err, "'%s' : unable to load %s", args[*cur_arg], newsrv->ssl_ctx.ca_file);
9276 return ERR_ALERT | ERR_FATAL;
9277 }
Emeric Brunef42d922012-10-11 16:11:36 +02009278 return 0;
9279}
9280
Olivier Houchard9130a962017-10-17 17:33:43 +02009281/* parse the "check-sni" server keyword */
9282static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9283{
9284 if (!*args[*cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009285 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
Olivier Houchard9130a962017-10-17 17:33:43 +02009286 return ERR_ALERT | ERR_FATAL;
9287 }
9288
9289 newsrv->check.sni = strdup(args[*cur_arg + 1]);
9290 if (!newsrv->check.sni) {
9291 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
9292 return ERR_ALERT | ERR_FATAL;
9293 }
9294 return 0;
9295
9296}
9297
Willy Tarreau92faadf2012-10-10 23:04:25 +02009298/* parse the "check-ssl" server keyword */
9299static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9300{
9301 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01009302 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
9303 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009304#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009305 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
9306 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
9307#endif
Willy Tarreauef934602016-12-22 23:12:01 +01009308 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009309 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
9310 if (!newsrv->ssl_ctx.methods.min)
9311 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
9312 if (!newsrv->ssl_ctx.methods.max)
9313 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
9314
Willy Tarreau92faadf2012-10-10 23:04:25 +02009315 return 0;
9316}
9317
9318/* parse the "ciphers" server keyword */
9319static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9320{
9321 if (!*args[*cur_arg + 1]) {
9322 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
9323 return ERR_ALERT | ERR_FATAL;
9324 }
9325
9326 free(newsrv->ssl_ctx.ciphers);
9327 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
9328 return 0;
9329}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009330
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009331#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009332/* parse the "ciphersuites" server keyword */
9333static int srv_parse_ciphersuites(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9334{
9335 if (!*args[*cur_arg + 1]) {
9336 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
9337 return ERR_ALERT | ERR_FATAL;
9338 }
9339
9340 free(newsrv->ssl_ctx.ciphersuites);
9341 newsrv->ssl_ctx.ciphersuites = strdup(args[*cur_arg + 1]);
9342 return 0;
9343}
9344#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02009345
Emeric Brunef42d922012-10-11 16:11:36 +02009346/* parse the "crl-file" server keyword */
9347static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9348{
9349#ifndef X509_V_FLAG_CRL_CHECK
Tim Duesterhus93128532019-11-23 23:45:10 +01009350 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
Emeric Brunef42d922012-10-11 16:11:36 +02009351 return ERR_ALERT | ERR_FATAL;
9352#else
9353 if (!*args[*cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009354 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
Emeric Brunef42d922012-10-11 16:11:36 +02009355 return ERR_ALERT | ERR_FATAL;
9356 }
9357
Willy Tarreauef934602016-12-22 23:12:01 +01009358 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
9359 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02009360 else
9361 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
9362
Emmanuel Hocdetb270e812019-11-21 19:09:31 +01009363 if (!ssl_store_load_locations_file(newsrv->ssl_ctx.crl_file)) {
9364 memprintf(err, "'%s' : unable to load %s", args[*cur_arg], newsrv->ssl_ctx.crl_file);
9365 return ERR_ALERT | ERR_FATAL;
9366 }
Emeric Brunef42d922012-10-11 16:11:36 +02009367 return 0;
9368#endif
9369}
9370
Emeric Bruna7aa3092012-10-26 12:58:00 +02009371/* parse the "crt" server keyword */
9372static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9373{
9374 if (!*args[*cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009375 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02009376 return ERR_ALERT | ERR_FATAL;
9377 }
9378
Willy Tarreauef934602016-12-22 23:12:01 +01009379 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01009380 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02009381 else
9382 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
9383
9384 return 0;
9385}
Emeric Brunef42d922012-10-11 16:11:36 +02009386
Frédéric Lécaille340ae602017-03-13 10:38:04 +01009387/* parse the "no-check-ssl" server keyword */
9388static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9389{
9390 newsrv->check.use_ssl = 0;
9391 free(newsrv->ssl_ctx.ciphers);
9392 newsrv->ssl_ctx.ciphers = NULL;
9393 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
9394 return 0;
9395}
9396
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01009397/* parse the "no-send-proxy-v2-ssl" server keyword */
9398static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9399{
9400 newsrv->pp_opts &= ~SRV_PP_V2;
9401 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
9402 return 0;
9403}
9404
9405/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
9406static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9407{
9408 newsrv->pp_opts &= ~SRV_PP_V2;
9409 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
9410 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
9411 return 0;
9412}
9413
Frédéric Lécaillee381d762017-03-13 11:54:17 +01009414/* parse the "no-ssl" server keyword */
9415static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9416{
9417 newsrv->use_ssl = 0;
9418 free(newsrv->ssl_ctx.ciphers);
9419 newsrv->ssl_ctx.ciphers = NULL;
9420 return 0;
9421}
9422
Olivier Houchard522eea72017-11-03 16:27:47 +01009423/* parse the "allow-0rtt" server keyword */
9424static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9425{
9426 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
9427 return 0;
9428}
9429
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01009430/* parse the "no-ssl-reuse" server keyword */
9431static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9432{
9433 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
9434 return 0;
9435}
9436
Emeric Brunf9c5c472012-10-11 15:28:34 +02009437/* parse the "no-tls-tickets" server keyword */
9438static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9439{
9440 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
9441 return 0;
9442}
David Safb76832014-05-08 23:42:08 -04009443/* parse the "send-proxy-v2-ssl" server keyword */
9444static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9445{
9446 newsrv->pp_opts |= SRV_PP_V2;
9447 newsrv->pp_opts |= SRV_PP_V2_SSL;
9448 return 0;
9449}
9450
9451/* parse the "send-proxy-v2-ssl-cn" server keyword */
9452static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9453{
9454 newsrv->pp_opts |= SRV_PP_V2;
9455 newsrv->pp_opts |= SRV_PP_V2_SSL;
9456 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
9457 return 0;
9458}
Emeric Brunf9c5c472012-10-11 15:28:34 +02009459
Willy Tarreau732eac42015-07-09 11:40:25 +02009460/* parse the "sni" server keyword */
9461static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9462{
9463#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
9464 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
9465 return ERR_ALERT | ERR_FATAL;
9466#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01009467 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02009468
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01009469 arg = args[*cur_arg + 1];
9470 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02009471 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
9472 return ERR_ALERT | ERR_FATAL;
9473 }
9474
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01009475 free(newsrv->sni_expr);
9476 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02009477
Willy Tarreau732eac42015-07-09 11:40:25 +02009478 return 0;
9479#endif
9480}
9481
Willy Tarreau92faadf2012-10-10 23:04:25 +02009482/* parse the "ssl" server keyword */
9483static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9484{
9485 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01009486 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
9487 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009488#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009489 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
9490 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
9491#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02009492 return 0;
9493}
9494
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01009495/* parse the "ssl-reuse" server keyword */
9496static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9497{
9498 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
9499 return 0;
9500}
9501
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01009502/* parse the "tls-tickets" server keyword */
9503static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9504{
9505 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
9506 return 0;
9507}
9508
Emeric Brunef42d922012-10-11 16:11:36 +02009509/* parse the "verify" server keyword */
9510static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9511{
9512 if (!*args[*cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009513 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
Emeric Brunef42d922012-10-11 16:11:36 +02009514 return ERR_ALERT | ERR_FATAL;
9515 }
9516
9517 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009518 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02009519 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009520 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02009521 else {
Tim Duesterhus93128532019-11-23 23:45:10 +01009522 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
9523 args[*cur_arg], args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02009524 return ERR_ALERT | ERR_FATAL;
9525 }
9526
Evan Broderbe554312013-06-27 00:05:25 -07009527 return 0;
9528}
9529
9530/* parse the "verifyhost" server keyword */
9531static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9532{
9533 if (!*args[*cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009534 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
Evan Broderbe554312013-06-27 00:05:25 -07009535 return ERR_ALERT | ERR_FATAL;
9536 }
9537
Frédéric Lécaille273f3212017-03-13 15:52:01 +01009538 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07009539 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
9540
Emeric Brunef42d922012-10-11 16:11:36 +02009541 return 0;
9542}
9543
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009544/* parse the "ssl-default-bind-options" keyword in global section */
9545static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
9546 struct proxy *defpx, const char *file, int line,
9547 char **err) {
9548 int i = 1;
9549
9550 if (*(args[i]) == 0) {
9551 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
9552 return -1;
9553 }
9554 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009555 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01009556 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00009557 else if (!strcmp(args[i], "prefer-client-ciphers"))
9558 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009559 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
9560 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
9561 i++;
9562 else {
9563 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
9564 return -1;
9565 }
9566 }
9567 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009568 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
9569 return -1;
9570 }
9571 i++;
9572 }
9573 return 0;
9574}
9575
9576/* parse the "ssl-default-server-options" keyword in global section */
9577static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
9578 struct proxy *defpx, const char *file, int line,
9579 char **err) {
9580 int i = 1;
9581
9582 if (*(args[i]) == 0) {
9583 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
9584 return -1;
9585 }
9586 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009587 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01009588 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009589 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
9590 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
9591 i++;
9592 else {
9593 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
9594 return -1;
9595 }
9596 }
9597 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009598 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
9599 return -1;
9600 }
9601 i++;
9602 }
9603 return 0;
9604}
9605
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009606/* parse the "ca-base" / "crt-base" keywords in global section.
9607 * Returns <0 on alert, >0 on warning, 0 on success.
9608 */
9609static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
9610 struct proxy *defpx, const char *file, int line,
9611 char **err)
9612{
9613 char **target;
9614
Willy Tarreauef934602016-12-22 23:12:01 +01009615 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009616
9617 if (too_many_args(1, args, err, NULL))
9618 return -1;
9619
9620 if (*target) {
9621 memprintf(err, "'%s' already specified.", args[0]);
9622 return -1;
9623 }
9624
9625 if (*(args[1]) == 0) {
9626 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
9627 return -1;
9628 }
9629 *target = strdup(args[1]);
9630 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009631}
9632
9633/* parse the "ssl-mode-async" keyword in global section.
9634 * Returns <0 on alert, >0 on warning, 0 on success.
9635 */
9636static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
9637 struct proxy *defpx, const char *file, int line,
9638 char **err)
9639{
Willy Tarreau5db847a2019-05-09 14:13:35 +02009640#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009641 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01009642 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009643 return 0;
9644#else
9645 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
9646 return -1;
9647#endif
9648}
9649
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009650#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009651static int ssl_check_async_engine_count(void) {
9652 int err_code = 0;
9653
Emeric Brun3854e012017-05-17 20:42:48 +02009654 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01009655 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009656 err_code = ERR_ABORT;
9657 }
9658 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009659}
9660
Grant Zhang872f9c22017-01-21 01:10:18 +00009661/* parse the "ssl-engine" keyword in global section.
9662 * Returns <0 on alert, >0 on warning, 0 on success.
9663 */
9664static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
9665 struct proxy *defpx, const char *file, int line,
9666 char **err)
9667{
9668 char *algo;
9669 int ret = -1;
9670
9671 if (*(args[1]) == 0) {
9672 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
9673 return ret;
9674 }
9675
9676 if (*(args[2]) == 0) {
9677 /* if no list of algorithms is given, it defaults to ALL */
9678 algo = strdup("ALL");
9679 goto add_engine;
9680 }
9681
9682 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
9683 if (strcmp(args[2], "algo") != 0) {
9684 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
9685 return ret;
9686 }
9687
9688 if (*(args[3]) == 0) {
9689 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
9690 return ret;
9691 }
9692 algo = strdup(args[3]);
9693
9694add_engine:
9695 if (ssl_init_single_engine(args[1], algo)==0) {
9696 openssl_engines_initialized++;
9697 ret = 0;
9698 }
9699 free(algo);
9700 return ret;
9701}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009702#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00009703
Willy Tarreauf22e9682016-12-21 23:23:19 +01009704/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
9705 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
9706 */
9707static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
9708 struct proxy *defpx, const char *file, int line,
9709 char **err)
9710{
9711 char **target;
9712
Willy Tarreauef934602016-12-22 23:12:01 +01009713 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01009714
9715 if (too_many_args(1, args, err, NULL))
9716 return -1;
9717
9718 if (*(args[1]) == 0) {
9719 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
9720 return -1;
9721 }
9722
9723 free(*target);
9724 *target = strdup(args[1]);
9725 return 0;
9726}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009727
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009728#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009729/* parse the "ssl-default-bind-ciphersuites" / "ssl-default-server-ciphersuites" keywords
9730 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
9731 */
9732static int ssl_parse_global_ciphersuites(char **args, int section_type, struct proxy *curpx,
9733 struct proxy *defpx, const char *file, int line,
9734 char **err)
9735{
9736 char **target;
9737
9738 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphersuites : &global_ssl.connect_default_ciphersuites;
9739
9740 if (too_many_args(1, args, err, NULL))
9741 return -1;
9742
9743 if (*(args[1]) == 0) {
9744 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
9745 return -1;
9746 }
9747
9748 free(*target);
9749 *target = strdup(args[1]);
9750 return 0;
9751}
9752#endif
Willy Tarreauf22e9682016-12-21 23:23:19 +01009753
Willy Tarreau9ceda382016-12-21 23:13:03 +01009754/* parse various global tune.ssl settings consisting in positive integers.
9755 * Returns <0 on alert, >0 on warning, 0 on success.
9756 */
9757static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
9758 struct proxy *defpx, const char *file, int line,
9759 char **err)
9760{
9761 int *target;
9762
9763 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
9764 target = &global.tune.sslcachesize;
9765 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009766 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009767 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009768 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009769 else if (strcmp(args[0], "maxsslconn") == 0)
9770 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009771 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
9772 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009773 else {
9774 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
9775 return -1;
9776 }
9777
9778 if (too_many_args(1, args, err, NULL))
9779 return -1;
9780
9781 if (*(args[1]) == 0) {
9782 memprintf(err, "'%s' expects an integer argument.", args[0]);
9783 return -1;
9784 }
9785
9786 *target = atoi(args[1]);
9787 if (*target < 0) {
9788 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
9789 return -1;
9790 }
9791 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009792}
9793
9794static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
9795 struct proxy *defpx, const char *file, int line,
9796 char **err)
9797{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009798 int ret;
9799
9800 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
9801 if (ret != 0)
9802 return ret;
9803
Willy Tarreaubafbe012017-11-24 17:34:44 +01009804 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009805 memprintf(err, "'%s' is already configured.", args[0]);
9806 return -1;
9807 }
9808
Willy Tarreaubafbe012017-11-24 17:34:44 +01009809 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
9810 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009811 memprintf(err, "Out of memory error.");
9812 return -1;
9813 }
9814 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009815}
9816
9817/* parse "ssl.force-private-cache".
9818 * Returns <0 on alert, >0 on warning, 0 on success.
9819 */
9820static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
9821 struct proxy *defpx, const char *file, int line,
9822 char **err)
9823{
9824 if (too_many_args(0, args, err, NULL))
9825 return -1;
9826
Willy Tarreauef934602016-12-22 23:12:01 +01009827 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009828 return 0;
9829}
9830
9831/* parse "ssl.lifetime".
9832 * Returns <0 on alert, >0 on warning, 0 on success.
9833 */
9834static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
9835 struct proxy *defpx, const char *file, int line,
9836 char **err)
9837{
9838 const char *res;
9839
9840 if (too_many_args(1, args, err, NULL))
9841 return -1;
9842
9843 if (*(args[1]) == 0) {
9844 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
9845 return -1;
9846 }
9847
Willy Tarreauef934602016-12-22 23:12:01 +01009848 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9faebe32019-06-07 19:00:37 +02009849 if (res == PARSE_TIME_OVER) {
9850 memprintf(err, "timer overflow in argument '%s' to <%s> (maximum value is 2147483647 s or ~68 years).",
9851 args[1], args[0]);
9852 return -1;
9853 }
9854 else if (res == PARSE_TIME_UNDER) {
9855 memprintf(err, "timer underflow in argument '%s' to <%s> (minimum non-null value is 1 s).",
9856 args[1], args[0]);
9857 return -1;
9858 }
9859 else if (res) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009860 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
9861 return -1;
9862 }
9863 return 0;
9864}
9865
9866#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01009867/* parse "ssl-dh-param-file".
9868 * Returns <0 on alert, >0 on warning, 0 on success.
9869 */
9870static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
9871 struct proxy *defpx, const char *file, int line,
9872 char **err)
9873{
9874 if (too_many_args(1, args, err, NULL))
9875 return -1;
9876
9877 if (*(args[1]) == 0) {
9878 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
9879 return -1;
9880 }
9881
9882 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
9883 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
9884 return -1;
9885 }
9886 return 0;
9887}
9888
Willy Tarreau9ceda382016-12-21 23:13:03 +01009889/* parse "ssl.default-dh-param".
9890 * Returns <0 on alert, >0 on warning, 0 on success.
9891 */
9892static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
9893 struct proxy *defpx, const char *file, int line,
9894 char **err)
9895{
9896 if (too_many_args(1, args, err, NULL))
9897 return -1;
9898
9899 if (*(args[1]) == 0) {
9900 memprintf(err, "'%s' expects an integer argument.", args[0]);
9901 return -1;
9902 }
9903
Willy Tarreauef934602016-12-22 23:12:01 +01009904 global_ssl.default_dh_param = atoi(args[1]);
9905 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009906 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
9907 return -1;
9908 }
9909 return 0;
9910}
9911#endif
9912
9913
William Lallemand32af2032016-10-29 18:09:35 +02009914/* This function is used with TLS ticket keys management. It permits to browse
9915 * each reference. The variable <getnext> must contain the current node,
9916 * <end> point to the root node.
9917 */
9918#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9919static inline
9920struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
9921{
9922 struct tls_keys_ref *ref = getnext;
9923
9924 while (1) {
9925
9926 /* Get next list entry. */
9927 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
9928
9929 /* If the entry is the last of the list, return NULL. */
9930 if (&ref->list == end)
9931 return NULL;
9932
9933 return ref;
9934 }
9935}
9936
9937static inline
9938struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
9939{
9940 int id;
9941 char *error;
9942
9943 /* If the reference starts by a '#', this is numeric id. */
9944 if (reference[0] == '#') {
9945 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
9946 id = strtol(reference + 1, &error, 10);
9947 if (*error != '\0')
9948 return NULL;
9949
9950 /* Perform the unique id lookup. */
9951 return tlskeys_ref_lookupid(id);
9952 }
9953
9954 /* Perform the string lookup. */
9955 return tlskeys_ref_lookup(reference);
9956}
9957#endif
9958
9959
9960#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9961
9962static int cli_io_handler_tlskeys_files(struct appctx *appctx);
9963
9964static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
9965 return cli_io_handler_tlskeys_files(appctx);
9966}
9967
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009968/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
9969 * (next index to be dumped), and cli.p0 (next key reference).
9970 */
William Lallemand32af2032016-10-29 18:09:35 +02009971static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
9972
9973 struct stream_interface *si = appctx->owner;
9974
9975 switch (appctx->st2) {
9976 case STAT_ST_INIT:
9977 /* Display the column headers. If the message cannot be sent,
Joseph Herlant017b3da2018-11-15 09:07:59 -08009978 * quit the function with returning 0. The function is called
William Lallemand32af2032016-10-29 18:09:35 +02009979 * later and restart at the state "STAT_ST_INIT".
9980 */
9981 chunk_reset(&trash);
9982
9983 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
9984 chunk_appendf(&trash, "# id secret\n");
9985 else
9986 chunk_appendf(&trash, "# id (file)\n");
9987
Willy Tarreau06d80a92017-10-19 14:32:15 +02009988 if (ci_putchk(si_ic(si), &trash) == -1) {
Willy Tarreaudb398432018-11-15 11:08:52 +01009989 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009990 return 0;
9991 }
9992
William Lallemand32af2032016-10-29 18:09:35 +02009993 /* Now, we start the browsing of the references lists.
9994 * Note that the following call to LIST_ELEM return bad pointer. The only
9995 * available field of this pointer is <list>. It is used with the function
9996 * tlskeys_list_get_next() for retruning the first available entry
9997 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009998 if (appctx->ctx.cli.p0 == NULL) {
9999 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
10000 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +020010001 }
10002
10003 appctx->st2 = STAT_ST_LIST;
10004 /* fall through */
10005
10006 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010007 while (appctx->ctx.cli.p0) {
10008 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +020010009
10010 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010011 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +020010012 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010013
10014 if (appctx->ctx.cli.i1 == 0)
10015 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
10016
William Lallemand32af2032016-10-29 18:09:35 +020010017 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +010010018 int head;
10019
10020 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
10021 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010022 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
Willy Tarreau83061a82018-07-13 11:56:34 +020010023 struct buffer *t2 = get_trash_chunk();
William Lallemand32af2032016-10-29 18:09:35 +020010024
10025 chunk_reset(t2);
10026 /* should never fail here because we dump only a key in the t2 buffer */
Emeric Brun9e754772019-01-10 17:51:55 +010010027 if (ref->key_size_bits == 128) {
10028 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
10029 sizeof(struct tls_sess_key_128),
10030 t2->area, t2->size);
10031 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
10032 t2->area);
10033 }
10034 else if (ref->key_size_bits == 256) {
10035 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
10036 sizeof(struct tls_sess_key_256),
10037 t2->area, t2->size);
10038 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
10039 t2->area);
10040 }
10041 else {
10042 /* This case should never happen */
10043 chunk_appendf(&trash, "%d.%d <unknown>\n", ref->unique_id, appctx->ctx.cli.i1);
10044 }
William Lallemand32af2032016-10-29 18:09:35 +020010045
Willy Tarreau06d80a92017-10-19 14:32:15 +020010046 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +020010047 /* let's try again later from this stream. We add ourselves into
10048 * this stream's users so that it can remove us upon termination.
10049 */
Christopher Faulet16f45c82018-02-16 11:23:49 +010010050 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreaudb398432018-11-15 11:08:52 +010010051 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +020010052 return 0;
10053 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010054 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +020010055 }
Christopher Faulet16f45c82018-02-16 11:23:49 +010010056 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010057 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +020010058 }
Willy Tarreau06d80a92017-10-19 14:32:15 +020010059 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +020010060 /* let's try again later from this stream. We add ourselves into
10061 * this stream's users so that it can remove us upon termination.
10062 */
Willy Tarreaudb398432018-11-15 11:08:52 +010010063 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +020010064 return 0;
10065 }
10066
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010067 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +020010068 break;
10069
10070 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010071 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +020010072 }
10073
10074 appctx->st2 = STAT_ST_FIN;
10075 /* fall through */
10076
10077 default:
10078 appctx->st2 = STAT_ST_FIN;
10079 return 1;
10080 }
10081 return 0;
10082}
10083
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010084/* sets cli.i0 to non-zero if only file lists should be dumped */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +020010085static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +020010086{
William Lallemand32af2032016-10-29 18:09:35 +020010087 /* no parameter, shows only file list */
10088 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010089 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +020010090 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +010010091 return 0;
William Lallemand32af2032016-10-29 18:09:35 +020010092 }
10093
10094 if (args[2][0] == '*') {
10095 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010096 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +020010097 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010098 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
Willy Tarreau9d008692019-08-09 11:21:01 +020010099 if (!appctx->ctx.cli.p0)
10100 return cli_err(appctx, "'show tls-keys' unable to locate referenced filename\n");
William Lallemand32af2032016-10-29 18:09:35 +020010101 }
William Lallemand32af2032016-10-29 18:09:35 +020010102 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +010010103 return 0;
William Lallemand32af2032016-10-29 18:09:35 +020010104}
10105
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +020010106static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +020010107{
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010108 struct tls_keys_ref *ref;
Willy Tarreau1c913e42018-08-22 05:26:57 +020010109 int ret;
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010110
William Lallemand32af2032016-10-29 18:09:35 +020010111 /* Expect two parameters: the filename and the new new TLS key in encoding */
Willy Tarreau9d008692019-08-09 11:21:01 +020010112 if (!*args[3] || !*args[4])
10113 return cli_err(appctx, "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010114
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010115 ref = tlskeys_ref_lookup_ref(args[3]);
Willy Tarreau9d008692019-08-09 11:21:01 +020010116 if (!ref)
10117 return cli_err(appctx, "'set ssl tls-key' unable to locate referenced filename\n");
William Lallemand32af2032016-10-29 18:09:35 +020010118
Willy Tarreau1c913e42018-08-22 05:26:57 +020010119 ret = base64dec(args[4], strlen(args[4]), trash.area, trash.size);
Willy Tarreau9d008692019-08-09 11:21:01 +020010120 if (ret < 0)
10121 return cli_err(appctx, "'set ssl tls-key' received invalid base64 encoded TLS key.\n");
Emeric Brun9e754772019-01-10 17:51:55 +010010122
Willy Tarreau1c913e42018-08-22 05:26:57 +020010123 trash.data = ret;
Willy Tarreau9d008692019-08-09 11:21:01 +020010124 if (ssl_sock_update_tlskey_ref(ref, &trash) < 0)
10125 return cli_err(appctx, "'set ssl tls-key' received a key of wrong size.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010126
Willy Tarreau9d008692019-08-09 11:21:01 +020010127 return cli_msg(appctx, LOG_INFO, "TLS ticket key updated!\n");
William Lallemand32af2032016-10-29 18:09:35 +020010128}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +010010129#endif
William Lallemand32af2032016-10-29 18:09:35 +020010130
William Lallemand44b35322019-10-17 16:28:40 +020010131
10132/* Type of SSL payloads that can be updated over the CLI */
10133
10134enum {
10135 CERT_TYPE_PEM = 0,
Emmanuel Hocdetf6ac4fa2019-10-30 17:41:27 +010010136#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
William Lallemand44b35322019-10-17 16:28:40 +020010137 CERT_TYPE_OCSP,
Emmanuel Hocdetf6ac4fa2019-10-30 17:41:27 +010010138#endif
William Lallemand44b35322019-10-17 16:28:40 +020010139 CERT_TYPE_ISSUER,
Emmanuel Hocdetf6ac4fa2019-10-30 17:41:27 +010010140#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
William Lallemand44b35322019-10-17 16:28:40 +020010141 CERT_TYPE_SCTL,
Emmanuel Hocdetf6ac4fa2019-10-30 17:41:27 +010010142#endif
William Lallemand44b35322019-10-17 16:28:40 +020010143 CERT_TYPE_MAX,
10144};
10145
10146struct {
10147 const char *ext;
10148 int type;
10149 int (*load)(const char *path, char *payload, struct cert_key_and_chain *ckch, char **err);
10150 /* add a parsing callback */
William Lallemandf29cdef2019-10-23 15:00:52 +020010151} cert_exts[CERT_TYPE_MAX+1] = {
William Lallemand44b35322019-10-17 16:28:40 +020010152 [CERT_TYPE_PEM] = { "", CERT_TYPE_PEM, &ssl_sock_load_pem_into_ckch }, /* default mode, no extensions */
William Lallemand541a5342019-10-23 14:11:54 +020010153#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
William Lallemand44b35322019-10-17 16:28:40 +020010154 [CERT_TYPE_OCSP] = { "ocsp", CERT_TYPE_OCSP, &ssl_sock_load_ocsp_response_from_file },
William Lallemand541a5342019-10-23 14:11:54 +020010155#endif
10156#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
William Lallemand44b35322019-10-17 16:28:40 +020010157 [CERT_TYPE_SCTL] = { "sctl", CERT_TYPE_SCTL, &ssl_sock_load_sctl_from_file },
William Lallemand541a5342019-10-23 14:11:54 +020010158#endif
William Lallemand44b35322019-10-17 16:28:40 +020010159 [CERT_TYPE_ISSUER] = { "issuer", CERT_TYPE_ISSUER, &ssl_sock_load_issuer_file_into_ckch },
William Lallemandf29cdef2019-10-23 15:00:52 +020010160 [CERT_TYPE_MAX] = { NULL, CERT_TYPE_MAX, NULL },
William Lallemand44b35322019-10-17 16:28:40 +020010161};
10162
William Lallemand430413e2019-10-28 14:30:47 +010010163/* states of the CLI IO handler for 'set ssl cert' */
10164enum {
10165 SETCERT_ST_INIT = 0,
10166 SETCERT_ST_GEN,
10167 SETCERT_ST_INSERT,
10168 SETCERT_ST_FIN,
10169};
William Lallemand8f840d72019-10-23 10:53:05 +020010170
William Lallemandd4f946c2019-12-05 10:26:40 +010010171/* release function of the `show ssl cert' command */
10172static void cli_release_show_cert(struct appctx *appctx)
10173{
10174 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10175}
10176
10177/* IO handler of "show ssl cert <filename>" */
10178static int cli_io_handler_show_cert(struct appctx *appctx)
10179{
10180 struct buffer *trash = alloc_trash_chunk();
10181 struct ebmb_node *node;
10182 struct stream_interface *si = appctx->owner;
10183 struct ckch_store *ckchs;
10184 int n;
10185
10186 if (trash == NULL)
10187 return 1;
10188
10189 if (!appctx->ctx.ssl.old_ckchs) {
10190 if (ckchs_transaction.old_ckchs) {
10191 ckchs = ckchs_transaction.old_ckchs;
10192 chunk_appendf(trash, "# transaction\n");
10193 if (!ckchs->multi) {
10194 chunk_appendf(trash, "*%s\n", ckchs->path);
William Lallemandba22e902019-12-18 20:36:01 +010010195#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
William Lallemandd4f946c2019-12-05 10:26:40 +010010196 } else {
10197 chunk_appendf(trash, "*%s:", ckchs->path);
10198 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
10199 if (ckchs->ckch[n].cert)
10200 chunk_appendf(trash, " %s.%s\n", ckchs->path, SSL_SOCK_KEYTYPE_NAMES[n]);
10201 }
10202 chunk_appendf(trash, "\n");
William Lallemandba22e902019-12-18 20:36:01 +010010203#endif
William Lallemandd4f946c2019-12-05 10:26:40 +010010204 }
10205 }
10206 }
10207
10208 if (!appctx->ctx.cli.p0) {
10209 chunk_appendf(trash, "# filename\n");
10210 node = ebmb_first(&ckchs_tree);
10211 } else {
10212 node = &((struct ckch_store *)appctx->ctx.cli.p0)->node;
10213 }
10214 while (node) {
10215 ckchs = ebmb_entry(node, struct ckch_store, node);
10216 if (!ckchs->multi) {
10217 chunk_appendf(trash, "%s\n", ckchs->path);
William Lallemandba22e902019-12-18 20:36:01 +010010218#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
William Lallemandd4f946c2019-12-05 10:26:40 +010010219 } else {
10220 chunk_appendf(trash, "%s:", ckchs->path);
10221 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
10222 if (ckchs->ckch[n].cert)
10223 chunk_appendf(trash, " %s.%s", ckchs->path, SSL_SOCK_KEYTYPE_NAMES[n]);
10224 }
10225 chunk_appendf(trash, "\n");
William Lallemandba22e902019-12-18 20:36:01 +010010226#endif
William Lallemandd4f946c2019-12-05 10:26:40 +010010227 }
10228
10229 node = ebmb_next(node);
10230 if (ci_putchk(si_ic(si), trash) == -1) {
10231 si_rx_room_blk(si);
10232 goto yield;
10233 }
10234 }
10235
10236 appctx->ctx.cli.p0 = NULL;
10237 free_trash_chunk(trash);
10238 return 1;
10239yield:
10240
10241 free_trash_chunk(trash);
10242 appctx->ctx.cli.p0 = ckchs;
10243 return 0; /* should come back */
10244}
10245
10246/* IO handler of the details "show ssl cert <filename>" */
10247static int cli_io_handler_show_cert_detail(struct appctx *appctx)
10248{
10249 struct stream_interface *si = appctx->owner;
10250 struct ckch_store *ckchs = appctx->ctx.cli.p0;
10251 struct buffer *out = alloc_trash_chunk();
10252 struct buffer *tmp = alloc_trash_chunk();
10253 X509_NAME *name = NULL;
10254 int write = -1;
10255 BIO *bio = NULL;
10256
10257 if (!tmp || !out)
10258 goto end;
10259
10260 if (!ckchs->multi) {
10261 chunk_appendf(out, "Filename: ");
10262 if (ckchs == ckchs_transaction.new_ckchs)
10263 chunk_appendf(out, "*");
10264 chunk_appendf(out, "%s\n", ckchs->path);
10265 chunk_appendf(out, "Serial: ");
10266 if (ssl_sock_get_serial(ckchs->ckch->cert, tmp) == -1)
10267 goto end;
10268 dump_binary(out, tmp->area, tmp->data);
10269 chunk_appendf(out, "\n");
10270
10271 chunk_appendf(out, "notBefore: ");
10272 chunk_reset(tmp);
10273 if ((bio = BIO_new(BIO_s_mem())) == NULL)
10274 goto end;
10275 if (ASN1_TIME_print(bio, X509_getm_notBefore(ckchs->ckch->cert)) == 0)
10276 goto end;
10277 write = BIO_read(bio, tmp->area, tmp->size-1);
10278 tmp->area[write] = '\0';
10279 BIO_free(bio);
10280 chunk_appendf(out, "%s\n", tmp->area);
10281
10282 chunk_appendf(out, "notAfter: ");
10283 chunk_reset(tmp);
10284 if ((bio = BIO_new(BIO_s_mem())) == NULL)
10285 goto end;
10286 if (ASN1_TIME_print(bio, X509_getm_notAfter(ckchs->ckch->cert)) == 0)
10287 goto end;
10288 if ((write = BIO_read(bio, tmp->area, tmp->size-1)) <= 0)
10289 goto end;
10290 tmp->area[write] = '\0';
10291 BIO_free(bio);
10292 chunk_appendf(out, "%s\n", tmp->area);
10293
10294
10295 chunk_appendf(out, "Issuer: ");
10296 if ((name = X509_get_issuer_name(ckchs->ckch->cert)) == NULL)
10297 goto end;
10298 if ((ssl_sock_get_dn_oneline(name, tmp)) == -1)
10299 goto end;
10300 *(tmp->area + tmp->data) = '\0';
10301 chunk_appendf(out, "%s\n", tmp->area);
10302
10303 chunk_appendf(out, "Subject: ");
10304 if ((name = X509_get_subject_name(ckchs->ckch->cert)) == NULL)
10305 goto end;
10306 if ((ssl_sock_get_dn_oneline(name, tmp)) == -1)
10307 goto end;
10308 *(tmp->area + tmp->data) = '\0';
10309 chunk_appendf(out, "%s\n", tmp->area);
10310
10311
10312#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
10313 chunk_appendf(out, "Subject Alternative Name: ");
10314 if (ssl_sock_get_san_oneline(ckchs->ckch->cert, out) == -1)
10315 goto end;
10316 *(out->area + out->data) = '\0';
10317 chunk_appendf(out, "\n");
10318#endif
10319 chunk_reset(tmp);
10320 chunk_appendf(out, "Algorithm: ");
10321 if (cert_get_pkey_algo(ckchs->ckch->cert, tmp) == 0)
10322 goto end;
10323 chunk_appendf(out, "%s\n", tmp->area);
10324
10325 chunk_reset(tmp);
10326 chunk_appendf(out, "SHA1 FingerPrint: ");
10327 if (X509_digest(ckchs->ckch->cert, EVP_sha1(), (unsigned char *) tmp->area,
10328 (unsigned int *)&tmp->data) == 0)
10329 goto end;
10330 dump_binary(out, tmp->area, tmp->data);
10331 chunk_appendf(out, "\n");
10332 }
10333
10334 if (ci_putchk(si_ic(si), out) == -1) {
10335 si_rx_room_blk(si);
10336 goto yield;
10337 }
10338
10339end:
10340 free_trash_chunk(tmp);
10341 free_trash_chunk(out);
10342 return 1;
10343yield:
10344 free_trash_chunk(tmp);
10345 free_trash_chunk(out);
10346 return 0; /* should come back */
10347}
10348
10349/* parsing function for 'show ssl cert [certfile]' */
10350static int cli_parse_show_cert(char **args, char *payload, struct appctx *appctx, void *private)
10351{
10352 struct ckch_store *ckchs;
10353
10354 if (!cli_has_level(appctx, ACCESS_LVL_OPER))
10355 return cli_err(appctx, "Can't allocate memory!\n");
10356
10357 /* The operations on the CKCH architecture are locked so we can
10358 * manipulate ckch_store and ckch_inst */
10359 if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
10360 return cli_err(appctx, "Can't show!\nOperations on certificates are currently locked!\n");
10361
10362 /* check if there is a certificate to lookup */
10363 if (*args[3]) {
10364 if (*args[3] == '*') {
10365 if (!ckchs_transaction.new_ckchs)
10366 goto error;
10367
10368 ckchs = ckchs_transaction.new_ckchs;
10369
10370 if (strcmp(args[3] + 1, ckchs->path))
10371 goto error;
10372
10373 } else {
10374 if ((ckchs = ckchs_lookup(args[3])) == NULL)
10375 goto error;
10376
10377 }
10378
10379 if (ckchs->multi)
10380 goto error;
10381
10382 appctx->ctx.cli.p0 = ckchs;
10383 /* use the IO handler that shows details */
10384 appctx->io_handler = cli_io_handler_show_cert_detail;
10385 }
10386
10387 return 0;
10388
10389error:
10390 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10391 return cli_err(appctx, "Can't display the certificate: Not found or the certificate is a bundle!\n");
10392}
10393
William Lallemand430413e2019-10-28 14:30:47 +010010394/* release function of the `set ssl cert' command, free things and unlock the spinlock */
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010395static void cli_release_commit_cert(struct appctx *appctx)
William Lallemand8f840d72019-10-23 10:53:05 +020010396{
10397 struct ckch_store *new_ckchs;
10398 struct ckch_inst *ckchi, *ckchis;
William Lallemand8f840d72019-10-23 10:53:05 +020010399
William Lallemand430413e2019-10-28 14:30:47 +010010400 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
William Lallemand8f840d72019-10-23 10:53:05 +020010401
William Lallemand430413e2019-10-28 14:30:47 +010010402 if (appctx->st2 != SETCERT_ST_FIN) {
William Lallemand8f840d72019-10-23 10:53:05 +020010403 /* free every new sni_ctx and the new store, which are not in the trees so no spinlock there */
William Lallemandbeea2a42019-10-30 17:45:33 +010010404 new_ckchs = appctx->ctx.ssl.new_ckchs;
William Lallemand8f840d72019-10-23 10:53:05 +020010405
William Lallemandbeea2a42019-10-30 17:45:33 +010010406 if (!new_ckchs)
10407 return;
William Lallemand8f840d72019-10-23 10:53:05 +020010408
William Lallemandbeea2a42019-10-30 17:45:33 +010010409 /* if the allocation failed, we need to free everything from the temporary list */
10410 list_for_each_entry_safe(ckchi, ckchis, &new_ckchs->ckch_inst, by_ckchs) {
10411 struct sni_ctx *sc0, *sc0s;
William Lallemand8f840d72019-10-23 10:53:05 +020010412
William Lallemandbeea2a42019-10-30 17:45:33 +010010413 list_for_each_entry_safe(sc0, sc0s, &ckchi->sni_ctx, by_ckch_inst) {
10414 if (sc0->order == 0) /* we only free if it's the first inserted */
10415 SSL_CTX_free(sc0->ctx);
10416 LIST_DEL(&sc0->by_ckch_inst);
10417 free(sc0);
William Lallemand8f840d72019-10-23 10:53:05 +020010418 }
William Lallemandbeea2a42019-10-30 17:45:33 +010010419 LIST_DEL(&ckchi->by_ckchs);
10420 free(ckchi);
William Lallemand8f840d72019-10-23 10:53:05 +020010421 }
William Lallemandbeea2a42019-10-30 17:45:33 +010010422 ckchs_free(new_ckchs);
William Lallemand8f840d72019-10-23 10:53:05 +020010423 }
10424}
10425
10426
10427/*
10428 * This function tries to create the new ckch_inst and their SNIs
10429 */
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010430static int cli_io_handler_commit_cert(struct appctx *appctx)
William Lallemand8f840d72019-10-23 10:53:05 +020010431{
10432 struct stream_interface *si = appctx->owner;
10433 int y = 0;
10434 char *err = NULL;
10435 int errcode = 0;
10436 struct ckch_store *old_ckchs, *new_ckchs = NULL;
10437 struct ckch_inst *ckchi, *ckchis;
William Lallemand8f840d72019-10-23 10:53:05 +020010438 struct buffer *trash = alloc_trash_chunk();
William Lallemand8ef0c2a2019-11-21 16:30:34 +010010439 struct sni_ctx *sc0, *sc0s;
William Lallemand8f840d72019-10-23 10:53:05 +020010440
William Lallemand33cc76f2019-10-31 11:43:45 +010010441 if (trash == NULL)
10442 goto error;
10443
William Lallemand8f840d72019-10-23 10:53:05 +020010444 if (unlikely(si_ic(si)->flags & (CF_WRITE_ERROR|CF_SHUTW)))
10445 goto error;
10446
William Lallemand430413e2019-10-28 14:30:47 +010010447 while (1) {
10448 switch (appctx->st2) {
10449 case SETCERT_ST_INIT:
10450 /* This state just print the update message */
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010451 chunk_printf(trash, "Committing %s", ckchs_transaction.path);
William Lallemand430413e2019-10-28 14:30:47 +010010452 if (ci_putchk(si_ic(si), trash) == -1) {
10453 si_rx_room_blk(si);
William Lallemand8f840d72019-10-23 10:53:05 +020010454 goto yield;
William Lallemand430413e2019-10-28 14:30:47 +010010455 }
10456 appctx->st2 = SETCERT_ST_GEN;
10457 /* fallthrough */
10458 case SETCERT_ST_GEN:
10459 /*
10460 * This state generates the ckch instances with their
10461 * sni_ctxs and SSL_CTX.
10462 *
William Lallemand430413e2019-10-28 14:30:47 +010010463 * Since the SSL_CTX generation can be CPU consumer, we
10464 * yield every 10 instances.
10465 */
William Lallemand8f840d72019-10-23 10:53:05 +020010466
William Lallemandbeea2a42019-10-30 17:45:33 +010010467 old_ckchs = appctx->ctx.ssl.old_ckchs;
10468 new_ckchs = appctx->ctx.ssl.new_ckchs;
William Lallemand8f840d72019-10-23 10:53:05 +020010469
William Lallemandbeea2a42019-10-30 17:45:33 +010010470 if (!new_ckchs)
10471 continue;
William Lallemand8f840d72019-10-23 10:53:05 +020010472
William Lallemandbeea2a42019-10-30 17:45:33 +010010473 /* get the next ckchi to regenerate */
10474 ckchi = appctx->ctx.ssl.next_ckchi;
10475 /* we didn't start yet, set it to the first elem */
10476 if (ckchi == NULL)
10477 ckchi = LIST_ELEM(old_ckchs->ckch_inst.n, typeof(ckchi), by_ckchs);
William Lallemand8f840d72019-10-23 10:53:05 +020010478
William Lallemandbeea2a42019-10-30 17:45:33 +010010479 /* walk through the old ckch_inst and creates new ckch_inst using the updated ckchs */
10480 list_for_each_entry_from(ckchi, &old_ckchs->ckch_inst, by_ckchs) {
10481 struct ckch_inst *new_inst;
William Lallemand8ef0c2a2019-11-21 16:30:34 +010010482 int verify = 0;
William Lallemand8f840d72019-10-23 10:53:05 +020010483
William Lallemandbeea2a42019-10-30 17:45:33 +010010484 /* it takes a lot of CPU to creates SSL_CTXs, so we yield every 10 CKCH instances */
10485 if (y >= 10) {
10486 /* save the next ckchi to compute */
10487 appctx->ctx.ssl.next_ckchi = ckchi;
10488 goto yield;
10489 }
William Lallemand8f840d72019-10-23 10:53:05 +020010490
William Lallemand8ef0c2a2019-11-21 16:30:34 +010010491 /* prevent ssl_sock_prepare_ctx() to do file access which is only for verify (crl/ca file) */
10492 verify = (ckchi->ssl_conf && ckchi->ssl_conf->verify) ? ckchi->ssl_conf->verify : ckchi->bind_conf->ssl_conf.verify;
10493 if (verify & SSL_VERIFY_PEER) {
10494 memprintf(&err, "%sCan't commit a certificate which use the 'verify' bind SSL option [%s:%d]\n", err ? err : "", ckchi->bind_conf->file, ckchi->bind_conf->line);
10495 errcode |= ERR_FATAL | ERR_ABORT;
10496 goto error;
10497 }
10498
10499
William Lallemandbeea2a42019-10-30 17:45:33 +010010500 if (new_ckchs->multi)
10501 errcode |= ckch_inst_new_load_multi_store(new_ckchs->path, new_ckchs, ckchi->bind_conf, ckchi->ssl_conf, NULL, 0, &new_inst, &err);
10502 else
10503 errcode |= ckch_inst_new_load_store(new_ckchs->path, new_ckchs, ckchi->bind_conf, ckchi->ssl_conf, NULL, 0, &new_inst, &err);
William Lallemand8f840d72019-10-23 10:53:05 +020010504
William Lallemandbeea2a42019-10-30 17:45:33 +010010505 if (errcode & ERR_CODE)
10506 goto error;
William Lallemand8f840d72019-10-23 10:53:05 +020010507
William Lallemand21724f02019-11-04 17:56:13 +010010508 /* if the previous ckchi was used as the default */
10509 if (ckchi->is_default)
10510 new_inst->is_default = 1;
10511
William Lallemand8ef0c2a2019-11-21 16:30:34 +010010512 /* we need to initialize the SSL_CTX generated */
10513 /* TODO: the prepare_ctx function need to be reworked to be safer there */
10514 list_for_each_entry_safe(sc0, sc0s, &ckchi->sni_ctx, by_ckch_inst) {
10515 if (!sc0->order) { /* we initiliazed only the first SSL_CTX because it's the same in the other sni_ctx's */
10516 errcode |= ssl_sock_prepare_ctx(ckchi->bind_conf, ckchi->ssl_conf, sc0->ctx, &err);
10517 if (errcode & ERR_CODE)
10518 goto error;
10519 }
10520 }
10521
10522
William Lallemandbeea2a42019-10-30 17:45:33 +010010523 /* display one dot per new instance */
10524 chunk_appendf(trash, ".");
10525 /* link the new ckch_inst to the duplicate */
10526 LIST_ADDQ(&new_ckchs->ckch_inst, &new_inst->by_ckchs);
10527 y++;
10528 }
William Lallemand430413e2019-10-28 14:30:47 +010010529 appctx->st2 = SETCERT_ST_INSERT;
10530 /* fallthrough */
10531 case SETCERT_ST_INSERT:
10532 /* The generation is finished, we can insert everything */
William Lallemand8f840d72019-10-23 10:53:05 +020010533
William Lallemandbeea2a42019-10-30 17:45:33 +010010534 old_ckchs = appctx->ctx.ssl.old_ckchs;
10535 new_ckchs = appctx->ctx.ssl.new_ckchs;
William Lallemand8f840d72019-10-23 10:53:05 +020010536
William Lallemandbeea2a42019-10-30 17:45:33 +010010537 if (!new_ckchs)
10538 continue;
William Lallemand430413e2019-10-28 14:30:47 +010010539
William Lallemand21724f02019-11-04 17:56:13 +010010540 /* First, we insert every new SNIs in the trees, also replace the default_ctx */
William Lallemandbeea2a42019-10-30 17:45:33 +010010541 list_for_each_entry_safe(ckchi, ckchis, &new_ckchs->ckch_inst, by_ckchs) {
10542 HA_RWLOCK_WRLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10543 ssl_sock_load_cert_sni(ckchi, ckchi->bind_conf);
10544 HA_RWLOCK_WRUNLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10545 }
William Lallemand8f840d72019-10-23 10:53:05 +020010546
William Lallemandbeea2a42019-10-30 17:45:33 +010010547 /* delete the old sni_ctx, the old ckch_insts and the ckch_store */
10548 list_for_each_entry_safe(ckchi, ckchis, &old_ckchs->ckch_inst, by_ckchs) {
William Lallemand430413e2019-10-28 14:30:47 +010010549
William Lallemandbeea2a42019-10-30 17:45:33 +010010550 HA_RWLOCK_WRLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10551 list_for_each_entry_safe(sc0, sc0s, &ckchi->sni_ctx, by_ckch_inst) {
10552 ebmb_delete(&sc0->name);
10553 LIST_DEL(&sc0->by_ckch_inst);
10554 free(sc0);
William Lallemand430413e2019-10-28 14:30:47 +010010555 }
William Lallemandbeea2a42019-10-30 17:45:33 +010010556 HA_RWLOCK_WRUNLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10557 LIST_DEL(&ckchi->by_ckchs);
10558 free(ckchi);
10559 }
William Lallemand8f840d72019-10-23 10:53:05 +020010560
William Lallemandbeea2a42019-10-30 17:45:33 +010010561 /* Replace the old ckchs by the new one */
10562 ebmb_delete(&old_ckchs->node);
10563 ckchs_free(old_ckchs);
10564 ebst_insert(&ckchs_tree, &new_ckchs->node);
William Lallemand430413e2019-10-28 14:30:47 +010010565 appctx->st2 = SETCERT_ST_FIN;
10566 /* fallthrough */
10567 case SETCERT_ST_FIN:
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010568 /* we achieved the transaction, we can set everything to NULL */
10569 free(ckchs_transaction.path);
10570 ckchs_transaction.path = NULL;
10571 ckchs_transaction.new_ckchs = NULL;
10572 ckchs_transaction.old_ckchs = NULL;
William Lallemand430413e2019-10-28 14:30:47 +010010573 goto end;
10574 }
William Lallemand8f840d72019-10-23 10:53:05 +020010575 }
William Lallemand430413e2019-10-28 14:30:47 +010010576end:
William Lallemand8f840d72019-10-23 10:53:05 +020010577
William Lallemanded442432019-11-21 16:41:07 +010010578 chunk_appendf(trash, "\n");
10579 if (errcode & ERR_WARN)
Tim Duesterhusc0e820c2019-11-23 23:52:30 +010010580 chunk_appendf(trash, "%s", err);
William Lallemanded442432019-11-21 16:41:07 +010010581 chunk_appendf(trash, "Success!\n");
William Lallemand430413e2019-10-28 14:30:47 +010010582 if (ci_putchk(si_ic(si), trash) == -1)
10583 si_rx_room_blk(si);
10584 free_trash_chunk(trash);
10585 /* success: call the release function and don't come back */
10586 return 1;
William Lallemand8f840d72019-10-23 10:53:05 +020010587yield:
10588 /* store the state */
10589 if (ci_putchk(si_ic(si), trash) == -1)
10590 si_rx_room_blk(si);
10591 free_trash_chunk(trash);
10592 si_rx_endp_more(si); /* let's come back later */
William Lallemand8f840d72019-10-23 10:53:05 +020010593 return 0; /* should come back */
10594
10595error:
10596 /* spin unlock and free are done in the release function */
William Lallemand33cc76f2019-10-31 11:43:45 +010010597 if (trash) {
10598 chunk_appendf(trash, "\n%sFailed!\n", err);
10599 if (ci_putchk(si_ic(si), trash) == -1)
10600 si_rx_room_blk(si);
10601 free_trash_chunk(trash);
10602 }
William Lallemand430413e2019-10-28 14:30:47 +010010603 /* error: call the release function and don't come back */
10604 return 1;
William Lallemand8f840d72019-10-23 10:53:05 +020010605}
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010606
10607/*
10608 * Parsing function of 'commit ssl cert'
10609 */
10610static int cli_parse_commit_cert(char **args, char *payload, struct appctx *appctx, void *private)
10611{
10612 char *err = NULL;
10613
William Lallemand230662a2019-12-03 13:32:54 +010010614 if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
10615 return 1;
10616
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010617 if (!*args[3])
10618 return cli_err(appctx, "'commit ssl cert expects a filename\n");
10619
10620 /* The operations on the CKCH architecture are locked so we can
10621 * manipulate ckch_store and ckch_inst */
10622 if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
10623 return cli_err(appctx, "Can't commit the certificate!\nOperations on certificates are currently locked!\n");
10624
10625 if (!ckchs_transaction.path) {
10626 memprintf(&err, "No ongoing transaction! !\n");
10627 goto error;
10628 }
10629
10630 if (strcmp(ckchs_transaction.path, args[3]) != 0) {
10631 memprintf(&err, "The ongoing transaction is about '%s' but you are trying to set '%s'\n", ckchs_transaction.path, args[3]);
10632 goto error;
10633 }
10634
10635 /* init the appctx structure */
10636 appctx->st2 = SETCERT_ST_INIT;
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010637 appctx->ctx.ssl.next_ckchi = NULL;
10638 appctx->ctx.ssl.new_ckchs = ckchs_transaction.new_ckchs;
10639 appctx->ctx.ssl.old_ckchs = ckchs_transaction.old_ckchs;
10640
10641 /* we don't unlock there, it will be unlock after the IO handler, in the release handler */
10642 return 0;
10643
10644error:
10645
10646 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10647 err = memprintf(&err, "%sCan't commit %s!\n", err ? err : "", args[3]);
10648
10649 return cli_dynerr(appctx, err);
10650}
10651
10652
William Lallemand8f840d72019-10-23 10:53:05 +020010653/*
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010654 * Parsing function of `set ssl cert`, it updates or creates a temporary ckch.
William Lallemand8f840d72019-10-23 10:53:05 +020010655 */
William Lallemand150bfa82019-09-19 17:12:49 +020010656static int cli_parse_set_cert(char **args, char *payload, struct appctx *appctx, void *private)
10657{
William Lallemand0c3b7d92019-10-18 11:27:07 +020010658 struct ckch_store *new_ckchs = NULL;
William Lallemand8f840d72019-10-23 10:53:05 +020010659 struct ckch_store *old_ckchs = NULL;
William Lallemand150bfa82019-09-19 17:12:49 +020010660 char *err = NULL;
William Lallemand963b2e72019-10-14 11:38:36 +020010661 int i;
William Lallemand849eed62019-10-17 16:23:50 +020010662 int bundle = -1; /* TRUE if >= 0 (ckch index) */
Emeric Brunf69ed1d2019-10-17 11:56:56 +020010663 int errcode = 0;
William Lallemand44b35322019-10-17 16:28:40 +020010664 char *end;
10665 int type = CERT_TYPE_PEM;
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010666 struct cert_key_and_chain *ckch;
10667 struct buffer *buf;
William Lallemand8f840d72019-10-23 10:53:05 +020010668
William Lallemand230662a2019-12-03 13:32:54 +010010669 if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
10670 return 1;
10671
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010672 if ((buf = alloc_trash_chunk()) == NULL)
10673 return cli_err(appctx, "Can't allocate memory\n");
William Lallemand150bfa82019-09-19 17:12:49 +020010674
10675 if (!*args[3] || !payload)
10676 return cli_err(appctx, "'set ssl cert expects a filename and a certificat as a payload\n");
10677
10678 /* The operations on the CKCH architecture are locked so we can
10679 * manipulate ckch_store and ckch_inst */
10680 if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
10681 return cli_err(appctx, "Can't update the certificate!\nOperations on certificates are currently locked!\n");
10682
William Lallemand8f840d72019-10-23 10:53:05 +020010683 if (!chunk_strcpy(buf, args[3])) {
10684 memprintf(&err, "%sCan't allocate memory\n", err ? err : "");
10685 errcode |= ERR_ALERT | ERR_FATAL;
10686 goto end;
10687 }
10688
William Lallemand44b35322019-10-17 16:28:40 +020010689 /* check which type of file we want to update */
William Lallemandf29cdef2019-10-23 15:00:52 +020010690 for (i = 0; cert_exts[i].type < CERT_TYPE_MAX; i++) {
William Lallemand8f840d72019-10-23 10:53:05 +020010691 end = strrchr(buf->area, '.');
William Lallemand44b35322019-10-17 16:28:40 +020010692 if (end && *cert_exts[i].ext && (!strcmp(end + 1, cert_exts[i].ext))) {
10693 *end = '\0';
10694 type = cert_exts[i].type;
10695 break;
10696 }
10697 }
10698
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010699 appctx->ctx.ssl.old_ckchs = NULL;
10700 appctx->ctx.ssl.new_ckchs = NULL;
William Lallemand849eed62019-10-17 16:23:50 +020010701
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010702 /* if there is an ongoing transaction */
10703 if (ckchs_transaction.path) {
10704 /* if the ongoing transaction is a bundle, we need to find which part of the bundle need to be updated */
William Lallemand963b2e72019-10-14 11:38:36 +020010705#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010706 if (ckchs_transaction.new_ckchs->multi) {
Emmanuel Hocdet40f2f1e2019-10-30 17:31:28 +010010707 char *end;
William Lallemand963b2e72019-10-14 11:38:36 +020010708 int j;
William Lallemand150bfa82019-09-19 17:12:49 +020010709
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010710 /* check if it was used in a bundle by removing the
William Lallemand963b2e72019-10-14 11:38:36 +020010711 * .dsa/.rsa/.ecdsa at the end of the filename */
William Lallemand8f840d72019-10-23 10:53:05 +020010712 end = strrchr(buf->area, '.');
Emmanuel Hocdet40f2f1e2019-10-30 17:31:28 +010010713 for (j = 0; end && j < SSL_SOCK_NUM_KEYTYPES; j++) {
William Lallemand963b2e72019-10-14 11:38:36 +020010714 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
10715 bundle = j; /* keep the type of certificate so we insert it at the right place */
10716 *end = '\0'; /* it's a bundle let's end the string*/
10717 break;
10718 }
William Lallemand150bfa82019-09-19 17:12:49 +020010719 }
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010720 if (bundle < 0) {
10721 memprintf(&err, "The ongoing transaction is the '%s' bundle. You need to specify which part of the bundle you want to update ('%s.{rsa,ecdsa,dsa}')\n", ckchs_transaction.path, buf->area);
10722 errcode |= ERR_ALERT | ERR_FATAL;
10723 goto end;
10724 }
10725 }
10726#endif
10727
10728 /* if there is an ongoing transaction, check if this is the same file */
10729 if (strcmp(ckchs_transaction.path, buf->area) != 0) {
10730 memprintf(&err, "The ongoing transaction is about '%s' but you are trying to set '%s'\n", ckchs_transaction.path, buf->area);
10731 errcode |= ERR_ALERT | ERR_FATAL;
10732 goto end;
William Lallemand150bfa82019-09-19 17:12:49 +020010733 }
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010734
10735 appctx->ctx.ssl.old_ckchs = ckchs_transaction.new_ckchs;
10736
10737 } else {
10738 struct ckch_store *find_ckchs[2] = { NULL, NULL };
10739
10740 /* lookup for the certificate in the tree:
10741 * check if this is used as a bundle AND as a unique certificate */
10742 for (i = 0; i < 2; i++) {
10743
10744 if ((find_ckchs[i] = ckchs_lookup(buf->area)) != NULL) {
10745 /* only the bundle name is in the tree and you should
10746 * never update a bundle name, only a filename */
10747 if (bundle < 0 && find_ckchs[i]->multi) {
10748 /* we tried to look for a non-bundle and we found a bundle */
10749 memprintf(&err, "%s%s is a multi-cert bundle. Try updating %s.{dsa,rsa,ecdsa}\n",
10750 err ? err : "", args[3], args[3]);
10751 errcode |= ERR_ALERT | ERR_FATAL;
10752 goto end;
10753 }
William Lallemand3246d942019-11-04 14:02:11 +010010754 /* If we want a bundle but this is not a bundle
10755 * example: When you try to update <file>.rsa, but
10756 * <file> is a regular file */
10757 if (bundle >= 0 && find_ckchs[i]->multi == 0) {
10758 find_ckchs[i] = NULL;
10759 break;
10760 }
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010761 }
10762#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
10763 {
Emmanuel Hocdet40f2f1e2019-10-30 17:31:28 +010010764 char *end;
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010765 int j;
10766
10767 /* check if it was used in a bundle by removing the
10768 * .dsa/.rsa/.ecdsa at the end of the filename */
10769 end = strrchr(buf->area, '.');
Emmanuel Hocdet40f2f1e2019-10-30 17:31:28 +010010770 for (j = 0; end && j < SSL_SOCK_NUM_KEYTYPES; j++) {
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010771 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
10772 bundle = j; /* keep the type of certificate so we insert it at the right place */
10773 *end = '\0'; /* it's a bundle let's end the string*/
10774 break;
10775 }
10776 }
William Lallemand37031b82019-11-04 13:38:53 +010010777 if (bundle < 0) /* we didn't find a bundle extension */
10778 break;
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010779 }
William Lallemand963b2e72019-10-14 11:38:36 +020010780#else
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010781 /* bundles are not supported here, so we don't need to lookup again */
10782 break;
William Lallemand963b2e72019-10-14 11:38:36 +020010783#endif
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010784 }
10785
10786 if (find_ckchs[0] && find_ckchs[1]) {
10787 memprintf(&err, "%sUpdating a certificate which is used in the HAProxy configuration as a bundle and as a unique certificate is not supported. ('%s' and '%s')\n",
10788 err ? err : "", find_ckchs[0]->path, find_ckchs[1]->path);
10789 errcode |= ERR_ALERT | ERR_FATAL;
10790 goto end;
10791 }
10792
10793 appctx->ctx.ssl.old_ckchs = find_ckchs[0] ? find_ckchs[0] : find_ckchs[1];
William Lallemand150bfa82019-09-19 17:12:49 +020010794 }
10795
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010796 if (!appctx->ctx.ssl.old_ckchs) {
10797 memprintf(&err, "%sCan't replace a certificate which is not referenced by the configuration!\n",
William Lallemand150bfa82019-09-19 17:12:49 +020010798 err ? err : "");
Emeric Brunf69ed1d2019-10-17 11:56:56 +020010799 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand8f840d72019-10-23 10:53:05 +020010800 goto end;
William Lallemand150bfa82019-09-19 17:12:49 +020010801 }
10802
William Lallemand8a7fdf02019-11-04 10:59:32 +010010803 if (!appctx->ctx.ssl.path) {
10804 /* this is a new transaction, set the path of the transaction */
10805 appctx->ctx.ssl.path = strdup(appctx->ctx.ssl.old_ckchs->path);
10806 if (!appctx->ctx.ssl.path) {
10807 memprintf(&err, "%sCan't allocate memory\n", err ? err : "");
10808 errcode |= ERR_ALERT | ERR_FATAL;
10809 goto end;
10810 }
10811 }
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010812
10813 old_ckchs = appctx->ctx.ssl.old_ckchs;
10814
10815 /* TODO: handle filters */
10816 if (old_ckchs->filters) {
10817 memprintf(&err, "%sCertificates used in crt-list with filters are not supported!\n",
10818 err ? err : "");
10819 errcode |= ERR_ALERT | ERR_FATAL;
10820 goto end;
10821 }
10822
10823 /* duplicate the ckch store */
10824 new_ckchs = ckchs_dup(old_ckchs);
10825 if (!new_ckchs) {
10826 memprintf(&err, "%sCannot allocate memory!\n",
10827 err ? err : "");
10828 errcode |= ERR_ALERT | ERR_FATAL;
10829 goto end;
10830 }
10831
10832 if (!new_ckchs->multi)
10833 ckch = new_ckchs->ckch;
10834 else
10835 ckch = &new_ckchs->ckch[bundle];
10836
10837 /* appply the change on the duplicate */
10838 if (cert_exts[type].load(buf->area, payload, ckch, &err) != 0) {
10839 memprintf(&err, "%sCan't load the payload\n", err ? err : "");
10840 errcode |= ERR_ALERT | ERR_FATAL;
10841 goto end;
10842 }
10843
10844 appctx->ctx.ssl.new_ckchs = new_ckchs;
10845
10846 /* we succeed, we can save the ckchs in the transaction */
10847
10848 /* if there wasn't a transaction, update the old ckchs */
William Dauchyc8bb1532019-11-24 15:04:20 +010010849 if (!ckchs_transaction.old_ckchs) {
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010850 ckchs_transaction.old_ckchs = appctx->ctx.ssl.old_ckchs;
10851 ckchs_transaction.path = appctx->ctx.ssl.path;
10852 err = memprintf(&err, "Transaction created for certificate %s!\n", ckchs_transaction.path);
10853 } else {
10854 err = memprintf(&err, "Transaction updated for certificate %s!\n", ckchs_transaction.path);
10855
10856 }
10857
10858 /* free the previous ckchs if there was a transaction */
10859 ckchs_free(ckchs_transaction.new_ckchs);
10860
10861 ckchs_transaction.new_ckchs = appctx->ctx.ssl.new_ckchs;
10862
10863
William Lallemand8f840d72019-10-23 10:53:05 +020010864 /* creates the SNI ctxs later in the IO handler */
William Lallemand150bfa82019-09-19 17:12:49 +020010865
William Lallemand8f840d72019-10-23 10:53:05 +020010866end:
10867 free_trash_chunk(buf);
William Lallemand150bfa82019-09-19 17:12:49 +020010868
Emeric Brunf69ed1d2019-10-17 11:56:56 +020010869 if (errcode & ERR_CODE) {
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010870
10871 ckchs_free(appctx->ctx.ssl.new_ckchs);
10872 appctx->ctx.ssl.new_ckchs = NULL;
10873
10874 appctx->ctx.ssl.old_ckchs = NULL;
10875
10876 free(appctx->ctx.ssl.path);
10877 appctx->ctx.ssl.path = NULL;
10878
10879 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
William Lallemand44b35322019-10-17 16:28:40 +020010880 return cli_dynerr(appctx, memprintf(&err, "%sCan't update %s!\n", err ? err : "", args[3]));
William Lallemand430413e2019-10-28 14:30:47 +010010881 } else {
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010882
10883 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10884 return cli_dynmsg(appctx, LOG_NOTICE, err);
William Lallemand430413e2019-10-28 14:30:47 +010010885 }
William Lallemand8f840d72019-10-23 10:53:05 +020010886 /* TODO: handle the ERR_WARN which are not handled because of the io_handler */
William Lallemand150bfa82019-09-19 17:12:49 +020010887}
10888
William Lallemand0bc9c8a2019-11-19 15:51:51 +010010889/* parsing function of 'abort ssl cert' */
10890static int cli_parse_abort_cert(char **args, char *payload, struct appctx *appctx, void *private)
10891{
10892 char *err = NULL;
10893
William Lallemand230662a2019-12-03 13:32:54 +010010894 if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
10895 return 1;
10896
William Lallemand0bc9c8a2019-11-19 15:51:51 +010010897 if (!*args[3])
10898 return cli_err(appctx, "'abort ssl cert' expects a filename\n");
10899
10900 /* The operations on the CKCH architecture are locked so we can
10901 * manipulate ckch_store and ckch_inst */
10902 if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
10903 return cli_err(appctx, "Can't abort!\nOperations on certificates are currently locked!\n");
10904
10905 if (!ckchs_transaction.path) {
10906 memprintf(&err, "No ongoing transaction!\n");
10907 goto error;
10908 }
10909
10910 if (strcmp(ckchs_transaction.path, args[3]) != 0) {
10911 memprintf(&err, "The ongoing transaction is about '%s' but you are trying to abort a transaction for '%s'\n", ckchs_transaction.path, args[3]);
10912 goto error;
10913 }
10914
10915 /* Only free the ckchs there, because the SNI and instances were not generated yet */
10916 ckchs_free(ckchs_transaction.new_ckchs);
10917 ckchs_transaction.new_ckchs = NULL;
10918 ckchs_free(ckchs_transaction.old_ckchs);
10919 ckchs_transaction.old_ckchs = NULL;
10920 free(ckchs_transaction.path);
10921 ckchs_transaction.path = NULL;
10922
10923 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10924
10925 err = memprintf(&err, "Transaction aborted for certificate '%s'!\n", args[3]);
10926 return cli_dynmsg(appctx, LOG_NOTICE, err);
10927
10928error:
10929 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10930
10931 return cli_dynerr(appctx, err);
10932}
10933
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +020010934static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +020010935{
10936#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
10937 char *err = NULL;
Willy Tarreau1c913e42018-08-22 05:26:57 +020010938 int i, j, ret;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +020010939
10940 if (!payload)
10941 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +020010942
10943 /* Expect one parameter: the new response in base64 encoding */
Willy Tarreau9d008692019-08-09 11:21:01 +020010944 if (!*payload)
10945 return cli_err(appctx, "'set ssl ocsp-response' expects response in base64 encoding.\n");
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +020010946
10947 /* remove \r and \n from the payload */
10948 for (i = 0, j = 0; payload[i]; i++) {
10949 if (payload[i] == '\r' || payload[i] == '\n')
10950 continue;
10951 payload[j++] = payload[i];
10952 }
10953 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +020010954
Willy Tarreau1c913e42018-08-22 05:26:57 +020010955 ret = base64dec(payload, j, trash.area, trash.size);
Willy Tarreau9d008692019-08-09 11:21:01 +020010956 if (ret < 0)
10957 return cli_err(appctx, "'set ssl ocsp-response' received invalid base64 encoded response.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010958
Willy Tarreau1c913e42018-08-22 05:26:57 +020010959 trash.data = ret;
William Lallemand32af2032016-10-29 18:09:35 +020010960 if (ssl_sock_update_ocsp_response(&trash, &err)) {
Willy Tarreau9d008692019-08-09 11:21:01 +020010961 if (err)
10962 return cli_dynerr(appctx, memprintf(&err, "%s.\n", err));
10963 else
10964 return cli_err(appctx, "Failed to update OCSP response.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010965 }
Willy Tarreau9d008692019-08-09 11:21:01 +020010966
10967 return cli_msg(appctx, LOG_INFO, "OCSP Response updated!\n");
William Lallemand32af2032016-10-29 18:09:35 +020010968#else
Willy Tarreau9d008692019-08-09 11:21:01 +020010969 return cli_err(appctx, "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010970#endif
10971
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010972}
10973
Willy Tarreau86a394e2019-05-09 14:15:32 +020010974#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010975static inline int sample_conv_var2smp_str(const struct arg *arg, struct sample *smp)
10976{
10977 switch (arg->type) {
10978 case ARGT_STR:
10979 smp->data.type = SMP_T_STR;
10980 smp->data.u.str = arg->data.str;
10981 return 1;
10982 case ARGT_VAR:
10983 if (!vars_get_by_desc(&arg->data.var, smp))
10984 return 0;
10985 if (!sample_casts[smp->data.type][SMP_T_STR])
10986 return 0;
10987 if (!sample_casts[smp->data.type][SMP_T_STR](smp))
10988 return 0;
10989 return 1;
10990 default:
10991 return 0;
10992 }
10993}
10994
10995static int check_aes_gcm(struct arg *args, struct sample_conv *conv,
10996 const char *file, int line, char **err)
10997{
10998 switch(args[0].data.sint) {
10999 case 128:
11000 case 192:
11001 case 256:
11002 break;
11003 default:
11004 memprintf(err, "key size must be 128, 192 or 256 (bits).");
11005 return 0;
11006 }
11007 /* Try to decode a variable. */
11008 vars_check_arg(&args[1], NULL);
11009 vars_check_arg(&args[2], NULL);
11010 vars_check_arg(&args[3], NULL);
11011 return 1;
11012}
11013
11014/* Arguements: AES size in bits, nonce, key, tag. The last three arguments are base64 encoded */
11015static int sample_conv_aes_gcm_dec(const struct arg *arg_p, struct sample *smp, void *private)
11016{
11017 struct sample nonce, key, aead_tag;
11018 struct buffer *smp_trash, *smp_trash_alloc;
11019 EVP_CIPHER_CTX *ctx;
11020 int dec_size, ret;
11021
11022 smp_set_owner(&nonce, smp->px, smp->sess, smp->strm, smp->opt);
11023 if (!sample_conv_var2smp_str(&arg_p[1], &nonce))
11024 return 0;
11025
11026 smp_set_owner(&key, smp->px, smp->sess, smp->strm, smp->opt);
11027 if (!sample_conv_var2smp_str(&arg_p[2], &key))
11028 return 0;
11029
11030 smp_set_owner(&aead_tag, smp->px, smp->sess, smp->strm, smp->opt);
11031 if (!sample_conv_var2smp_str(&arg_p[3], &aead_tag))
11032 return 0;
11033
11034 smp_trash = get_trash_chunk();
11035 smp_trash_alloc = alloc_trash_chunk();
11036 if (!smp_trash_alloc)
11037 return 0;
11038
11039 ctx = EVP_CIPHER_CTX_new();
11040
11041 if (!ctx)
11042 goto err;
11043
11044 dec_size = base64dec(nonce.data.u.str.area, nonce.data.u.str.data, smp_trash->area, smp_trash->size);
11045 if (dec_size < 0)
11046 goto err;
11047 smp_trash->data = dec_size;
11048
11049 /* Set cipher type and mode */
11050 switch(arg_p[0].data.sint) {
11051 case 128:
11052 EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
11053 break;
11054 case 192:
11055 EVP_DecryptInit_ex(ctx, EVP_aes_192_gcm(), NULL, NULL, NULL);
11056 break;
11057 case 256:
11058 EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
11059 break;
11060 }
11061
11062 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, smp_trash->data, NULL);
11063
11064 /* Initialise IV */
11065 if(!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, (unsigned char *) smp_trash->area))
11066 goto err;
11067
11068 dec_size = base64dec(key.data.u.str.area, key.data.u.str.data, smp_trash->area, smp_trash->size);
11069 if (dec_size < 0)
11070 goto err;
11071 smp_trash->data = dec_size;
11072
11073 /* Initialise key */
11074 if (!EVP_DecryptInit_ex(ctx, NULL, NULL, (unsigned char *) smp_trash->area, NULL))
11075 goto err;
11076
11077 if (!EVP_DecryptUpdate(ctx, (unsigned char *) smp_trash->area, (int *) &smp_trash->data,
11078 (unsigned char *) smp->data.u.str.area, (int) smp->data.u.str.data))
11079 goto err;
11080
11081 dec_size = base64dec(aead_tag.data.u.str.area, aead_tag.data.u.str.data, smp_trash_alloc->area, smp_trash_alloc->size);
11082 if (dec_size < 0)
11083 goto err;
11084 smp_trash_alloc->data = dec_size;
11085 dec_size = smp_trash->data;
11086
11087 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, smp_trash_alloc->data, (void *) smp_trash_alloc->area);
11088 ret = EVP_DecryptFinal_ex(ctx, (unsigned char *) smp_trash->area + smp_trash->data, (int *) &smp_trash->data);
11089
11090 if (ret <= 0)
11091 goto err;
11092
11093 smp->data.u.str.data = dec_size + smp_trash->data;
11094 smp->data.u.str.area = smp_trash->area;
11095 smp->data.type = SMP_T_BIN;
11096 smp->flags &= ~SMP_F_CONST;
11097 free_trash_chunk(smp_trash_alloc);
11098 return 1;
11099
11100err:
11101 free_trash_chunk(smp_trash_alloc);
11102 return 0;
William Lallemand32af2032016-10-29 18:09:35 +020011103}
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010011104# endif
William Lallemand32af2032016-10-29 18:09:35 +020011105
11106/* register cli keywords */
11107static struct cli_kw_list cli_kws = {{ },{
11108#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
11109 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +020011110 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +020011111#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +010011112 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemandbc6ca7c2019-10-29 23:48:19 +010011113 { { "set", "ssl", "cert", NULL }, "set ssl cert <certfile> <payload> : replace a certificate file", cli_parse_set_cert, NULL, NULL },
11114 { { "commit", "ssl", "cert", NULL }, "commit ssl cert <certfile> : commit a certificate file", cli_parse_commit_cert, cli_io_handler_commit_cert, cli_release_commit_cert },
William Lallemand0bc9c8a2019-11-19 15:51:51 +010011115 { { "abort", "ssl", "cert", NULL }, "abort ssl cert <certfile> : abort a transaction for a certificate file", cli_parse_abort_cert, NULL, NULL },
William Lallemandd4f946c2019-12-05 10:26:40 +010011116 { { "show", "ssl", "cert", NULL }, "show ssl cert [<certfile>] : display the SSL certificates used in memory, or the details of a <certfile>", cli_parse_show_cert, cli_io_handler_show_cert, cli_release_show_cert },
William Lallemand32af2032016-10-29 18:09:35 +020011117 { { NULL }, NULL, NULL, NULL }
11118}};
11119
Willy Tarreau0108d902018-11-25 19:14:37 +010011120INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);
William Lallemand32af2032016-10-29 18:09:35 +020011121
Willy Tarreau7875d092012-09-10 08:20:03 +020011122/* Note: must not be declared <const> as its list will be overwritten.
11123 * Please take care of keeping this list alphabetically sorted.
11124 */
Willy Tarreaudc13c112013-06-21 23:16:39 +020011125static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +020011126 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020011127 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +010011128#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Jérôme Magnine064a802018-12-03 22:21:04 +010011129 { "ssl_bc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +010011130#endif
Emeric Brun645ae792014-04-30 14:21:06 +020011131 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +010011132#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
11133 { "ssl_bc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
11134#endif
Emeric Brun74f7ffa2018-02-19 16:14:12 +010011135 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +020011136 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +020011137 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020011138 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Willy Tarreau9a1ab082019-05-09 13:26:41 +020011139#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +020011140 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -040011141#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +020011142#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -040011143 { "ssl_bc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
11144 { "ssl_bc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmere0275472018-04-28 19:15:51 -040011145 { "ssl_bc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
11146#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020011147 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
11148 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +010011149 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020011150 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +020011151 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
11152 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11153 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11154 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11155 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11156 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
11157 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
11158 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010011159 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020011160 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
11161 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +010011162 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +020011163 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
11164 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11165 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11166 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11167 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11168 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
11169 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +020011170 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020011171 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010011172 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020011173 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011174 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010011175 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +020011176 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010011177 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +020011178 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Bernard Spil13c53f82018-02-15 13:34:58 +010011179#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011180 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +020011181#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +010011182#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011183 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +020011184#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011185 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +020011186#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brunb73a9b02014-04-30 18:49:19 +020011187 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -040011188#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020011189 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +020011190#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011191 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -040011192#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +020011193#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -040011194 { "ssl_fc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
11195 { "ssl_fc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmere0275472018-04-28 19:15:51 -040011196 { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
11197#endif
Patrick Hemmer41966772018-04-28 19:15:48 -040011198#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011199 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -040011200#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +010011201 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11202 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
11203 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11204 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +020011205 { NULL, NULL, 0, 0, 0 },
11206}};
11207
Willy Tarreau0108d902018-11-25 19:14:37 +010011208INITCALL1(STG_REGISTER, sample_register_fetches, &sample_fetch_keywords);
11209
Willy Tarreau7875d092012-09-10 08:20:03 +020011210/* Note: must not be declared <const> as its list will be overwritten.
11211 * Please take care of keeping this list alphabetically sorted.
11212 */
Willy Tarreaudc13c112013-06-21 23:16:39 +020011213static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010011214 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
11215 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +010011216 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +020011217}};
11218
Willy Tarreau0108d902018-11-25 19:14:37 +010011219INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
11220
Willy Tarreau79eeafa2012-09-14 07:53:05 +020011221/* Note: must not be declared <const> as its list will be overwritten.
11222 * Please take care of keeping this list alphabetically sorted, doing so helps
11223 * all code contributors.
11224 * Optional keywords are also declared with a NULL ->parse() function so that
11225 * the config parser can report an appropriate error when a known keyword was
11226 * not enabled.
11227 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010011228static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +020011229 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010011230 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
11231 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
11232 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +020011233#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020011234 { "ciphersuites", ssl_bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
11235#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +010011236 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +010011237 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010011238 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +020011239 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010011240 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +020011241 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
11242 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010011243 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
11244 { NULL, NULL, 0 },
11245};
11246
Willy Tarreau0108d902018-11-25 19:14:37 +010011247/* no initcall for ssl_bind_kws, these ones are parsed in the parser loop */
11248
Willy Tarreau51fb7652012-09-18 18:24:39 +020011249static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +020011250 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020011251 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
11252 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
11253 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
11254 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
11255 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
11256 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +020011257#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020011258 { "ciphersuites", bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
11259#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020011260 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
11261 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
11262 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
11263 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
11264 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
11265 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
11266 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
11267 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
11268 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
11269 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +020011270 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020011271 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +020011272 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020011273 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
11274 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
11275 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
11276 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +020011277 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020011278 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
11279 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020011280 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
11281 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020011282 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
11283 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
11284 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
11285 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
11286 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +020011287 { NULL, NULL, 0 },
11288}};
Emeric Brun46591952012-05-18 15:47:34 +020011289
Willy Tarreau0108d902018-11-25 19:14:37 +010011290INITCALL1(STG_REGISTER, bind_register_keywords, &bind_kws);
11291
Willy Tarreau92faadf2012-10-10 23:04:25 +020011292/* Note: must not be declared <const> as its list will be overwritten.
11293 * Please take care of keeping this list alphabetically sorted, doing so helps
11294 * all code contributors.
11295 * Optional keywords are also declared with a NULL ->parse() function so that
11296 * the config parser can report an appropriate error when a known keyword was
11297 * not enabled.
11298 */
11299static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +010011300 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Olivier Houchardc7566002018-11-20 23:33:50 +010011301 { "alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020011302 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard92150142018-12-21 19:47:01 +010011303 { "check-alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN used for checks */
Olivier Houchard9130a962017-10-17 17:33:43 +020011304 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020011305 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
11306 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +020011307#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020011308 { "ciphersuites", srv_parse_ciphersuites, 1, 1 }, /* select the cipher suite */
11309#endif
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020011310 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
11311 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
11312 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
11313 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
11314 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
11315 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
11316 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
11317 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
11318 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
11319 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
11320 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
11321 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
11322 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
11323 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
11324 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
11325 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
11326 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
11327 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
Olivier Houchardc7566002018-11-20 23:33:50 +010011328 { "npn", srv_parse_npn, 1, 1 }, /* Set NPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020011329 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
11330 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
11331 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
11332 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
11333 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
11334 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
11335 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
11336 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
11337 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
11338 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +020011339 { NULL, NULL, 0, 0 },
11340}};
11341
Willy Tarreau0108d902018-11-25 19:14:37 +010011342INITCALL1(STG_REGISTER, srv_register_keywords, &srv_kws);
11343
Emeric Brun2c86cbf2014-10-30 15:56:50 +010011344static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +010011345 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
11346 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +010011347 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +010011348 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
11349 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +010011350#ifndef OPENSSL_NO_DH
11351 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
11352#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000011353 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011354#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000011355 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011356#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +010011357 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
11358#ifndef OPENSSL_NO_DH
11359 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
11360#endif
11361 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
11362 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
11363 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
11364 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +010011365 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +010011366 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
11367 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Emmanuel Hocdet839af572019-05-14 16:27:35 +020011368#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020011369 { CFG_GLOBAL, "ssl-default-bind-ciphersuites", ssl_parse_global_ciphersuites },
11370 { CFG_GLOBAL, "ssl-default-server-ciphersuites", ssl_parse_global_ciphersuites },
11371#endif
Emeric Brun2c86cbf2014-10-30 15:56:50 +010011372 { 0, NULL, NULL },
11373}};
11374
Willy Tarreau0108d902018-11-25 19:14:37 +010011375INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws);
11376
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010011377/* Note: must not be declared <const> as its list will be overwritten */
11378static struct sample_conv_kw_list conv_kws = {ILH, {
Willy Tarreau86a394e2019-05-09 14:15:32 +020011379#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010011380 { "aes_gcm_dec", sample_conv_aes_gcm_dec, ARG4(4,SINT,STR,STR,STR), check_aes_gcm, SMP_T_BIN, SMP_T_BIN },
11381#endif
11382 { NULL, NULL, 0, 0, 0 },
11383}};
11384
11385INITCALL1(STG_REGISTER, sample_register_convs, &conv_kws);
11386
Willy Tarreauf7bc57c2012-10-03 00:19:48 +020011387/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +010011388static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +020011389 .snd_buf = ssl_sock_from_buf,
11390 .rcv_buf = ssl_sock_to_buf,
Olivier Houcharddf357842019-03-21 16:30:07 +010011391 .subscribe = ssl_subscribe,
11392 .unsubscribe = ssl_unsubscribe,
Olivier Houchard5149b592019-05-23 17:47:36 +020011393 .remove_xprt = ssl_remove_xprt,
Olivier Houchard2e055482019-05-27 19:50:12 +020011394 .add_xprt = ssl_add_xprt,
Emeric Brun46591952012-05-18 15:47:34 +020011395 .rcv_pipe = NULL,
11396 .snd_pipe = NULL,
11397 .shutr = NULL,
11398 .shutw = ssl_sock_shutw,
11399 .close = ssl_sock_close,
11400 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +010011401 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +010011402 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +010011403 .prepare_srv = ssl_sock_prepare_srv_ctx,
11404 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +010011405 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +010011406 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +020011407};
11408
Olivier Houchardccaa7de2017-10-02 11:51:03 +020011409enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
11410 struct session *sess, struct stream *s, int flags)
11411{
11412 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +010011413 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +020011414
11415 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +010011416 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +020011417
Olivier Houchard6fa63d92017-11-27 18:41:32 +010011418 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +020011419 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +010011420 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +020011421 s->req.flags |= CF_READ_NULL;
11422 return ACT_RET_YIELD;
11423 }
11424 }
11425 return (ACT_RET_CONT);
11426}
11427
11428static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
11429{
11430 rule->action_ptr = ssl_action_wait_for_hs;
11431
11432 return ACT_RET_PRS_OK;
11433}
11434
11435static struct action_kw_list http_req_actions = {ILH, {
11436 { "wait-for-handshake", ssl_parse_wait_for_hs },
11437 { /* END */ }
11438}};
11439
Willy Tarreau0108d902018-11-25 19:14:37 +010011440INITCALL1(STG_REGISTER, http_req_keywords_register, &http_req_actions);
11441
Willy Tarreau5db847a2019-05-09 14:13:35 +020011442#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010011443
11444static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
11445{
11446 if (ptr) {
11447 chunk_destroy(ptr);
11448 free(ptr);
11449 }
11450}
11451
11452#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +010011453static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
11454{
Willy Tarreaubafbe012017-11-24 17:34:44 +010011455 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +010011456}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010011457
Emeric Brun46591952012-05-18 15:47:34 +020011458__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +020011459static void __ssl_sock_init(void)
11460{
Ilya Shipitsin0590f442019-05-25 19:30:50 +050011461#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +020011462 STACK_OF(SSL_COMP)* cm;
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050011463 int n;
Ilya Shipitsin0590f442019-05-25 19:30:50 +050011464#endif
Emeric Brun46591952012-05-18 15:47:34 +020011465
Willy Tarreauef934602016-12-22 23:12:01 +010011466 if (global_ssl.listen_default_ciphers)
11467 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
11468 if (global_ssl.connect_default_ciphers)
11469 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +020011470#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020011471 if (global_ssl.listen_default_ciphersuites)
11472 global_ssl.listen_default_ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
11473 if (global_ssl.connect_default_ciphersuites)
11474 global_ssl.connect_default_ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
11475#endif
Willy Tarreau610f04b2014-02-13 11:36:41 +010011476
Willy Tarreau13e14102016-12-22 20:25:26 +010011477 xprt_register(XPRT_SSL, &ssl_sock);
Willy Tarreau9a1ab082019-05-09 13:26:41 +020011478#if HA_OPENSSL_VERSION_NUMBER < 0x10100000L
Emeric Brun46591952012-05-18 15:47:34 +020011479 SSL_library_init();
Rosen Penev68185952018-12-14 08:47:02 -080011480#endif
Ilya Shipitsin0590f442019-05-25 19:30:50 +050011481#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +020011482 cm = SSL_COMP_get_compression_methods();
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050011483 n = sk_SSL_COMP_num(cm);
11484 while (n--) {
11485 (void) sk_SSL_COMP_pop(cm);
11486 }
Ilya Shipitsin0590f442019-05-25 19:30:50 +050011487#endif
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050011488
Willy Tarreau5db847a2019-05-09 14:13:35 +020011489#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Emeric Brun821bb9b2017-06-15 16:37:39 +020011490 ssl_locking_init();
11491#endif
Willy Tarreau5db847a2019-05-09 14:13:35 +020011492#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010011493 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
11494#endif
Thierry FOURNIER28962c92018-06-17 21:37:05 +020011495 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +020011496 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011497#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000011498 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000011499 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011500#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +010011501#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
11502 hap_register_post_check(tlskeys_finalize_config);
11503#endif
Willy Tarreau80713382018-11-26 10:19:54 +010011504
11505 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
11506 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
11507
11508#ifndef OPENSSL_NO_DH
11509 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
11510 hap_register_post_deinit(ssl_free_dh);
11511#endif
11512#ifndef OPENSSL_NO_ENGINE
11513 hap_register_post_deinit(ssl_free_engines);
11514#endif
11515 /* Load SSL string for the verbose & debug mode. */
11516 ERR_load_SSL_strings();
Olivier Houcharda8955d52019-04-07 22:00:38 +020011517 ha_meth = BIO_meth_new(0x666, "ha methods");
11518 BIO_meth_set_write(ha_meth, ha_ssl_write);
11519 BIO_meth_set_read(ha_meth, ha_ssl_read);
11520 BIO_meth_set_ctrl(ha_meth, ha_ssl_ctrl);
11521 BIO_meth_set_create(ha_meth, ha_ssl_new);
11522 BIO_meth_set_destroy(ha_meth, ha_ssl_free);
11523 BIO_meth_set_puts(ha_meth, ha_ssl_puts);
11524 BIO_meth_set_gets(ha_meth, ha_ssl_gets);
William Lallemand150bfa82019-09-19 17:12:49 +020011525
11526 HA_SPIN_INIT(&ckch_lock);
Willy Tarreau80713382018-11-26 10:19:54 +010011527}
Willy Tarreaud92aa5c2015-01-15 21:34:39 +010011528
Willy Tarreau80713382018-11-26 10:19:54 +010011529/* Compute and register the version string */
11530static void ssl_register_build_options()
11531{
11532 char *ptr = NULL;
11533 int i;
11534
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011535 memprintf(&ptr, "Built with OpenSSL version : "
11536#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010011537 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011538#else /* OPENSSL_IS_BORINGSSL */
11539 OPENSSL_VERSION_TEXT
11540 "\nRunning on OpenSSL version : %s%s",
Rosen Penev68185952018-12-14 08:47:02 -080011541 OpenSSL_version(OPENSSL_VERSION),
Willy Tarreau1d158ab2019-05-09 13:41:45 +020011542 ((OPENSSL_VERSION_NUMBER ^ OpenSSL_version_num()) >> 8) ? " (VERSIONS DIFFER!)" : "");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011543#endif
11544 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
Willy Tarreau9a1ab082019-05-09 13:26:41 +020011545#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011546 "no (library version too old)"
11547#elif defined(OPENSSL_NO_TLSEXT)
11548 "no (disabled via OPENSSL_NO_TLSEXT)"
11549#else
11550 "yes"
11551#endif
11552 "", ptr);
11553
11554 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
11555#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
11556 "yes"
11557#else
11558#ifdef OPENSSL_NO_TLSEXT
11559 "no (because of OPENSSL_NO_TLSEXT)"
11560#else
11561 "no (version might be too old, 0.9.8f min needed)"
11562#endif
11563#endif
11564 "", ptr);
11565
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +020011566 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
11567 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
11568 if (methodVersions[i].option)
11569 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010011570
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011571 hap_register_build_opts(ptr, 1);
Willy Tarreau80713382018-11-26 10:19:54 +010011572}
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011573
Willy Tarreau80713382018-11-26 10:19:54 +010011574INITCALL0(STG_REGISTER, ssl_register_build_options);
Remi Gacogne4f902b82015-05-28 16:23:00 +020011575
Emeric Brun46591952012-05-18 15:47:34 +020011576
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011577#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000011578void ssl_free_engines(void) {
11579 struct ssl_engine_list *wl, *wlb;
11580 /* free up engine list */
11581 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
11582 ENGINE_finish(wl->e);
11583 ENGINE_free(wl->e);
11584 LIST_DEL(&wl->list);
11585 free(wl);
11586 }
11587}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011588#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +020011589
Remi Gacogned3a23c32015-05-28 16:39:47 +020011590#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +000011591void ssl_free_dh(void) {
11592 if (local_dh_1024) {
11593 DH_free(local_dh_1024);
11594 local_dh_1024 = NULL;
11595 }
11596 if (local_dh_2048) {
11597 DH_free(local_dh_2048);
11598 local_dh_2048 = NULL;
11599 }
11600 if (local_dh_4096) {
11601 DH_free(local_dh_4096);
11602 local_dh_4096 = NULL;
11603 }
Remi Gacogne47783ef2015-05-29 15:53:22 +020011604 if (global_dh) {
11605 DH_free(global_dh);
11606 global_dh = NULL;
11607 }
Grant Zhang872f9c22017-01-21 01:10:18 +000011608}
11609#endif
11610
11611__attribute__((destructor))
11612static void __ssl_sock_deinit(void)
11613{
11614#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +020011615 if (ssl_ctx_lru_tree) {
11616 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +010011617 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +020011618 }
Remi Gacogned3a23c32015-05-28 16:39:47 +020011619#endif
11620
Willy Tarreau5db847a2019-05-09 14:13:35 +020011621#if (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020011622 ERR_remove_state(0);
11623 ERR_free_strings();
11624
11625 EVP_cleanup();
Rosen Penev68185952018-12-14 08:47:02 -080011626#endif
Remi Gacogned3a23c32015-05-28 16:39:47 +020011627
Willy Tarreau5db847a2019-05-09 14:13:35 +020011628#if (HA_OPENSSL_VERSION_NUMBER >= 0x00907000L) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020011629 CRYPTO_cleanup_all_ex_data();
11630#endif
Olivier Houcharda8955d52019-04-07 22:00:38 +020011631 BIO_meth_free(ha_meth);
Remi Gacogned3a23c32015-05-28 16:39:47 +020011632}
11633
11634
Emeric Brun46591952012-05-18 15:47:34 +020011635/*
11636 * Local variables:
11637 * c-indent-level: 8
11638 * c-basic-offset: 8
11639 * End:
11640 */