blob: afbb4b073f4bd344b36bfa847dd56617e1936c44 [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
Willy Tarreau8d164dc2019-05-10 09:35:00 +020026/* Note: do NOT include openssl/xxx.h here, do it in openssl-compat.h */
Emeric Brun46591952012-05-18 15:47:34 +020027#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020028#include <ctype.h>
29#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020030#include <errno.h>
31#include <fcntl.h>
32#include <stdio.h>
33#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020034#include <string.h>
35#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020036
37#include <sys/socket.h>
38#include <sys/stat.h>
39#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020040#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020041#include <netinet/tcp.h>
42
Christopher Faulet31af49d2015-06-09 17:29:50 +020043#include <import/lru.h>
44#include <import/xxhash.h>
45
Emeric Brun46591952012-05-18 15:47:34 +020046#include <common/buffer.h>
Willy Tarreau843b7cb2018-07-13 10:54:26 +020047#include <common/chunk.h>
Emeric Brun46591952012-05-18 15:47:34 +020048#include <common/compat.h>
49#include <common/config.h>
50#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020051#include <common/errors.h>
Willy Tarreau0108d902018-11-25 19:14:37 +010052#include <common/initcall.h>
Willy Tarreau55994562019-05-09 14:52:44 +020053#include <common/openssl-compat.h>
Emeric Brun46591952012-05-18 15:47:34 +020054#include <common/standard.h>
55#include <common/ticks.h>
56#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010057#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010058#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020059
Emeric Brunfc0421f2012-09-07 17:30:07 +020060#include <ebsttree.h>
61
William Lallemand32af2032016-10-29 18:09:35 +020062#include <types/applet.h>
63#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020064#include <types/global.h>
65#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +020066#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020067
Willy Tarreau7875d092012-09-10 08:20:03 +020068#include <proto/acl.h>
69#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +020070#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +020071#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +020072#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +020073#include <proto/fd.h>
74#include <proto/freq_ctr.h>
75#include <proto/frontend.h>
Willy Tarreau61c112a2018-10-02 16:43:32 +020076#include <proto/http_rules.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020077#include <proto/listener.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010078#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020079#include <proto/proto_tcp.h>
Christopher Fauletfc9cfe42019-07-16 14:54:53 +020080#include <proto/http_ana.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +020081#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +020082#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +020083#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +020084#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020085#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +020086#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +020087#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +020088#include <proto/task.h>
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010089#include <proto/vars.h>
Emeric Brun46591952012-05-18 15:47:34 +020090
Willy Tarreau9356dac2019-05-10 09:22:53 +020091/* ***** READ THIS before adding code here! *****
92 *
93 * Due to API incompatibilities between multiple OpenSSL versions and their
94 * derivatives, it's often tempting to add macros to (re-)define certain
95 * symbols. Please do not do this here, and do it in common/openssl-compat.h
96 * exclusively so that the whole code consistently uses the same macros.
97 *
98 * Whenever possible if a macro is missing in certain versions, it's better
99 * to conditionally define it in openssl-compat.h than using lots of ifdefs.
100 */
101
Willy Tarreau518cedd2014-02-17 15:43:01 +0100102/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200103#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100104#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100105#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200106#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
107
Emeric Brunf282a812012-09-21 15:27:54 +0200108/* bits 0xFFFF0000 are reserved to store verify errors */
109
110/* Verify errors macros */
111#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
112#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
113#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
114
115#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
116#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
117#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200118
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200119/* ssl_methods flags for ssl options */
120#define MC_SSL_O_ALL 0x0000
121#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
122#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
123#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
124#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200125#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200126
127/* ssl_methods versions */
128enum {
129 CONF_TLSV_NONE = 0,
130 CONF_TLSV_MIN = 1,
131 CONF_SSLV3 = 1,
132 CONF_TLSV10 = 2,
133 CONF_TLSV11 = 3,
134 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200135 CONF_TLSV13 = 5,
136 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200137};
138
Emeric Brun850efd52014-01-29 12:24:34 +0100139/* server and bind verify method, it uses a global value as default */
140enum {
141 SSL_SOCK_VERIFY_DEFAULT = 0,
142 SSL_SOCK_VERIFY_REQUIRED = 1,
143 SSL_SOCK_VERIFY_OPTIONAL = 2,
144 SSL_SOCK_VERIFY_NONE = 3,
145};
146
William Lallemand3f85c9a2017-10-09 16:30:50 +0200147
Willy Tarreau71b734c2014-01-28 15:19:44 +0100148int sslconns = 0;
149int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100150static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100151int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200152
Willy Tarreauef934602016-12-22 23:12:01 +0100153static struct {
154 char *crt_base; /* base directory path for certificates */
155 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000156 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100157
158 char *listen_default_ciphers;
159 char *connect_default_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200160#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200161 char *listen_default_ciphersuites;
162 char *connect_default_ciphersuites;
163#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100164 int listen_default_ssloptions;
165 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200166 struct tls_version_filter listen_default_sslmethods;
167 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100168
169 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
170 unsigned int life_time; /* SSL session lifetime in seconds */
171 unsigned int max_record; /* SSL max record size */
172 unsigned int default_dh_param; /* SSL maximum DH parameter size */
173 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100174 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100175} global_ssl = {
176#ifdef LISTEN_DEFAULT_CIPHERS
177 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
178#endif
179#ifdef CONNECT_DEFAULT_CIPHERS
180 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
181#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200182#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200183#ifdef LISTEN_DEFAULT_CIPHERSUITES
184 .listen_default_ciphersuites = LISTEN_DEFAULT_CIPHERSUITES,
185#endif
186#ifdef CONNECT_DEFAULT_CIPHERSUITES
187 .connect_default_ciphersuites = CONNECT_DEFAULT_CIPHERSUITES,
188#endif
189#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100190 .listen_default_ssloptions = BC_SSL_O_NONE,
191 .connect_default_ssloptions = SRV_SSL_O_NONE,
192
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200193 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
194 .listen_default_sslmethods.min = CONF_TLSV_NONE,
195 .listen_default_sslmethods.max = CONF_TLSV_NONE,
196 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
197 .connect_default_sslmethods.min = CONF_TLSV_NONE,
198 .connect_default_sslmethods.max = CONF_TLSV_NONE,
199
Willy Tarreauef934602016-12-22 23:12:01 +0100200#ifdef DEFAULT_SSL_MAX_RECORD
201 .max_record = DEFAULT_SSL_MAX_RECORD,
202#endif
203 .default_dh_param = SSL_DEFAULT_DH_PARAM,
204 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100205 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100206};
207
Olivier Houcharda8955d52019-04-07 22:00:38 +0200208static BIO_METHOD *ha_meth;
209
Olivier Houchard66ab4982019-02-26 18:37:15 +0100210struct ssl_sock_ctx {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200211 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100212 SSL *ssl;
Olivier Houcharda8955d52019-04-07 22:00:38 +0200213 BIO *bio;
Olivier Houchard5149b592019-05-23 17:47:36 +0200214 const struct xprt_ops *xprt;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100215 void *xprt_ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +0200216 struct wait_event wait_event;
217 struct wait_event *recv_wait;
218 struct wait_event *send_wait;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +0100219 int xprt_st; /* transport layer state, initialized to zero */
220 int tmp_early_data; /* 1st byte of early data, if any */
221 int sent_early_data; /* Amount of early data we sent so far */
222
Olivier Houchard66ab4982019-02-26 18:37:15 +0100223};
224
225DECLARE_STATIC_POOL(ssl_sock_ctx_pool, "ssl_sock_ctx_pool", sizeof(struct ssl_sock_ctx));
226
Olivier Houchardea8dd942019-05-20 14:02:16 +0200227static struct task *ssl_sock_io_cb(struct task *, void *, unsigned short);
Olivier Houchard000694c2019-05-23 14:45:12 +0200228static int ssl_sock_handshake(struct connection *conn, unsigned int flag);
Olivier Houchardea8dd942019-05-20 14:02:16 +0200229
Olivier Houcharda8955d52019-04-07 22:00:38 +0200230/* Methods to implement OpenSSL BIO */
231static int ha_ssl_write(BIO *h, const char *buf, int num)
232{
233 struct buffer tmpbuf;
234 struct ssl_sock_ctx *ctx;
235 int ret;
236
237 ctx = BIO_get_data(h);
238 tmpbuf.size = num;
239 tmpbuf.area = (void *)(uintptr_t)buf;
240 tmpbuf.data = num;
241 tmpbuf.head = 0;
242 ret = ctx->xprt->snd_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, num, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200243 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_WR_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200244 BIO_set_retry_write(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200245 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200246 } else if (ret == 0)
247 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200248 return ret;
249}
250
251static int ha_ssl_gets(BIO *h, char *buf, int size)
252{
253
254 return 0;
255}
256
257static int ha_ssl_puts(BIO *h, const char *str)
258{
259
260 return ha_ssl_write(h, str, strlen(str));
261}
262
263static int ha_ssl_read(BIO *h, char *buf, int size)
264{
265 struct buffer tmpbuf;
266 struct ssl_sock_ctx *ctx;
267 int ret;
268
269 ctx = BIO_get_data(h);
270 tmpbuf.size = size;
271 tmpbuf.area = buf;
272 tmpbuf.data = 0;
273 tmpbuf.head = 0;
274 ret = ctx->xprt->rcv_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, size, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200275 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_RD_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200276 BIO_set_retry_read(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200277 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200278 } else if (ret == 0)
279 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200280
281 return ret;
282}
283
284static long ha_ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2)
285{
286 int ret = 0;
287 switch (cmd) {
288 case BIO_CTRL_DUP:
289 case BIO_CTRL_FLUSH:
290 ret = 1;
291 break;
292 }
293 return ret;
294}
295
296static int ha_ssl_new(BIO *h)
297{
298 BIO_set_init(h, 1);
299 BIO_set_data(h, NULL);
300 BIO_clear_flags(h, ~0);
301 return 1;
302}
303
304static int ha_ssl_free(BIO *data)
305{
306
307 return 1;
308}
309
310
Willy Tarreau5db847a2019-05-09 14:13:35 +0200311#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100312
Emeric Brun821bb9b2017-06-15 16:37:39 +0200313static HA_RWLOCK_T *ssl_rwlocks;
314
315
316unsigned long ssl_id_function(void)
317{
318 return (unsigned long)tid;
319}
320
321void ssl_locking_function(int mode, int n, const char * file, int line)
322{
323 if (mode & CRYPTO_LOCK) {
324 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100325 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200326 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100327 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200328 }
329 else {
330 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100331 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200332 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100333 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200334 }
335}
336
337static int ssl_locking_init(void)
338{
339 int i;
340
341 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
342 if (!ssl_rwlocks)
343 return -1;
344
345 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100346 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200347
348 CRYPTO_set_id_callback(ssl_id_function);
349 CRYPTO_set_locking_callback(ssl_locking_function);
350
351 return 0;
352}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100353
Emeric Brun821bb9b2017-06-15 16:37:39 +0200354#endif
355
356
357
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100358/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100359struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100360 unsigned long long int xxh64;
361 unsigned char ciphersuite_len;
362 char ciphersuite[0];
363};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100364struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100365static int ssl_capture_ptr_index = -1;
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200366static int ssl_app_data_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100367
Emmanuel Hocdet96b78342017-10-31 15:46:07 +0100368static int ssl_pkey_info_index = -1;
369
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200370#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
371struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
372#endif
373
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200374#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000375static unsigned int openssl_engines_initialized;
376struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
377struct ssl_engine_list {
378 struct list list;
379 ENGINE *e;
380};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200381#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000382
Remi Gacogne8de54152014-07-15 11:36:40 +0200383#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200384static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200385static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200386static DH *local_dh_1024 = NULL;
387static DH *local_dh_2048 = NULL;
388static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100389static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200390#endif /* OPENSSL_NO_DH */
391
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100392#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200393/* X509V3 Extensions that will be added on generated certificates */
394#define X509V3_EXT_SIZE 5
395static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
396 "basicConstraints",
397 "nsComment",
398 "subjectKeyIdentifier",
399 "authorityKeyIdentifier",
400 "keyUsage",
401};
402static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
403 "CA:FALSE",
404 "\"OpenSSL Generated Certificate\"",
405 "hash",
406 "keyid,issuer:always",
407 "nonRepudiation,digitalSignature,keyEncipherment"
408};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200409/* LRU cache to store generated certificate */
410static struct lru64_head *ssl_ctx_lru_tree = NULL;
411static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200412static unsigned int ssl_ctx_serial;
Willy Tarreau86abe442018-11-25 20:12:18 +0100413__decl_rwlock(ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200414
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200415#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
416
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100417static struct ssl_bind_kw ssl_bind_kws[];
418
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200419#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhube2774d2015-12-10 15:07:30 -0500420/* The order here matters for picking a default context,
421 * keep the most common keytype at the bottom of the list
422 */
423const char *SSL_SOCK_KEYTYPE_NAMES[] = {
424 "dsa",
425 "ecdsa",
426 "rsa"
427};
428#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100429#else
430#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500431#endif
432
William Lallemandc3cd35f2017-11-28 11:04:43 +0100433static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100434static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
435
436#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
437
438#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
439 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
440
441#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
442 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200443
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100444/*
445 * This function gives the detail of the SSL error. It is used only
446 * if the debug mode and the verbose mode are activated. It dump all
447 * the SSL error until the stack was empty.
448 */
449static forceinline void ssl_sock_dump_errors(struct connection *conn)
450{
451 unsigned long ret;
452
453 if (unlikely(global.mode & MODE_DEBUG)) {
454 while(1) {
455 ret = ERR_get_error();
456 if (ret == 0)
457 return;
458 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200459 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100460 ERR_func_error_string(ret), ERR_reason_error_string(ret));
461 }
462 }
463}
464
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200465#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
yanbzhube2774d2015-12-10 15:07:30 -0500466/*
467 * struct alignment works here such that the key.key is the same as key_data
468 * Do not change the placement of key_data
469 */
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200470struct certificate_ocsp {
471 struct ebmb_node key;
472 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
Willy Tarreau83061a82018-07-13 11:56:34 +0200473 struct buffer response;
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200474 long expire;
475};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200476
yanbzhube2774d2015-12-10 15:07:30 -0500477struct ocsp_cbk_arg {
478 int is_single;
479 int single_kt;
480 union {
481 struct certificate_ocsp *s_ocsp;
482 /*
483 * m_ocsp will have multiple entries dependent on key type
484 * Entry 0 - DSA
485 * Entry 1 - ECDSA
486 * Entry 2 - RSA
487 */
488 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
489 };
490};
491
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200492#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000493static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
494{
495 int err_code = ERR_ABORT;
496 ENGINE *engine;
497 struct ssl_engine_list *el;
498
499 /* grab the structural reference to the engine */
500 engine = ENGINE_by_id(engine_id);
501 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100502 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000503 goto fail_get;
504 }
505
506 if (!ENGINE_init(engine)) {
507 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100508 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000509 goto fail_init;
510 }
511
512 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100513 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000514 goto fail_set_method;
515 }
516
517 el = calloc(1, sizeof(*el));
518 el->e = engine;
519 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100520 nb_engines++;
521 if (global_ssl.async)
522 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000523 return 0;
524
525fail_set_method:
526 /* release the functional reference from ENGINE_init() */
527 ENGINE_finish(engine);
528
529fail_init:
530 /* release the structural reference from ENGINE_by_id() */
531 ENGINE_free(engine);
532
533fail_get:
534 return err_code;
535}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200536#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000537
Willy Tarreau5db847a2019-05-09 14:13:35 +0200538#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200539/*
540 * openssl async fd handler
541 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200542void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000543{
Olivier Houchardea8dd942019-05-20 14:02:16 +0200544 struct ssl_sock_ctx *ctx = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000545
Emeric Brun3854e012017-05-17 20:42:48 +0200546 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000547 * to poll this fd until it is requested
548 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000549 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000550 fd_cant_recv(fd);
551
552 /* crypto engine is available, let's notify the associated
553 * connection that it can pursue its processing.
554 */
Olivier Houchard03abf2d2019-05-28 10:12:02 +0200555 ssl_sock_io_cb(NULL, ctx, 0);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000556}
557
Emeric Brun3854e012017-05-17 20:42:48 +0200558/*
559 * openssl async delayed SSL_free handler
560 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200561void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000562{
563 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200564 OSSL_ASYNC_FD all_fd[32];
565 size_t num_all_fds = 0;
566 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000567
Emeric Brun3854e012017-05-17 20:42:48 +0200568 /* We suppose that the async job for a same SSL *
569 * are serialized. So if we are awake it is
570 * because the running job has just finished
571 * and we can remove all async fds safely
572 */
573 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
574 if (num_all_fds > 32) {
575 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
576 return;
577 }
578
579 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
580 for (i=0 ; i < num_all_fds ; i++)
581 fd_remove(all_fd[i]);
582
583 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000584 SSL_free(ssl);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +0100585 _HA_ATOMIC_SUB(&sslconns, 1);
586 _HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000587}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000588/*
Emeric Brun3854e012017-05-17 20:42:48 +0200589 * function used to manage a returned SSL_ERROR_WANT_ASYNC
590 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000591 */
Olivier Houchardea8dd942019-05-20 14:02:16 +0200592static inline void ssl_async_process_fds(struct ssl_sock_ctx *ctx)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000593{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100594 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200595 OSSL_ASYNC_FD del_fd[32];
Olivier Houchardea8dd942019-05-20 14:02:16 +0200596 SSL *ssl = ctx->ssl;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000597 size_t num_add_fds = 0;
598 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200599 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000600
601 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
602 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200603 if (num_add_fds > 32 || num_del_fds > 32) {
604 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000605 return;
606 }
607
Emeric Brun3854e012017-05-17 20:42:48 +0200608 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000609
Emeric Brun3854e012017-05-17 20:42:48 +0200610 /* We remove unused fds from the fdtab */
611 for (i=0 ; i < num_del_fds ; i++)
612 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000613
Emeric Brun3854e012017-05-17 20:42:48 +0200614 /* We add new fds to the fdtab */
615 for (i=0 ; i < num_add_fds ; i++) {
Olivier Houchardea8dd942019-05-20 14:02:16 +0200616 fd_insert(add_fd[i], ctx, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000617 }
618
Emeric Brun3854e012017-05-17 20:42:48 +0200619 num_add_fds = 0;
620 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
621 if (num_add_fds > 32) {
622 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
623 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000624 }
Emeric Brun3854e012017-05-17 20:42:48 +0200625
626 /* We activate the polling for all known async fds */
627 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000628 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200629 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000630 /* To ensure that the fd cache won't be used
631 * We'll prefer to catch a real RD event
632 * because handling an EAGAIN on this fd will
633 * result in a context switch and also
634 * some engines uses a fd in blocking mode.
635 */
636 fd_cant_recv(add_fd[i]);
637 }
Emeric Brun3854e012017-05-17 20:42:48 +0200638
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000639}
640#endif
641
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200642/*
643 * This function returns the number of seconds elapsed
644 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
645 * date presented un ASN1_GENERALIZEDTIME.
646 *
647 * In parsing error case, it returns -1.
648 */
649static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
650{
651 long epoch;
652 char *p, *end;
653 const unsigned short month_offset[12] = {
654 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
655 };
656 int year, month;
657
658 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
659
660 p = (char *)d->data;
661 end = p + d->length;
662
663 if (end - p < 4) return -1;
664 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
665 p += 4;
666 if (end - p < 2) return -1;
667 month = 10 * (p[0] - '0') + p[1] - '0';
668 if (month < 1 || month > 12) return -1;
669 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
670 We consider leap years and the current month (<marsh or not) */
671 epoch = ( ((year - 1970) * 365)
672 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
673 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
674 + month_offset[month-1]
675 ) * 24 * 60 * 60;
676 p += 2;
677 if (end - p < 2) return -1;
678 /* Add the number of seconds of completed days of current month */
679 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
680 p += 2;
681 if (end - p < 2) return -1;
682 /* Add the completed hours of the current day */
683 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
684 p += 2;
685 if (end - p < 2) return -1;
686 /* Add the completed minutes of the current hour */
687 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
688 p += 2;
689 if (p == end) return -1;
690 /* Test if there is available seconds */
691 if (p[0] < '0' || p[0] > '9')
692 goto nosec;
693 if (end - p < 2) return -1;
694 /* Add the seconds of the current minute */
695 epoch += 10 * (p[0] - '0') + p[1] - '0';
696 p += 2;
697 if (p == end) return -1;
698 /* Ignore seconds float part if present */
699 if (p[0] == '.') {
700 do {
701 if (++p == end) return -1;
702 } while (p[0] >= '0' && p[0] <= '9');
703 }
704
705nosec:
706 if (p[0] == 'Z') {
707 if (end - p != 1) return -1;
708 return epoch;
709 }
710 else if (p[0] == '+') {
711 if (end - p != 5) return -1;
712 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700713 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200714 }
715 else if (p[0] == '-') {
716 if (end - p != 5) return -1;
717 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700718 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200719 }
720
721 return -1;
722}
723
Emeric Brun1d3865b2014-06-20 15:37:32 +0200724static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200725
726/* This function starts to check if the OCSP response (in DER format) contained
727 * in chunk 'ocsp_response' is valid (else exits on error).
728 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
729 * contained in the OCSP Response and exits on error if no match.
730 * If it's a valid OCSP Response:
731 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
732 * pointed by 'ocsp'.
733 * If 'ocsp' is NULL, the function looks up into the OCSP response's
734 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
735 * from the response) and exits on error if not found. Finally, If an OCSP response is
736 * already present in the container, it will be overwritten.
737 *
738 * Note: OCSP response containing more than one OCSP Single response is not
739 * considered valid.
740 *
741 * Returns 0 on success, 1 in error case.
742 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200743static int ssl_sock_load_ocsp_response(struct buffer *ocsp_response,
744 struct certificate_ocsp *ocsp,
745 OCSP_CERTID *cid, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200746{
747 OCSP_RESPONSE *resp;
748 OCSP_BASICRESP *bs = NULL;
749 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200750 OCSP_CERTID *id;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200751 unsigned char *p = (unsigned char *) ocsp_response->area;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200752 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200753 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200754 int reason;
755 int ret = 1;
756
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200757 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p,
758 ocsp_response->data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200759 if (!resp) {
760 memprintf(err, "Unable to parse OCSP response");
761 goto out;
762 }
763
764 rc = OCSP_response_status(resp);
765 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
766 memprintf(err, "OCSP response status not successful");
767 goto out;
768 }
769
770 bs = OCSP_response_get1_basic(resp);
771 if (!bs) {
772 memprintf(err, "Failed to get basic response from OCSP Response");
773 goto out;
774 }
775
776 count_sr = OCSP_resp_count(bs);
777 if (count_sr > 1) {
778 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
779 goto out;
780 }
781
782 sr = OCSP_resp_get0(bs, 0);
783 if (!sr) {
784 memprintf(err, "Failed to get OCSP single response");
785 goto out;
786 }
787
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200788 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
789
Emeric Brun4147b2e2014-06-16 18:36:30 +0200790 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200791 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200792 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200793 goto out;
794 }
795
Emeric Brun13a6b482014-06-20 15:44:34 +0200796 if (!nextupd) {
797 memprintf(err, "OCSP single response: missing nextupdate");
798 goto out;
799 }
800
Emeric Brunc8b27b62014-06-19 14:16:17 +0200801 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200802 if (!rc) {
803 memprintf(err, "OCSP single response: no longer valid.");
804 goto out;
805 }
806
807 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200808 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200809 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
810 goto out;
811 }
812 }
813
814 if (!ocsp) {
815 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
816 unsigned char *p;
817
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200818 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200819 if (!rc) {
820 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
821 goto out;
822 }
823
824 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
825 memprintf(err, "OCSP single response: Certificate ID too long");
826 goto out;
827 }
828
829 p = key;
830 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200831 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200832 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
833 if (!ocsp) {
834 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
835 goto out;
836 }
837 }
838
839 /* According to comments on "chunk_dup", the
840 previous chunk buffer will be freed */
841 if (!chunk_dup(&ocsp->response, ocsp_response)) {
842 memprintf(err, "OCSP response: Memory allocation error");
843 goto out;
844 }
845
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200846 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
847
Emeric Brun4147b2e2014-06-16 18:36:30 +0200848 ret = 0;
849out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +0100850 ERR_clear_error();
851
Emeric Brun4147b2e2014-06-16 18:36:30 +0200852 if (bs)
853 OCSP_BASICRESP_free(bs);
854
855 if (resp)
856 OCSP_RESPONSE_free(resp);
857
858 return ret;
859}
860/*
861 * External function use to update the OCSP response in the OCSP response's
862 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
863 * to update in DER format.
864 *
865 * Returns 0 on success, 1 in error case.
866 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200867int ssl_sock_update_ocsp_response(struct buffer *ocsp_response, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200868{
869 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
870}
871
872/*
873 * This function load the OCSP Resonse in DER format contained in file at
874 * path 'ocsp_path' and call 'ssl_sock_load_ocsp_response'
875 *
876 * Returns 0 on success, 1 in error case.
877 */
878static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
879{
880 int fd = -1;
881 int r = 0;
882 int ret = 1;
883
884 fd = open(ocsp_path, O_RDONLY);
885 if (fd == -1) {
886 memprintf(err, "Error opening OCSP response file");
887 goto end;
888 }
889
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200890 trash.data = 0;
891 while (trash.data < trash.size) {
892 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200893 if (r < 0) {
894 if (errno == EINTR)
895 continue;
896
897 memprintf(err, "Error reading OCSP response from file");
898 goto end;
899 }
900 else if (r == 0) {
901 break;
902 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200903 trash.data += r;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200904 }
905
906 close(fd);
907 fd = -1;
908
909 ret = ssl_sock_load_ocsp_response(&trash, ocsp, cid, err);
910end:
911 if (fd != -1)
912 close(fd);
913
914 return ret;
915}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100916#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +0200917
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100918#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
919static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
920{
Christopher Faulet16f45c82018-02-16 11:23:49 +0100921 struct tls_keys_ref *ref;
Emeric Brun9e754772019-01-10 17:51:55 +0100922 union tls_sess_key *keys;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100923 struct connection *conn;
924 int head;
925 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100926 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100927
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200928 conn = SSL_get_ex_data(s, ssl_app_data_index);
Willy Tarreau07d94e42018-09-20 10:57:52 +0200929 ref = __objt_listener(conn->target)->bind_conf->keys_ref;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100930 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
931
932 keys = ref->tlskeys;
933 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100934
935 if (enc) {
936 memcpy(key_name, keys[head].name, 16);
937
938 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100939 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100940
Emeric Brun9e754772019-01-10 17:51:55 +0100941 if (ref->key_size_bits == 128) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100942
Emeric Brun9e754772019-01-10 17:51:55 +0100943 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].key_128.aes_key, iv))
944 goto end;
945
Willy Tarreau9356dac2019-05-10 09:22:53 +0200946 HMAC_Init_ex(hctx, keys[head].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100947 ret = 1;
948 }
949 else if (ref->key_size_bits == 256 ) {
950
951 if(!EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[head].key_256.aes_key, iv))
952 goto end;
953
Willy Tarreau9356dac2019-05-10 09:22:53 +0200954 HMAC_Init_ex(hctx, keys[head].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100955 ret = 1;
956 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100957 } else {
958 for (i = 0; i < TLS_TICKETS_NO; i++) {
959 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
960 goto found;
961 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100962 ret = 0;
963 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100964
Christopher Faulet16f45c82018-02-16 11:23:49 +0100965 found:
Emeric Brun9e754772019-01-10 17:51:55 +0100966 if (ref->key_size_bits == 128) {
Willy Tarreau9356dac2019-05-10 09:22:53 +0200967 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100968 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_128.aes_key, iv))
969 goto end;
970 /* 2 for key renewal, 1 if current key is still valid */
971 ret = i ? 2 : 1;
972 }
973 else if (ref->key_size_bits == 256) {
Willy Tarreau9356dac2019-05-10 09:22:53 +0200974 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100975 if(!EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_256.aes_key, iv))
976 goto end;
977 /* 2 for key renewal, 1 if current key is still valid */
978 ret = i ? 2 : 1;
979 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100980 }
Emeric Brun9e754772019-01-10 17:51:55 +0100981
Christopher Faulet16f45c82018-02-16 11:23:49 +0100982 end:
983 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
984 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200985}
986
987struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
988{
989 struct tls_keys_ref *ref;
990
991 list_for_each_entry(ref, &tlskeys_reference, list)
992 if (ref->filename && strcmp(filename, ref->filename) == 0)
993 return ref;
994 return NULL;
995}
996
997struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
998{
999 struct tls_keys_ref *ref;
1000
1001 list_for_each_entry(ref, &tlskeys_reference, list)
1002 if (ref->unique_id == unique_id)
1003 return ref;
1004 return NULL;
1005}
1006
Emeric Brun9e754772019-01-10 17:51:55 +01001007/* Update the key into ref: if keysize doesnt
1008 * match existing ones, this function returns -1
1009 * else it returns 0 on success.
1010 */
1011int ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref,
Willy Tarreau83061a82018-07-13 11:56:34 +02001012 struct buffer *tlskey)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001013{
Emeric Brun9e754772019-01-10 17:51:55 +01001014 if (ref->key_size_bits == 128) {
1015 if (tlskey->data != sizeof(struct tls_sess_key_128))
1016 return -1;
1017 }
1018 else if (ref->key_size_bits == 256) {
1019 if (tlskey->data != sizeof(struct tls_sess_key_256))
1020 return -1;
1021 }
1022 else
1023 return -1;
1024
Christopher Faulet16f45c82018-02-16 11:23:49 +01001025 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001026 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)),
1027 tlskey->area, tlskey->data);
Christopher Faulet16f45c82018-02-16 11:23:49 +01001028 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
1029 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Emeric Brun9e754772019-01-10 17:51:55 +01001030
1031 return 0;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001032}
1033
Willy Tarreau83061a82018-07-13 11:56:34 +02001034int ssl_sock_update_tlskey(char *filename, struct buffer *tlskey, char **err)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001035{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001036 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
1037
1038 if(!ref) {
1039 memprintf(err, "Unable to locate the referenced filename: %s", filename);
1040 return 1;
1041 }
Emeric Brun9e754772019-01-10 17:51:55 +01001042 if (ssl_sock_update_tlskey_ref(ref, tlskey) < 0) {
1043 memprintf(err, "Invalid key size");
1044 return 1;
1045 }
1046
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001047 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001048}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001049
1050/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +01001051 * automatic ids. It's called just after the basic checks. It returns
1052 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001053 */
Willy Tarreaud1c57502016-12-22 22:46:15 +01001054static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001055{
1056 int i = 0;
1057 struct tls_keys_ref *ref, *ref2, *ref3;
1058 struct list tkr = LIST_HEAD_INIT(tkr);
1059
1060 list_for_each_entry(ref, &tlskeys_reference, list) {
1061 if (ref->unique_id == -1) {
1062 /* Look for the first free id. */
1063 while (1) {
1064 list_for_each_entry(ref2, &tlskeys_reference, list) {
1065 if (ref2->unique_id == i) {
1066 i++;
1067 break;
1068 }
1069 }
1070 if (&ref2->list == &tlskeys_reference)
1071 break;
1072 }
1073
1074 /* Uses the unique id and increment it for the next entry. */
1075 ref->unique_id = i;
1076 i++;
1077 }
1078 }
1079
1080 /* This sort the reference list by id. */
1081 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
1082 LIST_DEL(&ref->list);
1083 list_for_each_entry(ref3, &tkr, list) {
1084 if (ref->unique_id < ref3->unique_id) {
1085 LIST_ADDQ(&ref3->list, &ref->list);
1086 break;
1087 }
1088 }
1089 if (&ref3->list == &tkr)
1090 LIST_ADDQ(&tkr, &ref->list);
1091 }
1092
1093 /* swap root */
1094 LIST_ADD(&tkr, &tlskeys_reference);
1095 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +01001096 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001097}
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001098#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
1099
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001100#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -05001101int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
1102{
1103 switch (evp_keytype) {
1104 case EVP_PKEY_RSA:
1105 return 2;
1106 case EVP_PKEY_DSA:
1107 return 0;
1108 case EVP_PKEY_EC:
1109 return 1;
1110 }
1111
1112 return -1;
1113}
1114
Emeric Brun4147b2e2014-06-16 18:36:30 +02001115/*
1116 * Callback used to set OCSP status extension content in server hello.
1117 */
1118int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
1119{
yanbzhube2774d2015-12-10 15:07:30 -05001120 struct certificate_ocsp *ocsp;
1121 struct ocsp_cbk_arg *ocsp_arg;
1122 char *ssl_buf;
1123 EVP_PKEY *ssl_pkey;
1124 int key_type;
1125 int index;
1126
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001127 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -05001128
1129 ssl_pkey = SSL_get_privatekey(ssl);
1130 if (!ssl_pkey)
1131 return SSL_TLSEXT_ERR_NOACK;
1132
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001133 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001134
1135 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
1136 ocsp = ocsp_arg->s_ocsp;
1137 else {
1138 /* For multiple certs per context, we have to find the correct OCSP response based on
1139 * the certificate type
1140 */
1141 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
1142
1143 if (index < 0)
1144 return SSL_TLSEXT_ERR_NOACK;
1145
1146 ocsp = ocsp_arg->m_ocsp[index];
1147
1148 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001149
1150 if (!ocsp ||
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001151 !ocsp->response.area ||
1152 !ocsp->response.data ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001153 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001154 return SSL_TLSEXT_ERR_NOACK;
1155
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001156 ssl_buf = OPENSSL_malloc(ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001157 if (!ssl_buf)
1158 return SSL_TLSEXT_ERR_NOACK;
1159
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001160 memcpy(ssl_buf, ocsp->response.area, ocsp->response.data);
1161 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001162
1163 return SSL_TLSEXT_ERR_OK;
1164}
1165
1166/*
1167 * This function enables the handling of OCSP status extension on 'ctx' if a
1168 * file name 'cert_path' suffixed using ".ocsp" is present.
1169 * To enable OCSP status extension, the issuer's certificate is mandatory.
1170 * It should be present in the certificate's extra chain builded from file
1171 * 'cert_path'. If not found, the issuer certificate is loaded from a file
1172 * named 'cert_path' suffixed using '.issuer'.
1173 *
1174 * In addition, ".ocsp" file content is loaded as a DER format of an OCSP
1175 * response. If file is empty or content is not a valid OCSP response,
1176 * OCSP status extension is enabled but OCSP response is ignored (a warning
1177 * is displayed).
1178 *
1179 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
Joseph Herlant017b3da2018-11-15 09:07:59 -08001180 * successfully enabled, or -1 in other error case.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001181 */
1182static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
1183{
1184
1185 BIO *in = NULL;
1186 X509 *x, *xi = NULL, *issuer = NULL;
1187 STACK_OF(X509) *chain = NULL;
1188 OCSP_CERTID *cid = NULL;
1189 SSL *ssl;
1190 char ocsp_path[MAXPATHLEN+1];
1191 int i, ret = -1;
1192 struct stat st;
1193 struct certificate_ocsp *ocsp = NULL, *iocsp;
1194 char *warn = NULL;
1195 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001196 pem_password_cb *passwd_cb;
1197 void *passwd_cb_userdata;
1198 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001199
1200 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1201
1202 if (stat(ocsp_path, &st))
1203 return 1;
1204
1205 ssl = SSL_new(ctx);
1206 if (!ssl)
1207 goto out;
1208
1209 x = SSL_get_certificate(ssl);
1210 if (!x)
1211 goto out;
1212
1213 /* Try to lookup for issuer in certificate extra chain */
Emeric Brun4147b2e2014-06-16 18:36:30 +02001214 SSL_CTX_get_extra_chain_certs(ctx, &chain);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001215 for (i = 0; i < sk_X509_num(chain); i++) {
1216 issuer = sk_X509_value(chain, i);
1217 if (X509_check_issued(issuer, x) == X509_V_OK)
1218 break;
1219 else
1220 issuer = NULL;
1221 }
1222
1223 /* If not found try to load issuer from a suffixed file */
1224 if (!issuer) {
1225 char issuer_path[MAXPATHLEN+1];
1226
1227 in = BIO_new(BIO_s_file());
1228 if (!in)
1229 goto out;
1230
1231 snprintf(issuer_path, MAXPATHLEN+1, "%s.issuer", cert_path);
1232 if (BIO_read_filename(in, issuer_path) <= 0)
1233 goto out;
1234
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001235 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
1236 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
1237
1238 xi = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001239 if (!xi)
1240 goto out;
1241
1242 if (X509_check_issued(xi, x) != X509_V_OK)
1243 goto out;
1244
1245 issuer = xi;
1246 }
1247
1248 cid = OCSP_cert_to_id(0, x, issuer);
1249 if (!cid)
1250 goto out;
1251
1252 i = i2d_OCSP_CERTID(cid, NULL);
1253 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1254 goto out;
1255
Vincent Bernat02779b62016-04-03 13:48:43 +02001256 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001257 if (!ocsp)
1258 goto out;
1259
1260 p = ocsp->key_data;
1261 i2d_OCSP_CERTID(cid, &p);
1262
1263 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1264 if (iocsp == ocsp)
1265 ocsp = NULL;
1266
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001267#ifndef SSL_CTX_get_tlsext_status_cb
1268# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1269 *cb = (void (*) (void))ctx->tlsext_status_cb;
1270#endif
1271 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1272
1273 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001274 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001275 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001276
1277 cb_arg->is_single = 1;
1278 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001279
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001280 pkey = X509_get_pubkey(x);
1281 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1282 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001283
1284 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1285 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1286 } else {
1287 /*
1288 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1289 * Update that cb_arg with the new cert's staple
1290 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001291 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001292 struct certificate_ocsp *tmp_ocsp;
1293 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001294 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001295 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001296
1297#ifdef SSL_CTX_get_tlsext_status_arg
1298 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1299#else
1300 cb_arg = ctx->tlsext_status_arg;
1301#endif
yanbzhube2774d2015-12-10 15:07:30 -05001302
1303 /*
1304 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1305 * the order of operations below matter, take care when changing it
1306 */
1307 tmp_ocsp = cb_arg->s_ocsp;
1308 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1309 cb_arg->s_ocsp = NULL;
1310 cb_arg->m_ocsp[index] = tmp_ocsp;
1311 cb_arg->is_single = 0;
1312 cb_arg->single_kt = 0;
1313
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001314 pkey = X509_get_pubkey(x);
1315 key_type = EVP_PKEY_base_id(pkey);
1316 EVP_PKEY_free(pkey);
1317
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001318 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001319 if (index >= 0 && !cb_arg->m_ocsp[index])
1320 cb_arg->m_ocsp[index] = iocsp;
1321
1322 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001323
1324 ret = 0;
1325
1326 warn = NULL;
1327 if (ssl_sock_load_ocsp_response_from_file(ocsp_path, iocsp, cid, &warn)) {
1328 memprintf(&warn, "Loading '%s': %s. Content will be ignored", ocsp_path, warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001329 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001330 }
1331
1332out:
1333 if (ssl)
1334 SSL_free(ssl);
1335
1336 if (in)
1337 BIO_free(in);
1338
1339 if (xi)
1340 X509_free(xi);
1341
1342 if (cid)
1343 OCSP_CERTID_free(cid);
1344
1345 if (ocsp)
1346 free(ocsp);
1347
1348 if (warn)
1349 free(warn);
1350
1351
1352 return ret;
1353}
1354
1355#endif
1356
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001357#ifdef OPENSSL_IS_BORINGSSL
1358static int ssl_sock_set_ocsp_response_from_file(SSL_CTX *ctx, const char *cert_path)
1359{
1360 char ocsp_path[MAXPATHLEN+1];
1361 struct stat st;
1362 int fd = -1, r = 0;
1363
1364 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1365 if (stat(ocsp_path, &st))
1366 return 0;
1367
1368 fd = open(ocsp_path, O_RDONLY);
1369 if (fd == -1) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01001370 ha_warning("Error opening OCSP response file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001371 return -1;
1372 }
1373
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001374 trash.data = 0;
1375 while (trash.data < trash.size) {
1376 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001377 if (r < 0) {
1378 if (errno == EINTR)
1379 continue;
Christopher Faulet767a84b2017-11-24 16:50:31 +01001380 ha_warning("Error reading OCSP response from file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001381 close(fd);
1382 return -1;
1383 }
1384 else if (r == 0) {
1385 break;
1386 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001387 trash.data += r;
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001388 }
1389 close(fd);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001390 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *) trash.area,
1391 trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001392}
1393#endif
1394
Willy Tarreau5db847a2019-05-09 14:13:35 +02001395#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001396
1397#define CT_EXTENSION_TYPE 18
1398
1399static int sctl_ex_index = -1;
1400
1401/*
1402 * Try to parse Signed Certificate Timestamp List structure. This function
1403 * makes only basic test if the data seems like SCTL. No signature validation
1404 * is performed.
1405 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001406static int ssl_sock_parse_sctl(struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001407{
1408 int ret = 1;
1409 int len, pos, sct_len;
1410 unsigned char *data;
1411
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001412 if (sctl->data < 2)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001413 goto out;
1414
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001415 data = (unsigned char *) sctl->area;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001416 len = (data[0] << 8) | data[1];
1417
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001418 if (len + 2 != sctl->data)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001419 goto out;
1420
1421 data = data + 2;
1422 pos = 0;
1423 while (pos < len) {
1424 if (len - pos < 2)
1425 goto out;
1426
1427 sct_len = (data[pos] << 8) | data[pos + 1];
1428 if (pos + sct_len + 2 > len)
1429 goto out;
1430
1431 pos += sct_len + 2;
1432 }
1433
1434 ret = 0;
1435
1436out:
1437 return ret;
1438}
1439
Willy Tarreau83061a82018-07-13 11:56:34 +02001440static int ssl_sock_load_sctl_from_file(const char *sctl_path,
1441 struct buffer **sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001442{
1443 int fd = -1;
1444 int r = 0;
1445 int ret = 1;
1446
1447 *sctl = NULL;
1448
1449 fd = open(sctl_path, O_RDONLY);
1450 if (fd == -1)
1451 goto end;
1452
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001453 trash.data = 0;
1454 while (trash.data < trash.size) {
1455 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001456 if (r < 0) {
1457 if (errno == EINTR)
1458 continue;
1459
1460 goto end;
1461 }
1462 else if (r == 0) {
1463 break;
1464 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001465 trash.data += r;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001466 }
1467
1468 ret = ssl_sock_parse_sctl(&trash);
1469 if (ret)
1470 goto end;
1471
Vincent Bernat02779b62016-04-03 13:48:43 +02001472 *sctl = calloc(1, sizeof(**sctl));
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001473 if (!chunk_dup(*sctl, &trash)) {
1474 free(*sctl);
1475 *sctl = NULL;
1476 goto end;
1477 }
1478
1479end:
1480 if (fd != -1)
1481 close(fd);
1482
1483 return ret;
1484}
1485
1486int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1487{
Willy Tarreau83061a82018-07-13 11:56:34 +02001488 struct buffer *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001489
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001490 *out = (unsigned char *) sctl->area;
1491 *outlen = sctl->data;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001492
1493 return 1;
1494}
1495
1496int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1497{
1498 return 1;
1499}
1500
1501static int ssl_sock_load_sctl(SSL_CTX *ctx, const char *cert_path)
1502{
1503 char sctl_path[MAXPATHLEN+1];
1504 int ret = -1;
1505 struct stat st;
Willy Tarreau83061a82018-07-13 11:56:34 +02001506 struct buffer *sctl = NULL;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001507
1508 snprintf(sctl_path, MAXPATHLEN+1, "%s.sctl", cert_path);
1509
1510 if (stat(sctl_path, &st))
1511 return 1;
1512
1513 if (ssl_sock_load_sctl_from_file(sctl_path, &sctl))
1514 goto out;
1515
1516 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL)) {
1517 free(sctl);
1518 goto out;
1519 }
1520
1521 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1522
1523 ret = 0;
1524
1525out:
1526 return ret;
1527}
1528
1529#endif
1530
Emeric Brune1f38db2012-09-03 20:36:47 +02001531void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1532{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001533 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001534 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001535 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001536 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001537
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001538#ifndef SSL_OP_NO_RENEGOTIATION
1539 /* Please note that BoringSSL defines this macro to zero so don't
1540 * change this to #if and do not assign a default value to this macro!
1541 */
Emeric Brune1f38db2012-09-03 20:36:47 +02001542 if (where & SSL_CB_HANDSHAKE_START) {
1543 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001544 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001545 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001546 conn->err_code = CO_ER_SSL_RENEG;
1547 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001548 }
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001549#endif
Emeric Brund8b2bb52014-01-28 15:43:53 +01001550
1551 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001552 if (!(ctx->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
Emeric Brund8b2bb52014-01-28 15:43:53 +01001553 /* Long certificate chains optimz
1554 If write and read bios are differents, we
1555 consider that the buffering was activated,
1556 so we rise the output buffer size from 4k
1557 to 16k */
1558 write_bio = SSL_get_wbio(ssl);
1559 if (write_bio != SSL_get_rbio(ssl)) {
1560 BIO_set_write_buffer_size(write_bio, 16384);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001561 ctx->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001562 }
1563 }
1564 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001565}
1566
Emeric Brune64aef12012-09-21 13:15:06 +02001567/* Callback is called for each certificate of the chain during a verify
1568 ok is set to 1 if preverify detect no error on current certificate.
1569 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001570int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001571{
1572 SSL *ssl;
1573 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001574 struct ssl_sock_ctx *ctx;
Emeric Brun81c00f02012-09-21 14:31:21 +02001575 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001576
1577 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001578 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001579
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001580 ctx = conn->xprt_ctx;
1581
1582 ctx->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001583
Emeric Brun81c00f02012-09-21 14:31:21 +02001584 if (ok) /* no errors */
1585 return ok;
1586
1587 depth = X509_STORE_CTX_get_error_depth(x_store);
1588 err = X509_STORE_CTX_get_error(x_store);
1589
1590 /* check if CA error needs to be ignored */
1591 if (depth > 0) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001592 if (!SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st)) {
1593 ctx->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1594 ctx->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001595 }
1596
Willy Tarreau07d94e42018-09-20 10:57:52 +02001597 if (__objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001598 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001599 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001600 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001601 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001602
Willy Tarreau20879a02012-12-03 16:32:10 +01001603 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001604 return 0;
1605 }
1606
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001607 if (!SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st))
1608 ctx->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001609
Emeric Brun81c00f02012-09-21 14:31:21 +02001610 /* check if certificate error needs to be ignored */
Willy Tarreau07d94e42018-09-20 10:57:52 +02001611 if (__objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001612 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001613 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001614 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001615 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001616
Willy Tarreau20879a02012-12-03 16:32:10 +01001617 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001618 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001619}
1620
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001621static inline
1622void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001623 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001624{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001625 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001626 unsigned char *msg;
1627 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001628 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001629
1630 /* This function is called for "from client" and "to server"
1631 * connections. The combination of write_p == 0 and content_type == 22
Joseph Herlant017b3da2018-11-15 09:07:59 -08001632 * is only available during "from client" connection.
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001633 */
1634
1635 /* "write_p" is set to 0 is the bytes are received messages,
1636 * otherwise it is set to 1.
1637 */
1638 if (write_p != 0)
1639 return;
1640
1641 /* content_type contains the type of message received or sent
1642 * according with the SSL/TLS protocol spec. This message is
1643 * encoded with one byte. The value 256 (two bytes) is used
1644 * for designing the SSL/TLS record layer. According with the
1645 * rfc6101, the expected message (other than 256) are:
1646 * - change_cipher_spec(20)
1647 * - alert(21)
1648 * - handshake(22)
1649 * - application_data(23)
1650 * - (255)
1651 * We are interessed by the handshake and specially the client
1652 * hello.
1653 */
1654 if (content_type != 22)
1655 return;
1656
1657 /* The message length is at least 4 bytes, containing the
1658 * message type and the message length.
1659 */
1660 if (len < 4)
1661 return;
1662
1663 /* First byte of the handshake message id the type of
1664 * message. The konwn types are:
1665 * - hello_request(0)
1666 * - client_hello(1)
1667 * - server_hello(2)
1668 * - certificate(11)
1669 * - server_key_exchange (12)
1670 * - certificate_request(13)
1671 * - server_hello_done(14)
1672 * We are interested by the client hello.
1673 */
1674 msg = (unsigned char *)buf;
1675 if (msg[0] != 1)
1676 return;
1677
1678 /* Next three bytes are the length of the message. The total length
1679 * must be this decoded length + 4. If the length given as argument
1680 * is not the same, we abort the protocol dissector.
1681 */
1682 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1683 if (len < rec_len + 4)
1684 return;
1685 msg += 4;
1686 end = msg + rec_len;
1687 if (end < msg)
1688 return;
1689
1690 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1691 * for minor, the random, composed by 4 bytes for the unix time and
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001692 * 28 bytes for unix payload. So we jump 1 + 1 + 4 + 28.
1693 */
1694 msg += 1 + 1 + 4 + 28;
1695 if (msg > end)
1696 return;
1697
1698 /* Next, is session id:
1699 * if present, we have to jump by length + 1 for the size information
1700 * if not present, we have to jump by 1 only
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001701 */
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001702 if (msg[0] > 0)
1703 msg += msg[0];
1704 msg += 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001705 if (msg > end)
1706 return;
1707
1708 /* Next two bytes are the ciphersuite length. */
1709 if (msg + 2 > end)
1710 return;
1711 rec_len = (msg[0] << 8) + msg[1];
1712 msg += 2;
1713 if (msg + rec_len > end || msg + rec_len < msg)
1714 return;
1715
Willy Tarreaubafbe012017-11-24 17:34:44 +01001716 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001717 if (!capture)
1718 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001719 /* Compute the xxh64 of the ciphersuite. */
1720 capture->xxh64 = XXH64(msg, rec_len, 0);
1721
1722 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001723 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1724 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001725 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001726
1727 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001728}
1729
Emeric Brun29f037d2014-04-25 19:05:36 +02001730/* Callback is called for ssl protocol analyse */
1731void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1732{
Emeric Brun29f037d2014-04-25 19:05:36 +02001733#ifdef TLS1_RT_HEARTBEAT
1734 /* test heartbeat received (write_p is set to 0
1735 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001736 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001737 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
William Lallemand7e1770b2019-05-13 14:31:34 +02001738 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001739 const unsigned char *p = buf;
1740 unsigned int payload;
1741
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001742 ctx->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001743
1744 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1745 if (*p != TLS1_HB_REQUEST)
1746 return;
1747
Willy Tarreauaeed6722014-04-25 23:59:58 +02001748 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001749 goto kill_it;
1750
1751 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001752 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001753 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001754 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001755 /* We have a clear heartbleed attack (CVE-2014-0160), the
1756 * advertised payload is larger than the advertised packet
1757 * length, so we have garbage in the buffer between the
1758 * payload and the end of the buffer (p+len). We can't know
1759 * if the SSL stack is patched, and we don't know if we can
1760 * safely wipe out the area between p+3+len and payload.
1761 * So instead, we prevent the response from being sent by
1762 * setting the max_send_fragment to 0 and we report an SSL
1763 * error, which will kill this connection. It will be reported
1764 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001765 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1766 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001767 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001768 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1769 return;
1770 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001771#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001772 if (global_ssl.capture_cipherlist > 0)
1773 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001774}
1775
Bernard Spil13c53f82018-02-15 13:34:58 +01001776#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchardc7566002018-11-20 23:33:50 +01001777static int ssl_sock_srv_select_protos(SSL *s, unsigned char **out, unsigned char *outlen,
1778 const unsigned char *in, unsigned int inlen,
1779 void *arg)
1780{
1781 struct server *srv = arg;
1782
1783 if (SSL_select_next_proto(out, outlen, in, inlen, (unsigned char *)srv->ssl_ctx.npn_str,
1784 srv->ssl_ctx.npn_len) == OPENSSL_NPN_NEGOTIATED)
1785 return SSL_TLSEXT_ERR_OK;
1786 return SSL_TLSEXT_ERR_NOACK;
1787}
1788#endif
1789
1790#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001791/* This callback is used so that the server advertises the list of
1792 * negociable protocols for NPN.
1793 */
1794static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1795 unsigned int *len, void *arg)
1796{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001797 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001798
1799 *data = (const unsigned char *)conf->npn_str;
1800 *len = conf->npn_len;
1801 return SSL_TLSEXT_ERR_OK;
1802}
1803#endif
1804
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001805#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001806/* This callback is used so that the server advertises the list of
1807 * negociable protocols for ALPN.
1808 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001809static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1810 unsigned char *outlen,
1811 const unsigned char *server,
1812 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001813{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001814 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001815
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001816 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1817 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1818 return SSL_TLSEXT_ERR_NOACK;
1819 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001820 return SSL_TLSEXT_ERR_OK;
1821}
1822#endif
1823
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001824#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001825#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001826
Christopher Faulet30548802015-06-11 13:39:32 +02001827/* Create a X509 certificate with the specified servername and serial. This
1828 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001829static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001830ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001831{
Christopher Faulet7969a332015-10-09 11:15:03 +02001832 X509 *cacert = bind_conf->ca_sign_cert;
1833 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001834 SSL_CTX *ssl_ctx = NULL;
1835 X509 *newcrt = NULL;
1836 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001837 SSL *tmp_ssl = NULL;
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001838 CONF *ctmp = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001839 X509_NAME *name;
1840 const EVP_MD *digest;
1841 X509V3_CTX ctx;
1842 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001843 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001844
Christopher Faulet48a83322017-07-28 16:56:09 +02001845 /* Get the private key of the default certificate and use it */
Willy Tarreau5db847a2019-05-09 14:13:35 +02001846#if (HA_OPENSSL_VERSION_NUMBER >= 0x10002000L)
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001847 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1848#else
1849 tmp_ssl = SSL_new(bind_conf->default_ctx);
1850 if (tmp_ssl)
1851 pkey = SSL_get_privatekey(tmp_ssl);
1852#endif
1853 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001854 goto mkcert_error;
1855
1856 /* Create the certificate */
1857 if (!(newcrt = X509_new()))
1858 goto mkcert_error;
1859
1860 /* Set version number for the certificate (X509v3) and the serial
1861 * number */
1862 if (X509_set_version(newcrt, 2L) != 1)
1863 goto mkcert_error;
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01001864 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), _HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001865
1866 /* Set duration for the certificate */
Rosen Penev68185952018-12-14 08:47:02 -08001867 if (!X509_gmtime_adj(X509_getm_notBefore(newcrt), (long)-60*60*24) ||
1868 !X509_gmtime_adj(X509_getm_notAfter(newcrt),(long)60*60*24*365))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001869 goto mkcert_error;
1870
1871 /* set public key in the certificate */
1872 if (X509_set_pubkey(newcrt, pkey) != 1)
1873 goto mkcert_error;
1874
1875 /* Set issuer name from the CA */
1876 if (!(name = X509_get_subject_name(cacert)))
1877 goto mkcert_error;
1878 if (X509_set_issuer_name(newcrt, name) != 1)
1879 goto mkcert_error;
1880
1881 /* Set the subject name using the same, but the CN */
1882 name = X509_NAME_dup(name);
1883 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
1884 (const unsigned char *)servername,
1885 -1, -1, 0) != 1) {
1886 X509_NAME_free(name);
1887 goto mkcert_error;
1888 }
1889 if (X509_set_subject_name(newcrt, name) != 1) {
1890 X509_NAME_free(name);
1891 goto mkcert_error;
1892 }
1893 X509_NAME_free(name);
1894
1895 /* Add x509v3 extensions as specified */
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001896 ctmp = NCONF_new(NULL);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001897 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
1898 for (i = 0; i < X509V3_EXT_SIZE; i++) {
1899 X509_EXTENSION *ext;
1900
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001901 if (!(ext = X509V3_EXT_nconf(ctmp, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001902 goto mkcert_error;
1903 if (!X509_add_ext(newcrt, ext, -1)) {
1904 X509_EXTENSION_free(ext);
1905 goto mkcert_error;
1906 }
1907 X509_EXTENSION_free(ext);
1908 }
1909
1910 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001911
1912 key_type = EVP_PKEY_base_id(capkey);
1913
1914 if (key_type == EVP_PKEY_DSA)
1915 digest = EVP_sha1();
1916 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001917 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001918 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02001919 digest = EVP_sha256();
1920 else {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02001921#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000000fL) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet7969a332015-10-09 11:15:03 +02001922 int nid;
1923
1924 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
1925 goto mkcert_error;
1926 if (!(digest = EVP_get_digestbynid(nid)))
1927 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02001928#else
1929 goto mkcert_error;
1930#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02001931 }
1932
Christopher Faulet31af49d2015-06-09 17:29:50 +02001933 if (!(X509_sign(newcrt, capkey, digest)))
1934 goto mkcert_error;
1935
1936 /* Create and set the new SSL_CTX */
1937 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
1938 goto mkcert_error;
1939 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1940 goto mkcert_error;
1941 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
1942 goto mkcert_error;
1943 if (!SSL_CTX_check_private_key(ssl_ctx))
1944 goto mkcert_error;
1945
1946 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02001947
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001948#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001949 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001950#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001951#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
1952 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001953 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001954 EC_KEY *ecc;
1955 int nid;
1956
1957 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
1958 goto end;
1959 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
1960 goto end;
1961 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
1962 EC_KEY_free(ecc);
1963 }
1964#endif
1965 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02001966 return ssl_ctx;
1967
1968 mkcert_error:
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001969 if (ctmp) NCONF_free(ctmp);
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001970 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001971 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
1972 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001973 return NULL;
1974}
1975
Christopher Faulet7969a332015-10-09 11:15:03 +02001976SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001977ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02001978{
Willy Tarreau07d94e42018-09-20 10:57:52 +02001979 struct bind_conf *bind_conf = __objt_listener(conn->target)->bind_conf;
Olivier Houchard66ab4982019-02-26 18:37:15 +01001980 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001981
Olivier Houchard66ab4982019-02-26 18:37:15 +01001982 return ssl_sock_do_create_cert(servername, bind_conf, ctx->ssl);
Christopher Faulet7969a332015-10-09 11:15:03 +02001983}
1984
Christopher Faulet30548802015-06-11 13:39:32 +02001985/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02001986 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02001987SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02001988ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02001989{
1990 struct lru64 *lru = NULL;
1991
1992 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001993 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001994 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001995 if (lru && lru->domain) {
1996 if (ssl)
1997 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001998 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001999 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002000 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002001 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002002 }
2003 return NULL;
2004}
2005
Emeric Brun821bb9b2017-06-15 16:37:39 +02002006/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
2007 * function is not thread-safe, it should only be used to check if a certificate
2008 * exists in the lru cache (with no warranty it will not be removed by another
2009 * thread). It is kept for backward compatibility. */
2010SSL_CTX *
2011ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
2012{
2013 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
2014}
2015
Christopher Fauletd2cab922015-07-28 16:03:47 +02002016/* Set a certificate int the LRU cache used to store generated
2017 * certificate. Return 0 on success, otherwise -1 */
2018int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002019ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02002020{
2021 struct lru64 *lru = NULL;
2022
2023 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002024 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002025 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02002026 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002027 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002028 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002029 }
Christopher Faulet30548802015-06-11 13:39:32 +02002030 if (lru->domain && lru->data)
2031 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02002032 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002033 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002034 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02002035 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02002036 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02002037}
2038
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002039/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02002040unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002041ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02002042{
2043 return XXH32(data, len, ssl_ctx_lru_seed);
2044}
2045
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002046/* Generate a cert and immediately assign it to the SSL session so that the cert's
2047 * refcount is maintained regardless of the cert's presence in the LRU cache.
2048 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002049static int
Christopher Faulet7969a332015-10-09 11:15:03 +02002050ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02002051{
2052 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002053 SSL_CTX *ssl_ctx = NULL;
2054 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002055 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002056
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002057 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02002058 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002059 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002060 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002061 if (lru && lru->domain)
2062 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02002063 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002064 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002065 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002066 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002067 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002068 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002069 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002070 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002071 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002072 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002073 SSL_set_SSL_CTX(ssl, ssl_ctx);
2074 /* No LRU cache, this CTX will be released as soon as the session dies */
2075 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002076 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002077 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002078 return 0;
2079}
2080static int
2081ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
2082{
2083 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002084 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002085
Willy Tarreauf5bdb642019-07-17 11:29:32 +02002086 if (conn_get_dst(conn)) {
Willy Tarreau085a1512019-07-17 14:47:35 +02002087 key = ssl_sock_generated_cert_key(conn->dst, get_addr_len(conn->dst));
Emeric Brun821bb9b2017-06-15 16:37:39 +02002088 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002089 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002090 }
2091 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002092}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002093#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002094
Willy Tarreau9a1ab082019-05-09 13:26:41 +02002095#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002096typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
2097
2098static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002099{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002100#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002101 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002102 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
2103#endif
2104}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002105static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2106 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002107 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
2108}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002109static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002110#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002111 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002112 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
2113#endif
2114}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002115static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002116#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002117 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002118 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
2119#endif
2120}
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002121/* TLSv1.2 is the last supported version in this context. */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002122static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
2123/* Unusable in this context. */
2124static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
2125static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
2126static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
2127static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
2128static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002129#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002130typedef enum { SET_MIN, SET_MAX } set_context_func;
2131
2132static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2133 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002134 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2135}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002136static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2137 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2138 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2139}
2140static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2141 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002142 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2143}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002144static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2145 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2146 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2147}
2148static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2149 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002150 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2151}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002152static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2153 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2154 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2155}
2156static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2157 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002158 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2159}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002160static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2161 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2162 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2163}
2164static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002165#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002166 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002167 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2168#endif
2169}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002170static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2171#if SSL_OP_NO_TLSv1_3
2172 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2173 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002174#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002175}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002176#endif
2177static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2178static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002179
2180static struct {
2181 int option;
2182 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002183 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2184 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002185 const char *name;
2186} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002187 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2188 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2189 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2190 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2191 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2192 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002193};
2194
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002195static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2196{
2197 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2198 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2199 SSL_set_SSL_CTX(ssl, ctx);
2200}
2201
Willy Tarreau5db847a2019-05-09 14:13:35 +02002202#if ((HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL))
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002203
2204static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2205{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002206 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002207 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002208
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002209 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2210 return SSL_TLSEXT_ERR_OK;
2211 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002212}
2213
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002214#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002215static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2216{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002217 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002218#else
2219static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2220{
2221#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002222 struct connection *conn;
2223 struct bind_conf *s;
2224 const uint8_t *extension_data;
2225 size_t extension_len;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002226 int has_rsa_sig = 0, has_ecdsa_sig = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002227
2228 char *wildp = NULL;
2229 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002230 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002231 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002232 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002233 int i;
2234
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002235 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreaua8825522018-10-15 13:20:07 +02002236 s = __objt_listener(conn->target)->bind_conf;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002237
Olivier Houchard9679ac92017-10-27 14:58:08 +02002238 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002239 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002240#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002241 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2242 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002243#else
2244 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2245#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002246 /*
2247 * The server_name extension was given too much extensibility when it
2248 * was written, so parsing the normal case is a bit complex.
2249 */
2250 size_t len;
2251 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002252 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002253 /* Extract the length of the supplied list of names. */
2254 len = (*extension_data++) << 8;
2255 len |= *extension_data++;
2256 if (len + 2 != extension_len)
2257 goto abort;
2258 /*
2259 * The list in practice only has a single element, so we only consider
2260 * the first one.
2261 */
2262 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2263 goto abort;
2264 extension_len = len - 1;
2265 /* Now we can finally pull out the byte array with the actual hostname. */
2266 if (extension_len <= 2)
2267 goto abort;
2268 len = (*extension_data++) << 8;
2269 len |= *extension_data++;
2270 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2271 || memchr(extension_data, 0, len) != NULL)
2272 goto abort;
2273 servername = extension_data;
2274 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002275 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002276#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2277 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002278 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002279 }
2280#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002281 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002282 if (!s->strict_sni) {
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002283 ssl_sock_switchctx_set(ssl, s->default_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002284 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002285 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002286 goto abort;
2287 }
2288
2289 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002290#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002291 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002292#else
2293 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2294#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002295 uint8_t sign;
2296 size_t len;
2297 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002298 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002299 len = (*extension_data++) << 8;
2300 len |= *extension_data++;
2301 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002302 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002303 if (len % 2 != 0)
2304 goto abort;
2305 for (; len > 0; len -= 2) {
2306 extension_data++; /* hash */
2307 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002308 switch (sign) {
2309 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002310 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002311 break;
2312 case TLSEXT_signature_ecdsa:
2313 has_ecdsa_sig = 1;
2314 break;
2315 default:
2316 continue;
2317 }
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002318 if (has_ecdsa_sig && has_rsa_sig)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002319 break;
2320 }
2321 } else {
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002322 /* without TLSEXT_TYPE_signature_algorithms extension (< TLSv1.2) */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002323 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002324 }
2325 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002326 const SSL_CIPHER *cipher;
2327 size_t len;
2328 const uint8_t *cipher_suites;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002329 has_ecdsa_sig = 0;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002330#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002331 len = ctx->cipher_suites_len;
2332 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002333#else
2334 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2335#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002336 if (len % 2 != 0)
2337 goto abort;
2338 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002339#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002340 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002341 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002342#else
2343 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2344#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002345 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002346 has_ecdsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002347 break;
2348 }
2349 }
2350 }
2351
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002352 for (i = 0; i < trash.size && i < servername_len; i++) {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002353 trash.area[i] = tolower(servername[i]);
2354 if (!wildp && (trash.area[i] == '.'))
2355 wildp = &trash.area[i];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002356 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002357 trash.area[i] = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002358
2359 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002360 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002361
2362 /* lookup a not neg filter */
2363 for (n = node; n; n = ebmb_next_dup(n)) {
2364 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002365 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002366 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002367 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002368 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002369 break;
2370 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002371 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002372 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002373 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002374 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002375 if (!node_anonymous)
2376 node_anonymous = n;
2377 break;
2378 }
2379 }
2380 }
2381 if (wildp) {
2382 /* lookup in wildcards names */
2383 node = ebst_lookup(&s->sni_w_ctx, wildp);
2384 for (n = node; n; n = ebmb_next_dup(n)) {
2385 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002386 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002387 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002388 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002389 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002390 break;
2391 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002392 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002393 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002394 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002395 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002396 if (!node_anonymous)
2397 node_anonymous = n;
2398 break;
2399 }
2400 }
2401 }
2402 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002403 /* select by key_signature priority order */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002404 node = (has_ecdsa_sig && node_ecdsa) ? node_ecdsa
2405 : ((has_rsa_sig && node_rsa) ? node_rsa
2406 : (node_anonymous ? node_anonymous
2407 : (node_ecdsa ? node_ecdsa /* no ecdsa signature case (< TLSv1.2) */
2408 : node_rsa /* no rsa signature case (far far away) */
2409 )));
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002410 if (node) {
2411 /* switch ctx */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02002412 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002413 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002414 if (conf) {
2415 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2416 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2417 if (conf->early_data)
2418 allow_early = 1;
2419 }
2420 goto allow_early;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002421 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002422#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002423 if (s->generate_certs && ssl_sock_generate_certificate(trash.area, s, ssl)) {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002424 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002425 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002426 }
2427#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002428 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002429 /* no certificate match, is the default_ctx */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002430 ssl_sock_switchctx_set(ssl, s->default_ctx);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002431 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002432allow_early:
2433#ifdef OPENSSL_IS_BORINGSSL
2434 if (allow_early)
2435 SSL_set_early_data_enabled(ssl, 1);
2436#else
2437 if (!allow_early)
2438 SSL_set_max_early_data(ssl, 0);
2439#endif
2440 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002441 abort:
2442 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2443 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002444#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002445 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002446#else
2447 *al = SSL_AD_UNRECOGNIZED_NAME;
2448 return 0;
2449#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002450}
2451
2452#else /* OPENSSL_IS_BORINGSSL */
2453
Emeric Brunfc0421f2012-09-07 17:30:07 +02002454/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2455 * warning when no match is found, which implies the default (first) cert
2456 * will keep being used.
2457 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002458static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002459{
2460 const char *servername;
2461 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002462 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002463 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002464 int i;
2465 (void)al; /* shut gcc stupid warning */
2466
2467 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002468 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002469#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002470 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2471 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002472#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002473 if (s->strict_sni)
2474 return SSL_TLSEXT_ERR_ALERT_FATAL;
2475 ssl_sock_switchctx_set(ssl, s->default_ctx);
2476 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002477 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002478
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002479 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002480 if (!servername[i])
2481 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002482 trash.area[i] = tolower(servername[i]);
2483 if (!wildp && (trash.area[i] == '.'))
2484 wildp = &trash.area[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002485 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002486 trash.area[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002487
2488 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002489 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002490
2491 /* lookup a not neg filter */
2492 for (n = node; n; n = ebmb_next_dup(n)) {
2493 if (!container_of(n, struct sni_ctx, name)->neg) {
2494 node = n;
2495 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002496 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002497 }
2498 if (!node && wildp) {
2499 /* lookup in wildcards names */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002500 node = ebst_lookup(&s->sni_w_ctx, wildp);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002501 }
2502 if (!node || container_of(node, struct sni_ctx, name)->neg) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002503#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002504 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2505 /* switch ctx done in ssl_sock_generate_certificate */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002506 return SSL_TLSEXT_ERR_OK;
2507 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002508#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002509 if (s->strict_sni)
2510 return SSL_TLSEXT_ERR_ALERT_FATAL;
2511 ssl_sock_switchctx_set(ssl, s->default_ctx);
2512 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002513 }
2514
2515 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002516 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002517 return SSL_TLSEXT_ERR_OK;
2518}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002519#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002520#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2521
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002522#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002523
2524static DH * ssl_get_dh_1024(void)
2525{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002526 static unsigned char dh1024_p[]={
2527 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2528 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2529 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2530 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2531 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2532 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2533 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2534 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2535 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2536 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2537 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2538 };
2539 static unsigned char dh1024_g[]={
2540 0x02,
2541 };
2542
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002543 BIGNUM *p;
2544 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002545 DH *dh = DH_new();
2546 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002547 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2548 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002549
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002550 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002551 DH_free(dh);
2552 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002553 } else {
2554 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002555 }
2556 }
2557 return dh;
2558}
2559
2560static DH *ssl_get_dh_2048(void)
2561{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002562 static unsigned char dh2048_p[]={
2563 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2564 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2565 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2566 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2567 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2568 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2569 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2570 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2571 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2572 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2573 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2574 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2575 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2576 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2577 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2578 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2579 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2580 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2581 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2582 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2583 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2584 0xB7,0x1F,0x77,0xF3,
2585 };
2586 static unsigned char dh2048_g[]={
2587 0x02,
2588 };
2589
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002590 BIGNUM *p;
2591 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002592 DH *dh = DH_new();
2593 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002594 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2595 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002596
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002597 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002598 DH_free(dh);
2599 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002600 } else {
2601 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002602 }
2603 }
2604 return dh;
2605}
2606
2607static DH *ssl_get_dh_4096(void)
2608{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002609 static unsigned char dh4096_p[]={
2610 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2611 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2612 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2613 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2614 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2615 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2616 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2617 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2618 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2619 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2620 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2621 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2622 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2623 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2624 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2625 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2626 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2627 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2628 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2629 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2630 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2631 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2632 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2633 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2634 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2635 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2636 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2637 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2638 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2639 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2640 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2641 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2642 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2643 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2644 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2645 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2646 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2647 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2648 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2649 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2650 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2651 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2652 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002653 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002654 static unsigned char dh4096_g[]={
2655 0x02,
2656 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002657
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002658 BIGNUM *p;
2659 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002660 DH *dh = DH_new();
2661 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002662 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2663 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002664
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002665 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002666 DH_free(dh);
2667 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002668 } else {
2669 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002670 }
2671 }
2672 return dh;
2673}
2674
2675/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002676 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002677static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2678{
2679 DH *dh = NULL;
2680 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002681 int type;
2682
2683 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002684
2685 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2686 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2687 */
2688 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2689 keylen = EVP_PKEY_bits(pkey);
2690 }
2691
Willy Tarreauef934602016-12-22 23:12:01 +01002692 if (keylen > global_ssl.default_dh_param) {
2693 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002694 }
2695
Remi Gacogned3a341a2015-05-29 16:26:17 +02002696 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002697 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002698 }
2699 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002700 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002701 }
2702 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002703 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002704 }
2705
2706 return dh;
2707}
2708
Remi Gacogne47783ef2015-05-29 15:53:22 +02002709static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002710{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002711 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002712 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002713
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002714 if (in == NULL)
2715 goto end;
2716
Remi Gacogne47783ef2015-05-29 15:53:22 +02002717 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002718 goto end;
2719
Remi Gacogne47783ef2015-05-29 15:53:22 +02002720 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2721
2722end:
2723 if (in)
2724 BIO_free(in);
2725
Emeric Brune1b4ed42018-08-16 15:14:12 +02002726 ERR_clear_error();
2727
Remi Gacogne47783ef2015-05-29 15:53:22 +02002728 return dh;
2729}
2730
2731int ssl_sock_load_global_dh_param_from_file(const char *filename)
2732{
2733 global_dh = ssl_sock_get_dh_from_file(filename);
2734
2735 if (global_dh) {
2736 return 0;
2737 }
2738
2739 return -1;
2740}
2741
2742/* Loads Diffie-Hellman parameter from a file. Returns 1 if loaded, else -1
Joseph Herlant017b3da2018-11-15 09:07:59 -08002743 if an error occurred, and 0 if parameter not found. */
Remi Gacogne47783ef2015-05-29 15:53:22 +02002744int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file)
2745{
2746 int ret = -1;
2747 DH *dh = ssl_sock_get_dh_from_file(file);
2748
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002749 if (dh) {
2750 ret = 1;
2751 SSL_CTX_set_tmp_dh(ctx, dh);
Remi Gacogne4f902b82015-05-28 16:23:00 +02002752
2753 if (ssl_dh_ptr_index >= 0) {
2754 /* store a pointer to the DH params to avoid complaining about
2755 ssl-default-dh-param not being set for this SSL_CTX */
2756 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
2757 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002758 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02002759 else if (global_dh) {
2760 SSL_CTX_set_tmp_dh(ctx, global_dh);
2761 ret = 0; /* DH params not found */
2762 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002763 else {
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002764 /* Clear openssl global errors stack */
2765 ERR_clear_error();
2766
Willy Tarreauef934602016-12-22 23:12:01 +01002767 if (global_ssl.default_dh_param <= 1024) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002768 /* we are limited to DH parameter of 1024 bits anyway */
Remi Gacognec7e12632016-07-02 16:26:10 +02002769 if (local_dh_1024 == NULL)
2770 local_dh_1024 = ssl_get_dh_1024();
2771
Remi Gacogne8de54152014-07-15 11:36:40 +02002772 if (local_dh_1024 == NULL)
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002773 goto end;
Willy Tarreau6e774b42014-04-25 21:35:23 +02002774
Remi Gacogne8de54152014-07-15 11:36:40 +02002775 SSL_CTX_set_tmp_dh(ctx, local_dh_1024);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002776 }
2777 else {
2778 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
2779 }
Willy Tarreau6e774b42014-04-25 21:35:23 +02002780
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002781 ret = 0; /* DH params not found */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002782 }
Emeric Brun644cde02012-12-14 11:21:13 +01002783
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002784end:
2785 if (dh)
2786 DH_free(dh);
2787
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002788 return ret;
2789}
2790#endif
2791
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002792static int ssl_sock_add_cert_sni(SSL_CTX *ctx, struct bind_conf *s, struct ssl_bind_conf *conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002793 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002794{
2795 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002796 int wild = 0, neg = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002797 struct ebmb_node *node;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002798
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002799 if (*name == '!') {
2800 neg = 1;
2801 name++;
2802 }
2803 if (*name == '*') {
2804 wild = 1;
2805 name++;
2806 }
2807 /* !* filter is a nop */
2808 if (neg && wild)
2809 return order;
2810 if (*name) {
2811 int j, len;
2812 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002813 for (j = 0; j < len && j < trash.size; j++)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002814 trash.area[j] = tolower(name[j]);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002815 if (j >= trash.size)
2816 return order;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002817 trash.area[j] = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002818
2819 /* Check for duplicates. */
2820 if (wild)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002821 node = ebst_lookup(&s->sni_w_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002822 else
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002823 node = ebst_lookup(&s->sni_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002824 for (; node; node = ebmb_next_dup(node)) {
2825 sc = ebmb_entry(node, struct sni_ctx, name);
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002826 if (sc->ctx == ctx && sc->conf == conf && sc->neg == neg)
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002827 return order;
2828 }
2829
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002830 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002831 if (!sc)
2832 return order;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002833 memcpy(sc->name.key, trash.area, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002834 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002835 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002836 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002837 sc->order = order++;
2838 sc->neg = neg;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01002839 if (kinfo.sig != TLSEXT_signature_anonymous)
2840 SSL_CTX_set_ex_data(ctx, ssl_pkey_info_index, &sc->kinfo);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002841 if (wild)
2842 ebst_insert(&s->sni_w_ctx, &sc->name);
2843 else
2844 ebst_insert(&s->sni_ctx, &sc->name);
2845 }
2846 return order;
2847}
2848
yanbzhu488a4d22015-12-01 15:16:07 -05002849
2850/* The following code is used for loading multiple crt files into
2851 * SSL_CTX's based on CN/SAN
2852 */
Willy Tarreau5db847a2019-05-09 14:13:35 +02002853#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu488a4d22015-12-01 15:16:07 -05002854/* This is used to preload the certifcate, private key
2855 * and Cert Chain of a file passed in via the crt
2856 * argument
2857 *
2858 * This way, we do not have to read the file multiple times
2859 */
2860struct cert_key_and_chain {
2861 X509 *cert;
2862 EVP_PKEY *key;
2863 unsigned int num_chain_certs;
2864 /* This is an array of X509 pointers */
2865 X509 **chain_certs;
2866};
2867
yanbzhu08ce6ab2015-12-02 13:01:29 -05002868#define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
2869
2870struct key_combo_ctx {
2871 SSL_CTX *ctx;
2872 int order;
2873};
2874
2875/* Map used for processing multiple keypairs for a single purpose
2876 *
2877 * This maps CN/SNI name to certificate type
2878 */
2879struct sni_keytype {
2880 int keytypes; /* BITMASK for keytypes */
2881 struct ebmb_node name; /* node holding the servername value */
2882};
2883
2884
yanbzhu488a4d22015-12-01 15:16:07 -05002885/* Frees the contents of a cert_key_and_chain
2886 */
2887static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
2888{
2889 int i;
2890
2891 if (!ckch)
2892 return;
2893
2894 /* Free the certificate and set pointer to NULL */
2895 if (ckch->cert)
2896 X509_free(ckch->cert);
2897 ckch->cert = NULL;
2898
2899 /* Free the key and set pointer to NULL */
2900 if (ckch->key)
2901 EVP_PKEY_free(ckch->key);
2902 ckch->key = NULL;
2903
2904 /* Free each certificate in the chain */
2905 for (i = 0; i < ckch->num_chain_certs; i++) {
2906 if (ckch->chain_certs[i])
2907 X509_free(ckch->chain_certs[i]);
2908 }
2909
2910 /* Free the chain obj itself and set to NULL */
2911 if (ckch->num_chain_certs > 0) {
2912 free(ckch->chain_certs);
2913 ckch->num_chain_certs = 0;
2914 ckch->chain_certs = NULL;
2915 }
2916
2917}
2918
2919/* checks if a key and cert exists in the ckch
2920 */
2921static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
2922{
2923 return (ckch->cert != NULL && ckch->key != NULL);
2924}
2925
2926
2927/* Loads the contents of a crt file (path) into a cert_key_and_chain
2928 * This allows us to carry the contents of the file without having to
2929 * read the file multiple times.
2930 *
2931 * returns:
2932 * 0 on Success
2933 * 1 on SSL Failure
2934 * 2 on file not found
2935 */
2936static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
2937{
2938
2939 BIO *in;
2940 X509 *ca = NULL;
2941 int ret = 1;
2942
2943 ssl_sock_free_cert_key_and_chain_contents(ckch);
2944
2945 in = BIO_new(BIO_s_file());
2946 if (in == NULL)
2947 goto end;
2948
2949 if (BIO_read_filename(in, path) <= 0)
2950 goto end;
2951
yanbzhu488a4d22015-12-01 15:16:07 -05002952 /* Read Private Key */
2953 ckch->key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
2954 if (ckch->key == NULL) {
2955 memprintf(err, "%sunable to load private key from file '%s'.\n",
2956 err && *err ? *err : "", path);
2957 goto end;
2958 }
2959
Willy Tarreaubb137a82016-04-06 19:02:38 +02002960 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02002961 if (BIO_reset(in) == -1) {
2962 memprintf(err, "%san error occurred while reading the file '%s'.\n",
2963 err && *err ? *err : "", path);
2964 goto end;
2965 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02002966
2967 /* Read Certificate */
2968 ckch->cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
2969 if (ckch->cert == NULL) {
2970 memprintf(err, "%sunable to load certificate from file '%s'.\n",
2971 err && *err ? *err : "", path);
2972 goto end;
2973 }
2974
yanbzhu488a4d22015-12-01 15:16:07 -05002975 /* Read Certificate Chain */
2976 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
2977 /* Grow the chain certs */
2978 ckch->num_chain_certs++;
2979 ckch->chain_certs = realloc(ckch->chain_certs, (ckch->num_chain_certs * sizeof(X509 *)));
2980
2981 /* use - 1 here since we just incremented it above */
2982 ckch->chain_certs[ckch->num_chain_certs - 1] = ca;
2983 }
2984 ret = ERR_get_error();
2985 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
2986 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
2987 err && *err ? *err : "", path);
2988 ret = 1;
2989 goto end;
2990 }
2991
2992 ret = 0;
2993
2994end:
2995
2996 ERR_clear_error();
2997 if (in)
2998 BIO_free(in);
2999
3000 /* Something went wrong in one of the reads */
3001 if (ret != 0)
3002 ssl_sock_free_cert_key_and_chain_contents(ckch);
3003
3004 return ret;
3005}
3006
3007/* Loads the info in ckch into ctx
3008 * Currently, this does not process any information about ocsp, dhparams or
3009 * sctl
3010 * Returns
3011 * 0 on success
3012 * 1 on failure
3013 */
3014static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
3015{
3016 int i = 0;
3017
3018 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
3019 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
3020 err && *err ? *err : "", path);
3021 return 1;
3022 }
3023
3024 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
3025 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
3026 err && *err ? *err : "", path);
3027 return 1;
3028 }
3029
yanbzhu488a4d22015-12-01 15:16:07 -05003030 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
3031 for (i = 0; i < ckch->num_chain_certs; i++) {
3032 if (!SSL_CTX_add1_chain_cert(ctx, ckch->chain_certs[i])) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003033 memprintf(err, "%sunable to load chain certificate #%d into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
3034 err && *err ? *err : "", (i+1), path);
yanbzhu488a4d22015-12-01 15:16:07 -05003035 return 1;
3036 }
3037 }
3038
3039 if (SSL_CTX_check_private_key(ctx) <= 0) {
3040 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3041 err && *err ? *err : "", path);
3042 return 1;
3043 }
3044
3045 return 0;
3046}
3047
yanbzhu08ce6ab2015-12-02 13:01:29 -05003048
3049static void ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
3050{
3051 struct sni_keytype *s_kt = NULL;
3052 struct ebmb_node *node;
3053 int i;
3054
3055 for (i = 0; i < trash.size; i++) {
3056 if (!str[i])
3057 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003058 trash.area[i] = tolower(str[i]);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003059 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003060 trash.area[i] = 0;
3061 node = ebst_lookup(sni_keytypes, trash.area);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003062 if (!node) {
3063 /* CN not found in tree */
3064 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
3065 /* Using memcpy here instead of strncpy.
3066 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
3067 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
3068 */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003069 memcpy(s_kt->name.key, trash.area, i+1);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003070 s_kt->keytypes = 0;
3071 ebst_insert(sni_keytypes, &s_kt->name);
3072 } else {
3073 /* CN found in tree */
3074 s_kt = container_of(node, struct sni_keytype, name);
3075 }
3076
3077 /* Mark that this CN has the keytype of key_index via keytypes mask */
3078 s_kt->keytypes |= 1<<key_index;
3079
3080}
3081
3082
3083/* Given a path that does not exist, try to check for path.rsa, path.dsa and path.ecdsa files.
3084 * If any are found, group these files into a set of SSL_CTX*
3085 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
3086 *
Joseph Herlant017b3da2018-11-15 09:07:59 -08003087 * This will allow the user to explicitly group multiple cert/keys for a single purpose
yanbzhu08ce6ab2015-12-02 13:01:29 -05003088 *
3089 * Returns
3090 * 0 on success
3091 * 1 on failure
3092 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003093static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3094 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003095{
3096 char fp[MAXPATHLEN+1] = {0};
3097 int n = 0;
3098 int i = 0;
3099 struct cert_key_and_chain certs_and_keys[SSL_SOCK_NUM_KEYTYPES] = { {0} };
3100 struct eb_root sni_keytypes_map = { {0} };
3101 struct ebmb_node *node;
3102 struct ebmb_node *next;
3103 /* Array of SSL_CTX pointers corresponding to each possible combo
3104 * of keytypes
3105 */
3106 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
3107 int rv = 0;
3108 X509_NAME *xname = NULL;
3109 char *str = NULL;
3110#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3111 STACK_OF(GENERAL_NAME) *names = NULL;
3112#endif
3113
3114 /* Load all possible certs and keys */
3115 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3116 struct stat buf;
3117
3118 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3119 if (stat(fp, &buf) == 0) {
3120 if (ssl_sock_load_crt_file_into_ckch(fp, &certs_and_keys[n], err) == 1) {
3121 rv = 1;
3122 goto end;
3123 }
3124 }
3125 }
3126
3127 /* Process each ckch and update keytypes for each CN/SAN
3128 * for example, if CN/SAN www.a.com is associated with
3129 * certs with keytype 0 and 2, then at the end of the loop,
3130 * www.a.com will have:
3131 * keyindex = 0 | 1 | 4 = 5
3132 */
3133 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3134
3135 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3136 continue;
3137
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003138 if (fcount) {
Willy Tarreau24b892f2016-06-20 23:01:57 +02003139 for (i = 0; i < fcount; i++)
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003140 ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3141 } else {
3142 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3143 * so the line that contains logic is marked via comments
3144 */
3145 xname = X509_get_subject_name(certs_and_keys[n].cert);
3146 i = -1;
3147 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3148 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003149 ASN1_STRING *value;
3150 value = X509_NAME_ENTRY_get_data(entry);
3151 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003152 /* Important line is here */
3153 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003154
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003155 OPENSSL_free(str);
3156 str = NULL;
3157 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003158 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003159
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003160 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003161#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003162 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3163 if (names) {
3164 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3165 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003166
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003167 if (name->type == GEN_DNS) {
3168 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3169 /* Important line is here */
3170 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003171
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003172 OPENSSL_free(str);
3173 str = NULL;
3174 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003175 }
3176 }
3177 }
3178 }
3179#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3180 }
3181
3182 /* If no files found, return error */
3183 if (eb_is_empty(&sni_keytypes_map)) {
3184 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3185 err && *err ? *err : "", path);
3186 rv = 1;
3187 goto end;
3188 }
3189
3190 /* We now have a map of CN/SAN to keytypes that are loaded in
3191 * Iterate through the map to create the SSL_CTX's (if needed)
3192 * and add each CTX to the SNI tree
3193 *
3194 * Some math here:
Joseph Herlant017b3da2018-11-15 09:07:59 -08003195 * There are 2^n - 1 possible combinations, each unique
yanbzhu08ce6ab2015-12-02 13:01:29 -05003196 * combination is denoted by the key in the map. Each key
3197 * has a value between 1 and 2^n - 1. Conveniently, the array
3198 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3199 * entry in the array to correspond to the unique combo (key)
3200 * associated with i. This unique key combo (i) will be associated
3201 * with combos[i-1]
3202 */
3203
3204 node = ebmb_first(&sni_keytypes_map);
3205 while (node) {
3206 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003207 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003208 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003209
3210 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3211 i = container_of(node, struct sni_keytype, name)->keytypes;
3212 cur_ctx = key_combos[i-1].ctx;
3213
3214 if (cur_ctx == NULL) {
3215 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003216 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003217 if (cur_ctx == NULL) {
3218 memprintf(err, "%sunable to allocate SSL context.\n",
3219 err && *err ? *err : "");
3220 rv = 1;
3221 goto end;
3222 }
3223
yanbzhube2774d2015-12-10 15:07:30 -05003224 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003225 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3226 if (i & (1<<n)) {
3227 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003228 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3229 if (ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err) != 0) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003230 SSL_CTX_free(cur_ctx);
3231 rv = 1;
3232 goto end;
3233 }
yanbzhube2774d2015-12-10 15:07:30 -05003234
3235#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
3236 /* Load OCSP Info into context */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003237 if (ssl_sock_load_ocsp(cur_ctx, cur_file) < 0) {
yanbzhube2774d2015-12-10 15:07:30 -05003238 if (err)
3239 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
Bertrand Jacquin5424ee02016-11-13 16:37:14 +00003240 *err ? *err : "", cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003241 SSL_CTX_free(cur_ctx);
3242 rv = 1;
3243 goto end;
3244 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003245#elif (defined OPENSSL_IS_BORINGSSL)
3246 ssl_sock_set_ocsp_response_from_file(cur_ctx, cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003247#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05003248 }
3249 }
3250
3251 /* Load DH params into the ctx to support DHE keys */
3252#ifndef OPENSSL_NO_DH
3253 if (ssl_dh_ptr_index >= 0)
3254 SSL_CTX_set_ex_data(cur_ctx, ssl_dh_ptr_index, NULL);
3255
3256 rv = ssl_sock_load_dh_params(cur_ctx, NULL);
3257 if (rv < 0) {
3258 if (err)
3259 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3260 *err ? *err : "", path);
3261 rv = 1;
3262 goto end;
3263 }
3264#endif
3265
3266 /* Update key_combos */
3267 key_combos[i-1].ctx = cur_ctx;
3268 }
3269
3270 /* Update SNI Tree */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003271 key_combos[i-1].order = ssl_sock_add_cert_sni(cur_ctx, bind_conf, ssl_conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003272 kinfo, str, key_combos[i-1].order);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003273 node = ebmb_next(node);
3274 }
3275
3276
3277 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3278 if (!bind_conf->default_ctx) {
3279 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3280 if (key_combos[i].ctx) {
3281 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003282 bind_conf->default_ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003283 break;
3284 }
3285 }
3286 }
3287
3288end:
3289
3290 if (names)
3291 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
3292
3293 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
3294 ssl_sock_free_cert_key_and_chain_contents(&certs_and_keys[n]);
3295
3296 node = ebmb_first(&sni_keytypes_map);
3297 while (node) {
3298 next = ebmb_next(node);
3299 ebmb_delete(node);
3300 node = next;
3301 }
3302
3303 return rv;
3304}
3305#else
3306/* This is a dummy, that just logs an error and returns error */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003307static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3308 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003309{
3310 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3311 err && *err ? *err : "", path, strerror(errno));
3312 return 1;
3313}
3314
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003315#endif /* #if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
yanbzhu488a4d22015-12-01 15:16:07 -05003316
Emeric Brunfc0421f2012-09-07 17:30:07 +02003317/* Loads a certificate key and CA chain from a file. Returns 0 on error, -1 if
3318 * an early error happens and the caller must call SSL_CTX_free() by itelf.
3319 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003320static int ssl_sock_load_cert_chain_file(SSL_CTX *ctx, const char *file, struct bind_conf *s,
3321 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003322{
3323 BIO *in;
3324 X509 *x = NULL, *ca;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003325 int i, err;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003326 int ret = -1;
3327 int order = 0;
3328 X509_NAME *xname;
3329 char *str;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003330 pem_password_cb *passwd_cb;
3331 void *passwd_cb_userdata;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003332 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003333 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003334
Emeric Brunfc0421f2012-09-07 17:30:07 +02003335#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3336 STACK_OF(GENERAL_NAME) *names;
3337#endif
3338
3339 in = BIO_new(BIO_s_file());
3340 if (in == NULL)
3341 goto end;
3342
3343 if (BIO_read_filename(in, file) <= 0)
3344 goto end;
3345
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003346
3347 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
3348 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
3349
3350 x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003351 if (x == NULL)
3352 goto end;
3353
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003354 pkey = X509_get_pubkey(x);
3355 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003356 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003357 switch(EVP_PKEY_base_id(pkey)) {
3358 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003359 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003360 break;
3361 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003362 kinfo.sig = TLSEXT_signature_ecdsa;
3363 break;
3364 case EVP_PKEY_DSA:
3365 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003366 break;
3367 }
3368 EVP_PKEY_free(pkey);
3369 }
3370
Emeric Brun50bcecc2013-04-22 13:05:23 +02003371 if (fcount) {
3372 while (fcount--)
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003373 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, sni_filter[fcount], order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003374 }
3375 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003376#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003377 names = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
3378 if (names) {
3379 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3380 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
3381 if (name->type == GEN_DNS) {
3382 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003383 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003384 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003385 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003386 }
3387 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003388 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003389 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003390#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003391 xname = X509_get_subject_name(x);
3392 i = -1;
3393 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3394 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003395 ASN1_STRING *value;
3396
3397 value = X509_NAME_ENTRY_get_data(entry);
3398 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003399 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003400 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003401 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003402 }
3403 }
3404
3405 ret = 0; /* the caller must not free the SSL_CTX argument anymore */
3406 if (!SSL_CTX_use_certificate(ctx, x))
3407 goto end;
3408
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003409#ifdef SSL_CTX_clear_extra_chain_certs
3410 SSL_CTX_clear_extra_chain_certs(ctx);
3411#else
Emeric Brunfc0421f2012-09-07 17:30:07 +02003412 if (ctx->extra_certs != NULL) {
3413 sk_X509_pop_free(ctx->extra_certs, X509_free);
3414 ctx->extra_certs = NULL;
3415 }
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003416#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003417
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003418 while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_cb_userdata))) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003419 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3420 X509_free(ca);
3421 goto end;
3422 }
3423 }
3424
3425 err = ERR_get_error();
3426 if (!err || (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
3427 /* we successfully reached the last cert in the file */
3428 ret = 1;
3429 }
3430 ERR_clear_error();
3431
3432end:
3433 if (x)
3434 X509_free(x);
3435
3436 if (in)
3437 BIO_free(in);
3438
3439 return ret;
3440}
3441
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003442static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3443 char **sni_filter, int fcount, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003444{
3445 int ret;
3446 SSL_CTX *ctx;
3447
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003448 ctx = SSL_CTX_new(SSLv23_server_method());
Emeric Brunfc0421f2012-09-07 17:30:07 +02003449 if (!ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003450 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3451 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003452 return 1;
3453 }
3454
3455 if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003456 memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n",
3457 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003458 SSL_CTX_free(ctx);
3459 return 1;
3460 }
3461
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003462 ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, ssl_conf, sni_filter, fcount);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003463 if (ret <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003464 memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n",
3465 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003466 if (ret < 0) /* serious error, must do that ourselves */
3467 SSL_CTX_free(ctx);
3468 return 1;
3469 }
Emeric Brun61694ab2012-10-26 13:35:33 +02003470
3471 if (SSL_CTX_check_private_key(ctx) <= 0) {
3472 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3473 err && *err ? *err : "", path);
3474 return 1;
3475 }
3476
Emeric Brunfc0421f2012-09-07 17:30:07 +02003477 /* we must not free the SSL_CTX anymore below, since it's already in
3478 * the tree, so it will be discovered and cleaned in time.
3479 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003480#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +02003481 /* store a NULL pointer to indicate we have not yet loaded
3482 a custom DH param file */
3483 if (ssl_dh_ptr_index >= 0) {
3484 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3485 }
3486
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003487 ret = ssl_sock_load_dh_params(ctx, path);
3488 if (ret < 0) {
3489 if (err)
3490 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3491 *err ? *err : "", path);
3492 return 1;
3493 }
3494#endif
3495
Lukas Tribuse4e30f72014-12-09 16:32:51 +01003496#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +02003497 ret = ssl_sock_load_ocsp(ctx, path);
3498 if (ret < 0) {
3499 if (err)
3500 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3501 *err ? *err : "", path);
3502 return 1;
3503 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003504#elif (defined OPENSSL_IS_BORINGSSL)
3505 ssl_sock_set_ocsp_response_from_file(ctx, path);
Emeric Brun4147b2e2014-06-16 18:36:30 +02003506#endif
3507
Willy Tarreau5db847a2019-05-09 14:13:35 +02003508#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01003509 if (sctl_ex_index >= 0) {
3510 ret = ssl_sock_load_sctl(ctx, path);
3511 if (ret < 0) {
3512 if (err)
3513 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3514 *err ? *err : "", path);
3515 return 1;
3516 }
3517 }
3518#endif
3519
Emeric Brunfc0421f2012-09-07 17:30:07 +02003520#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003521 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003522 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
3523 err && *err ? *err : "");
Emeric Brunfc0421f2012-09-07 17:30:07 +02003524 return 1;
3525 }
3526#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003527 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003528 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003529 bind_conf->default_ssl_conf = ssl_conf;
3530 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003531
3532 return 0;
3533}
3534
Willy Tarreau03209342016-12-22 17:08:28 +01003535int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003536{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003537 struct dirent **de_list;
3538 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003539 DIR *dir;
3540 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01003541 char *end;
3542 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02003543 int cfgerr = 0;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003544#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05003545 int is_bundle;
3546 int j;
3547#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003548
yanbzhu08ce6ab2015-12-02 13:01:29 -05003549 if (stat(path, &buf) == 0) {
3550 dir = opendir(path);
3551 if (!dir)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003552 return ssl_sock_load_cert_file(path, bind_conf, NULL, NULL, 0, err);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003553
yanbzhu08ce6ab2015-12-02 13:01:29 -05003554 /* strip trailing slashes, including first one */
3555 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
3556 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003557
yanbzhu08ce6ab2015-12-02 13:01:29 -05003558 n = scandir(path, &de_list, 0, alphasort);
3559 if (n < 0) {
3560 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
3561 err && *err ? *err : "", path, strerror(errno));
3562 cfgerr++;
3563 }
3564 else {
3565 for (i = 0; i < n; i++) {
3566 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02003567
yanbzhu08ce6ab2015-12-02 13:01:29 -05003568 end = strrchr(de->d_name, '.');
3569 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
3570 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003571
yanbzhu08ce6ab2015-12-02 13:01:29 -05003572 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
3573 if (stat(fp, &buf) != 0) {
3574 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3575 err && *err ? *err : "", fp, strerror(errno));
3576 cfgerr++;
3577 goto ignore_entry;
3578 }
3579 if (!S_ISREG(buf.st_mode))
3580 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05003581
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003582#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05003583 is_bundle = 0;
3584 /* Check if current entry in directory is part of a multi-cert bundle */
3585
3586 if (end) {
3587 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
3588 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
3589 is_bundle = 1;
3590 break;
3591 }
3592 }
3593
3594 if (is_bundle) {
3595 char dp[MAXPATHLEN+1] = {0}; /* this will be the filename w/o the keytype */
3596 int dp_len;
3597
3598 dp_len = end - de->d_name;
3599 snprintf(dp, dp_len + 1, "%s", de->d_name);
3600
3601 /* increment i and free de until we get to a non-bundle cert
3602 * Note here that we look at de_list[i + 1] before freeing de
3603 * this is important since ignore_entry will free de
3604 */
3605 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, dp, dp_len)) {
3606 free(de);
3607 i++;
3608 de = de_list[i];
3609 }
3610
3611 snprintf(fp, sizeof(fp), "%s/%s", path, dp);
Emeric Bruneb155b62018-08-16 15:11:12 +02003612 cfgerr += ssl_sock_load_multi_cert(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05003613
3614 /* Successfully processed the bundle */
3615 goto ignore_entry;
3616 }
3617 }
3618
3619#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003620 cfgerr += ssl_sock_load_cert_file(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003621ignore_entry:
3622 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003623 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003624 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003625 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003626 closedir(dir);
3627 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003628 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003629
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003630 cfgerr = ssl_sock_load_multi_cert(path, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003631
Emeric Brunfc0421f2012-09-07 17:30:07 +02003632 return cfgerr;
3633}
3634
Thierry Fournier383085f2013-01-24 14:15:43 +01003635/* Make sure openssl opens /dev/urandom before the chroot. The work is only
3636 * done once. Zero is returned if the operation fails. No error is returned
3637 * if the random is said as not implemented, because we expect that openssl
3638 * will use another method once needed.
3639 */
3640static int ssl_initialize_random()
3641{
3642 unsigned char random;
3643 static int random_initialized = 0;
3644
3645 if (!random_initialized && RAND_bytes(&random, 1) != 0)
3646 random_initialized = 1;
3647
3648 return random_initialized;
3649}
3650
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003651/* release ssl bind conf */
3652void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003653{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003654 if (conf) {
Bernard Spil13c53f82018-02-15 13:34:58 +01003655#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003656 free(conf->npn_str);
3657 conf->npn_str = NULL;
3658#endif
3659#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
3660 free(conf->alpn_str);
3661 conf->alpn_str = NULL;
3662#endif
3663 free(conf->ca_file);
3664 conf->ca_file = NULL;
3665 free(conf->crl_file);
3666 conf->crl_file = NULL;
3667 free(conf->ciphers);
3668 conf->ciphers = NULL;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02003669#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02003670 free(conf->ciphersuites);
3671 conf->ciphersuites = NULL;
3672#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01003673 free(conf->curves);
3674 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003675 free(conf->ecdhe);
3676 conf->ecdhe = NULL;
3677 }
3678}
3679
3680int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
3681{
3682 char thisline[CRT_LINESIZE];
3683 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003684 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05003685 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003686 int linenum = 0;
3687 int cfgerr = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003688
Willy Tarreauad1731d2013-04-02 17:35:58 +02003689 if ((f = fopen(file, "r")) == NULL) {
3690 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003691 return 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003692 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003693
3694 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003695 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003696 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003697 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003698 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003699 char *crt_path;
3700 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003701
3702 linenum++;
3703 end = line + strlen(line);
3704 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
3705 /* Check if we reached the limit and the last char is not \n.
3706 * Watch out for the last line without the terminating '\n'!
3707 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02003708 memprintf(err, "line %d too long in file '%s', limit is %d characters",
3709 linenum, file, (int)sizeof(thisline)-1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003710 cfgerr = 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003711 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003712 }
3713
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003714 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02003715 newarg = 1;
3716 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003717 if (*line == '#' || *line == '\n' || *line == '\r') {
3718 /* end of string, end of loop */
3719 *line = 0;
3720 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003721 } else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02003722 newarg = 1;
3723 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003724 } else if (*line == '[') {
3725 if (ssl_b) {
3726 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
3727 cfgerr = 1;
3728 break;
3729 }
3730 if (!arg) {
3731 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
3732 cfgerr = 1;
3733 break;
3734 }
3735 ssl_b = arg;
3736 newarg = 1;
3737 *line = 0;
3738 } else if (*line == ']') {
3739 if (ssl_e) {
3740 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Emeric Brun50bcecc2013-04-22 13:05:23 +02003741 cfgerr = 1;
3742 break;
3743 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003744 if (!ssl_b) {
3745 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
3746 cfgerr = 1;
3747 break;
3748 }
3749 ssl_e = arg;
3750 newarg = 1;
3751 *line = 0;
3752 } else if (newarg) {
3753 if (arg == MAX_CRT_ARGS) {
3754 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
3755 cfgerr = 1;
3756 break;
3757 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003758 newarg = 0;
3759 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003760 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003761 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003762 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003763 if (cfgerr)
3764 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003765 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003766
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003767 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003768 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003769 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003770
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003771 crt_path = args[0];
3772 if (*crt_path != '/' && global_ssl.crt_base) {
3773 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
3774 memprintf(err, "'%s' : path too long on line %d in file '%s'",
3775 crt_path, linenum, file);
3776 cfgerr = 1;
3777 break;
3778 }
3779 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
3780 crt_path = path;
3781 }
3782
3783 ssl_conf = calloc(1, sizeof *ssl_conf);
3784 cur_arg = ssl_b ? ssl_b : 1;
3785 while (cur_arg < ssl_e) {
3786 newarg = 0;
3787 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
3788 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
3789 newarg = 1;
3790 cfgerr = ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
3791 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
3792 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
3793 args[cur_arg], linenum, file);
3794 cfgerr = 1;
3795 }
3796 cur_arg += 1 + ssl_bind_kws[i].skip;
3797 break;
3798 }
3799 }
3800 if (!cfgerr && !newarg) {
3801 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
3802 args[cur_arg], linenum, file);
3803 cfgerr = 1;
3804 break;
3805 }
3806 }
3807 if (cfgerr) {
3808 ssl_sock_free_ssl_conf(ssl_conf);
3809 free(ssl_conf);
3810 ssl_conf = NULL;
3811 break;
3812 }
3813
3814 if (stat(crt_path, &buf) == 0) {
3815 cfgerr = ssl_sock_load_cert_file(crt_path, bind_conf, ssl_conf,
3816 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003817 } else {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003818 cfgerr = ssl_sock_load_multi_cert(crt_path, bind_conf, ssl_conf,
3819 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003820 }
3821
Willy Tarreauad1731d2013-04-02 17:35:58 +02003822 if (cfgerr) {
3823 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003824 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003825 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003826 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003827 fclose(f);
3828 return cfgerr;
3829}
3830
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003831/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003832static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003833ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003834{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003835 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003836 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003837 SSL_OP_ALL | /* all known workarounds for bugs */
3838 SSL_OP_NO_SSLv2 |
3839 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003840 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02003841 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003842 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02003843 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003844 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003845 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003846 SSL_MODE_ENABLE_PARTIAL_WRITE |
3847 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01003848 SSL_MODE_RELEASE_BUFFERS |
3849 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02003850 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003851 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003852 int flags = MC_SSL_O_ALL;
3853 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003854
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003855 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003856 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003857
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003858 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01003859 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
3860 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3861 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003862 else
3863 flags = conf_ssl_methods->flags;
3864
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003865 min = conf_ssl_methods->min;
3866 max = conf_ssl_methods->max;
3867 /* start with TLSv10 to remove SSLv3 per default */
3868 if (!min && (!max || max >= CONF_TLSV10))
3869 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003870 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003871 if (min)
3872 flags |= (methodVersions[min].flag - 1);
3873 if (max)
3874 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003875 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003876 min = max = CONF_TLSV_NONE;
3877 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003878 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003879 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003880 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003881 if (min) {
3882 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003883 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
3884 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3885 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
3886 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003887 hole = 0;
3888 }
3889 max = i;
3890 }
3891 else {
3892 min = max = i;
3893 }
3894 }
3895 else {
3896 if (min)
3897 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003898 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003899 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003900 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
3901 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003902 cfgerr += 1;
3903 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02003904 /* save real min/max in bind_conf */
3905 conf_ssl_methods->min = min;
3906 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003907
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003908#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003909 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08003910 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003911 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003912 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003913 else
3914 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
3915 if (flags & methodVersions[i].flag)
3916 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003917#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003918 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003919 methodVersions[min].ctx_set_version(ctx, SET_MIN);
3920 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02003921#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003922
3923 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
3924 options |= SSL_OP_NO_TICKET;
3925 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
3926 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
Dirkjan Bussink526894f2019-01-21 09:35:03 -08003927
3928#ifdef SSL_OP_NO_RENEGOTIATION
3929 options |= SSL_OP_NO_RENEGOTIATION;
3930#endif
3931
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003932 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003933
Willy Tarreau5db847a2019-05-09 14:13:35 +02003934#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003935 if (global_ssl.async)
3936 mode |= SSL_MODE_ASYNC;
3937#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003938 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003939 if (global_ssl.life_time)
3940 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003941
3942#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3943#ifdef OPENSSL_IS_BORINGSSL
3944 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
3945 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Willy Tarreau5db847a2019-05-09 14:13:35 +02003946#elif (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard51088ce2019-01-02 18:46:41 +01003947 if (bind_conf->ssl_conf.early_data) {
3948 SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
3949 SSL_CTX_set_max_early_data(ctx, global.tune.bufsize - global.tune.maxrewrite);
3950 }
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02003951 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
3952 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003953#else
3954 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003955#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02003956 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003957#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003958 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003959}
3960
William Lallemand4f45bb92017-10-30 20:08:51 +01003961
3962static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
3963{
3964 if (first == block) {
3965 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
3966 if (first->len > 0)
3967 sh_ssl_sess_tree_delete(sh_ssl_sess);
3968 }
3969}
3970
3971/* return first block from sh_ssl_sess */
3972static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
3973{
3974 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
3975
3976}
3977
3978/* store a session into the cache
3979 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
3980 * data: asn1 encoded session
3981 * data_len: asn1 encoded session length
3982 * Returns 1 id session was stored (else 0)
3983 */
3984static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
3985{
3986 struct shared_block *first;
3987 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
3988
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02003989 first = shctx_row_reserve_hot(ssl_shctx, NULL, data_len + sizeof(struct sh_ssl_sess_hdr));
William Lallemand4f45bb92017-10-30 20:08:51 +01003990 if (!first) {
3991 /* Could not retrieve enough free blocks to store that session */
3992 return 0;
3993 }
3994
3995 /* STORE the key in the first elem */
3996 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
3997 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
3998 first->len = sizeof(struct sh_ssl_sess_hdr);
3999
4000 /* it returns the already existing node
4001 or current node if none, never returns null */
4002 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
4003 if (oldsh_ssl_sess != sh_ssl_sess) {
4004 /* NOTE: Row couldn't be in use because we lock read & write function */
4005 /* release the reserved row */
4006 shctx_row_dec_hot(ssl_shctx, first);
4007 /* replace the previous session already in the tree */
4008 sh_ssl_sess = oldsh_ssl_sess;
4009 /* ignore the previous session data, only use the header */
4010 first = sh_ssl_sess_first_block(sh_ssl_sess);
4011 shctx_row_inc_hot(ssl_shctx, first);
4012 first->len = sizeof(struct sh_ssl_sess_hdr);
4013 }
4014
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004015 if (shctx_row_data_append(ssl_shctx, first, NULL, data, data_len) < 0) {
William Lallemand99b90af2018-01-03 19:15:51 +01004016 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004017 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01004018 }
4019
4020 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004021
4022 return 1;
4023}
William Lallemanded0b5ad2017-10-30 19:36:36 +01004024
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004025/* SSL callback used when a new session is created while connecting to a server */
4026static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
4027{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004028 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004029 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004030
Willy Tarreau07d94e42018-09-20 10:57:52 +02004031 s = __objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004032
Olivier Houcharde6060c52017-11-16 17:42:52 +01004033 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
4034 int len;
4035 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004036
Olivier Houcharde6060c52017-11-16 17:42:52 +01004037 len = i2d_SSL_SESSION(sess, NULL);
4038 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
4039 ptr = s->ssl_ctx.reused_sess[tid].ptr;
4040 } else {
4041 free(s->ssl_ctx.reused_sess[tid].ptr);
4042 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
4043 s->ssl_ctx.reused_sess[tid].allocated_size = len;
4044 }
4045 if (s->ssl_ctx.reused_sess[tid].ptr) {
4046 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
4047 &ptr);
4048 }
4049 } else {
4050 free(s->ssl_ctx.reused_sess[tid].ptr);
4051 s->ssl_ctx.reused_sess[tid].ptr = NULL;
4052 }
4053
4054 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004055}
4056
Olivier Houcharde6060c52017-11-16 17:42:52 +01004057
William Lallemanded0b5ad2017-10-30 19:36:36 +01004058/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01004059int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004060{
4061 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
4062 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
4063 unsigned char *p;
4064 int data_len;
4065 unsigned int sid_length, sid_ctx_length;
4066 const unsigned char *sid_data;
4067 const unsigned char *sid_ctx_data;
4068
4069 /* Session id is already stored in to key and session id is known
4070 * so we dont store it to keep size.
4071 */
4072
4073 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4074 sid_ctx_data = SSL_SESSION_get0_id_context(sess, &sid_ctx_length);
4075 SSL_SESSION_set1_id(sess, sid_data, 0);
4076 SSL_SESSION_set1_id_context(sess, sid_ctx_data, 0);
4077
4078 /* check if buffer is large enough for the ASN1 encoded session */
4079 data_len = i2d_SSL_SESSION(sess, NULL);
4080 if (data_len > SHSESS_MAX_DATA_LEN)
4081 goto err;
4082
4083 p = encsess;
4084
4085 /* process ASN1 session encoding before the lock */
4086 i2d_SSL_SESSION(sess, &p);
4087
4088 memcpy(encid, sid_data, sid_length);
4089 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
4090 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
4091
William Lallemanda3c77cf2017-10-30 23:44:40 +01004092 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004093 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004094 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01004095 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004096err:
4097 /* reset original length values */
4098 SSL_SESSION_set1_id(sess, sid_data, sid_length);
4099 SSL_SESSION_set1_id_context(sess, sid_ctx_data, sid_ctx_length);
4100
4101 return 0; /* do not increment session reference count */
4102}
4103
4104/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004105SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004106{
William Lallemand4f45bb92017-10-30 20:08:51 +01004107 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004108 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
4109 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01004110 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01004111 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004112
4113 global.shctx_lookups++;
4114
4115 /* allow the session to be freed automatically by openssl */
4116 *do_copy = 0;
4117
4118 /* tree key is zeros padded sessionid */
4119 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4120 memcpy(tmpkey, key, key_len);
4121 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
4122 key = tmpkey;
4123 }
4124
4125 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004126 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004127
4128 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004129 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
4130 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004131 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004132 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004133 global.shctx_misses++;
4134 return NULL;
4135 }
4136
William Lallemand4f45bb92017-10-30 20:08:51 +01004137 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
4138 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004139
William Lallemand4f45bb92017-10-30 20:08:51 +01004140 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004141
William Lallemanda3c77cf2017-10-30 23:44:40 +01004142 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004143
4144 /* decode ASN1 session */
4145 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004146 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004147 /* Reset session id and session id contenxt */
4148 if (sess) {
4149 SSL_SESSION_set1_id(sess, key, key_len);
4150 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4151 }
4152
4153 return sess;
4154}
4155
William Lallemand4f45bb92017-10-30 20:08:51 +01004156
William Lallemanded0b5ad2017-10-30 19:36:36 +01004157/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004158void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004159{
William Lallemand4f45bb92017-10-30 20:08:51 +01004160 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004161 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4162 unsigned int sid_length;
4163 const unsigned char *sid_data;
4164 (void)ctx;
4165
4166 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4167 /* tree key is zeros padded sessionid */
4168 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4169 memcpy(tmpkey, sid_data, sid_length);
4170 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4171 sid_data = tmpkey;
4172 }
4173
William Lallemanda3c77cf2017-10-30 23:44:40 +01004174 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004175
4176 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004177 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4178 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004179 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004180 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004181 }
4182
4183 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004184 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004185}
4186
4187/* Set session cache mode to server and disable openssl internal cache.
4188 * Set shared cache callbacks on an ssl context.
4189 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004190void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004191{
4192 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4193
4194 if (!ssl_shctx) {
4195 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4196 return;
4197 }
4198
4199 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4200 SSL_SESS_CACHE_NO_INTERNAL |
4201 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4202
4203 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004204 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4205 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4206 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004207}
4208
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004209int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx)
4210{
4211 struct proxy *curproxy = bind_conf->frontend;
4212 int cfgerr = 0;
4213 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004214 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004215 const char *conf_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004216#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004217 const char *conf_ciphersuites;
4218#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004219 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004220
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004221 if (ssl_conf) {
4222 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4223 int i, min, max;
4224 int flags = MC_SSL_O_ALL;
4225
4226 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004227 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4228 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004229 if (min)
4230 flags |= (methodVersions[min].flag - 1);
4231 if (max)
4232 flags |= ~((methodVersions[max].flag << 1) - 1);
4233 min = max = CONF_TLSV_NONE;
4234 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4235 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4236 if (min)
4237 max = i;
4238 else
4239 min = max = i;
4240 }
4241 /* save real min/max */
4242 conf_ssl_methods->min = min;
4243 conf_ssl_methods->max = max;
4244 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004245 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4246 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004247 cfgerr += 1;
4248 }
4249 }
4250
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004251 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01004252 case SSL_SOCK_VERIFY_NONE:
4253 verify = SSL_VERIFY_NONE;
4254 break;
4255 case SSL_SOCK_VERIFY_OPTIONAL:
4256 verify = SSL_VERIFY_PEER;
4257 break;
4258 case SSL_SOCK_VERIFY_REQUIRED:
4259 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
4260 break;
4261 }
4262 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
4263 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004264 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
4265 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
4266 if (ca_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004267 /* load CAfile to verify */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004268 if (!SSL_CTX_load_verify_locations(ctx, ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004269 ha_alert("Proxy '%s': unable to load CA file '%s' for bind '%s' at [%s:%d].\n",
4270 curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004271 cfgerr++;
4272 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02004273 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
4274 /* set CA names for client cert request, function returns void */
4275 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(ca_file));
4276 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004277 }
Emeric Brun850efd52014-01-29 12:24:34 +01004278 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004279 ha_alert("Proxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
4280 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun850efd52014-01-29 12:24:34 +01004281 cfgerr++;
4282 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004283#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004284 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004285 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
4286
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004287 if (!store || !X509_STORE_load_locations(store, crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004288 ha_alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
4289 curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004290 cfgerr++;
4291 }
Emeric Brun561e5742012-10-02 15:20:55 +02004292 else {
4293 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4294 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004295 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004296#endif
Emeric Brun644cde02012-12-14 11:21:13 +01004297 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02004298 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004299#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02004300 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004301 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004302 ha_alert("Proxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
4303 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004304 cfgerr++;
4305 }
4306 }
4307#endif
4308
William Lallemand4f45bb92017-10-30 20:08:51 +01004309 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004310 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
4311 if (conf_ciphers &&
4312 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004313 ha_alert("Proxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
4314 curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004315 cfgerr++;
4316 }
4317
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004318#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004319 conf_ciphersuites = (ssl_conf && ssl_conf->ciphersuites) ? ssl_conf->ciphersuites : bind_conf->ssl_conf.ciphersuites;
4320 if (conf_ciphersuites &&
4321 !SSL_CTX_set_ciphersuites(ctx, conf_ciphersuites)) {
4322 ha_alert("Proxy '%s': unable to set TLS 1.3 cipher suites to '%s' for bind '%s' at [%s:%d].\n",
4323 curproxy->id, conf_ciphersuites, bind_conf->arg, bind_conf->file, bind_conf->line);
4324 cfgerr++;
4325 }
4326#endif
4327
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004328#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02004329 /* If tune.ssl.default-dh-param has not been set,
4330 neither has ssl-default-dh-file and no static DH
4331 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01004332 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02004333 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02004334 (ssl_dh_ptr_index == -1 ||
4335 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004336 STACK_OF(SSL_CIPHER) * ciphers = NULL;
4337 const SSL_CIPHER * cipher = NULL;
4338 char cipher_description[128];
4339 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
4340 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
4341 which is not ephemeral DH. */
4342 const char dhe_description[] = " Kx=DH ";
4343 const char dhe_export_description[] = " Kx=DH(";
4344 int idx = 0;
4345 int dhe_found = 0;
4346 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004347
Remi Gacogne23d5d372014-10-10 17:04:26 +02004348 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004349
Remi Gacogne23d5d372014-10-10 17:04:26 +02004350 if (ssl) {
4351 ciphers = SSL_get_ciphers(ssl);
4352
4353 if (ciphers) {
4354 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
4355 cipher = sk_SSL_CIPHER_value(ciphers, idx);
4356 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
4357 if (strstr(cipher_description, dhe_description) != NULL ||
4358 strstr(cipher_description, dhe_export_description) != NULL) {
4359 dhe_found = 1;
4360 break;
4361 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02004362 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004363 }
4364 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02004365 SSL_free(ssl);
4366 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004367 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004368
Lukas Tribus90132722014-08-18 00:56:33 +02004369 if (dhe_found) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004370 ha_warning("Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n");
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004371 }
4372
Willy Tarreauef934602016-12-22 23:12:01 +01004373 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004374 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004375
Willy Tarreauef934602016-12-22 23:12:01 +01004376 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004377 if (local_dh_1024 == NULL) {
4378 local_dh_1024 = ssl_get_dh_1024();
4379 }
Willy Tarreauef934602016-12-22 23:12:01 +01004380 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004381 if (local_dh_2048 == NULL) {
4382 local_dh_2048 = ssl_get_dh_2048();
4383 }
Willy Tarreauef934602016-12-22 23:12:01 +01004384 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004385 if (local_dh_4096 == NULL) {
4386 local_dh_4096 = ssl_get_dh_4096();
4387 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004388 }
4389 }
4390 }
4391#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004392
Emeric Brunfc0421f2012-09-07 17:30:07 +02004393 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004394#if HA_OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02004395 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004396#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02004397
Bernard Spil13c53f82018-02-15 13:34:58 +01004398#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004399 ssl_conf_cur = NULL;
4400 if (ssl_conf && ssl_conf->npn_str)
4401 ssl_conf_cur = ssl_conf;
4402 else if (bind_conf->ssl_conf.npn_str)
4403 ssl_conf_cur = &bind_conf->ssl_conf;
4404 if (ssl_conf_cur)
4405 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004406#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004407#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004408 ssl_conf_cur = NULL;
4409 if (ssl_conf && ssl_conf->alpn_str)
4410 ssl_conf_cur = ssl_conf;
4411 else if (bind_conf->ssl_conf.alpn_str)
4412 ssl_conf_cur = &bind_conf->ssl_conf;
4413 if (ssl_conf_cur)
4414 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02004415#endif
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004416#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004417 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
4418 if (conf_curves) {
4419 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004420 ha_alert("Proxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
4421 curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004422 cfgerr++;
4423 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01004424#if defined(SSL_CTX_set_ecdh_auto)
4425 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
4426#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004427 }
4428#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004429#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004430 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02004431 int i;
4432 EC_KEY *ecdh;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004433#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004434 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02004435 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4436 NULL);
4437
4438 if (ecdhe == NULL) {
4439 SSL_CTX_set_dh_auto(ctx, 1);
4440 return cfgerr;
4441 }
4442#else
4443 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
4444 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4445 ECDHE_DEFAULT_CURVE);
4446#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004447
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004448 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02004449 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004450 ha_alert("Proxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
4451 curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun2b58d042012-09-20 17:10:03 +02004452 cfgerr++;
4453 }
4454 else {
4455 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
4456 EC_KEY_free(ecdh);
4457 }
4458 }
4459#endif
4460
Emeric Brunfc0421f2012-09-07 17:30:07 +02004461 return cfgerr;
4462}
4463
Evan Broderbe554312013-06-27 00:05:25 -07004464static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
4465{
4466 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
4467 size_t prefixlen, suffixlen;
4468
4469 /* Trivial case */
4470 if (strcmp(pattern, hostname) == 0)
4471 return 1;
4472
Evan Broderbe554312013-06-27 00:05:25 -07004473 /* The rest of this logic is based on RFC 6125, section 6.4.3
4474 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
4475
Emeric Bruna848dae2013-10-08 11:27:28 +02004476 pattern_wildcard = NULL;
4477 pattern_left_label_end = pattern;
4478 while (*pattern_left_label_end != '.') {
4479 switch (*pattern_left_label_end) {
4480 case 0:
4481 /* End of label not found */
4482 return 0;
4483 case '*':
4484 /* If there is more than one wildcards */
4485 if (pattern_wildcard)
4486 return 0;
4487 pattern_wildcard = pattern_left_label_end;
4488 break;
4489 }
4490 pattern_left_label_end++;
4491 }
4492
4493 /* If it's not trivial and there is no wildcard, it can't
4494 * match */
4495 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07004496 return 0;
4497
4498 /* Make sure all labels match except the leftmost */
4499 hostname_left_label_end = strchr(hostname, '.');
4500 if (!hostname_left_label_end
4501 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
4502 return 0;
4503
4504 /* Make sure the leftmost label of the hostname is long enough
4505 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02004506 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07004507 return 0;
4508
4509 /* Finally compare the string on either side of the
4510 * wildcard */
4511 prefixlen = pattern_wildcard - pattern;
4512 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02004513 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
4514 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07004515 return 0;
4516
4517 return 1;
4518}
4519
4520static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
4521{
4522 SSL *ssl;
4523 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01004524 struct ssl_sock_ctx *ssl_ctx;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004525 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02004526 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07004527
4528 int depth;
4529 X509 *cert;
4530 STACK_OF(GENERAL_NAME) *alt_names;
4531 int i;
4532 X509_NAME *cert_subject;
4533 char *str;
4534
4535 if (ok == 0)
4536 return ok;
4537
4538 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004539 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard66ab4982019-02-26 18:37:15 +01004540 ssl_ctx = conn->xprt_ctx;
Evan Broderbe554312013-06-27 00:05:25 -07004541
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004542 /* We're checking if the provided hostnames match the desired one. The
4543 * desired hostname comes from the SNI we presented if any, or if not
4544 * provided then it may have been explicitly stated using a "verifyhost"
4545 * directive. If neither is set, we don't care about the name so the
4546 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02004547 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01004548 servername = SSL_get_servername(ssl_ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02004549 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004550 if (!servername) {
Willy Tarreau07d94e42018-09-20 10:57:52 +02004551 servername = __objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004552 if (!servername)
4553 return ok;
4554 }
Evan Broderbe554312013-06-27 00:05:25 -07004555
4556 /* We only need to verify the CN on the actual server cert,
4557 * not the indirect CAs */
4558 depth = X509_STORE_CTX_get_error_depth(ctx);
4559 if (depth != 0)
4560 return ok;
4561
4562 /* At this point, the cert is *not* OK unless we can find a
4563 * hostname match */
4564 ok = 0;
4565
4566 cert = X509_STORE_CTX_get_current_cert(ctx);
4567 /* It seems like this might happen if verify peer isn't set */
4568 if (!cert)
4569 return ok;
4570
4571 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
4572 if (alt_names) {
4573 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
4574 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
4575 if (name->type == GEN_DNS) {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004576#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Emeric Bruna33410c2013-09-17 15:47:48 +02004577 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
4578#else
Evan Broderbe554312013-06-27 00:05:25 -07004579 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004580#endif
Evan Broderbe554312013-06-27 00:05:25 -07004581 ok = ssl_sock_srv_hostcheck(str, servername);
4582 OPENSSL_free(str);
4583 }
4584 }
4585 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02004586 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07004587 }
4588
4589 cert_subject = X509_get_subject_name(cert);
4590 i = -1;
4591 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
4592 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02004593 ASN1_STRING *value;
4594 value = X509_NAME_ENTRY_get_data(entry);
4595 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07004596 ok = ssl_sock_srv_hostcheck(str, servername);
4597 OPENSSL_free(str);
4598 }
4599 }
4600
Willy Tarreau71d058c2017-07-26 20:09:56 +02004601 /* report the mismatch and indicate if SNI was used or not */
4602 if (!ok && !conn->err_code)
4603 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07004604 return ok;
4605}
4606
Emeric Brun94324a42012-10-11 14:00:19 +02004607/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01004608int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02004609{
Willy Tarreau03209342016-12-22 17:08:28 +01004610 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02004611 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004612 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02004613 SSL_OP_ALL | /* all known workarounds for bugs */
4614 SSL_OP_NO_SSLv2 |
4615 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004616 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02004617 SSL_MODE_ENABLE_PARTIAL_WRITE |
4618 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004619 SSL_MODE_RELEASE_BUFFERS |
4620 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01004621 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004622 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004623 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004624 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004625 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02004626
Thierry Fournier383085f2013-01-24 14:15:43 +01004627 /* Make sure openssl opens /dev/urandom before the chroot */
4628 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004629 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01004630 cfgerr++;
4631 }
4632
Willy Tarreaufce03112015-01-15 21:32:40 +01004633 /* Automatic memory computations need to know we use SSL there */
4634 global.ssl_used_backend = 1;
4635
4636 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02004637 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01004638 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004639 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
4640 curproxy->id, srv->id,
4641 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004642 cfgerr++;
4643 return cfgerr;
4644 }
4645 }
Emeric Brun94324a42012-10-11 14:00:19 +02004646 if (srv->use_ssl)
4647 srv->xprt = &ssl_sock;
4648 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01004649 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02004650
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004651 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004652 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004653 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
4654 proxy_type_str(curproxy), curproxy->id,
4655 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02004656 cfgerr++;
4657 return cfgerr;
4658 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004659
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004660 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004661 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
4662 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4663 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004664 else
4665 flags = conf_ssl_methods->flags;
4666
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004667 /* Real min and max should be determinate with configuration and openssl's capabilities */
4668 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004669 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004670 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004671 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004672
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004673 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004674 min = max = CONF_TLSV_NONE;
4675 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004676 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004677 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004678 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004679 if (min) {
4680 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004681 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
4682 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4683 proxy_type_str(curproxy), curproxy->id, srv->id,
4684 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004685 hole = 0;
4686 }
4687 max = i;
4688 }
4689 else {
4690 min = max = i;
4691 }
4692 }
4693 else {
4694 if (min)
4695 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004696 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004697 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004698 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
4699 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004700 cfgerr += 1;
4701 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004702
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004703#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004704 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08004705 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004706 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004707 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004708 else
4709 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4710 if (flags & methodVersions[i].flag)
4711 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004712#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004713 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004714 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4715 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004716#endif
4717
4718 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
4719 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004720 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004721
Willy Tarreau5db847a2019-05-09 14:13:35 +02004722#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004723 if (global_ssl.async)
4724 mode |= SSL_MODE_ASYNC;
4725#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004726 SSL_CTX_set_mode(ctx, mode);
4727 srv->ssl_ctx.ctx = ctx;
4728
Emeric Bruna7aa3092012-10-26 12:58:00 +02004729 if (srv->ssl_ctx.client_crt) {
4730 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004731 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
4732 proxy_type_str(curproxy), curproxy->id,
4733 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004734 cfgerr++;
4735 }
4736 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004737 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
4738 proxy_type_str(curproxy), curproxy->id,
4739 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004740 cfgerr++;
4741 }
4742 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004743 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
4744 proxy_type_str(curproxy), curproxy->id,
4745 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004746 cfgerr++;
4747 }
4748 }
Emeric Brun94324a42012-10-11 14:00:19 +02004749
Emeric Brun850efd52014-01-29 12:24:34 +01004750 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
4751 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01004752 switch (srv->ssl_ctx.verify) {
4753 case SSL_SOCK_VERIFY_NONE:
4754 verify = SSL_VERIFY_NONE;
4755 break;
4756 case SSL_SOCK_VERIFY_REQUIRED:
4757 verify = SSL_VERIFY_PEER;
4758 break;
4759 }
Evan Broderbe554312013-06-27 00:05:25 -07004760 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01004761 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02004762 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01004763 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02004764 if (srv->ssl_ctx.ca_file) {
4765 /* load CAfile to verify */
4766 if (!SSL_CTX_load_verify_locations(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004767 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to load CA file '%s'.\n",
4768 curproxy->id, srv->id,
4769 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004770 cfgerr++;
4771 }
4772 }
Emeric Brun850efd52014-01-29 12:24:34 +01004773 else {
4774 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01004775 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
4776 curproxy->id, srv->id,
4777 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004778 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01004779 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
4780 curproxy->id, srv->id,
4781 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004782 cfgerr++;
4783 }
Emeric Brunef42d922012-10-11 16:11:36 +02004784#ifdef X509_V_FLAG_CRL_CHECK
4785 if (srv->ssl_ctx.crl_file) {
4786 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
4787
4788 if (!store || !X509_STORE_load_locations(store, srv->ssl_ctx.crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004789 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
4790 curproxy->id, srv->id,
4791 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004792 cfgerr++;
4793 }
4794 else {
4795 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4796 }
4797 }
4798#endif
4799 }
4800
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004801 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
4802 SSL_SESS_CACHE_NO_INTERNAL_STORE);
4803 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02004804 if (srv->ssl_ctx.ciphers &&
4805 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004806 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
4807 curproxy->id, srv->id,
4808 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02004809 cfgerr++;
4810 }
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004811
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004812#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004813 if (srv->ssl_ctx.ciphersuites &&
Pierre Cheynierbc34cd12019-03-21 16:15:47 +00004814 !SSL_CTX_set_ciphersuites(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphersuites)) {
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004815 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set TLS 1.3 cipher suites to '%s'.\n",
4816 curproxy->id, srv->id,
4817 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphersuites);
4818 cfgerr++;
4819 }
4820#endif
Olivier Houchardc7566002018-11-20 23:33:50 +01004821#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
4822 if (srv->ssl_ctx.npn_str)
4823 SSL_CTX_set_next_proto_select_cb(ctx, ssl_sock_srv_select_protos, srv);
4824#endif
4825#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4826 if (srv->ssl_ctx.alpn_str)
4827 SSL_CTX_set_alpn_protos(ctx, (unsigned char *)srv->ssl_ctx.alpn_str, srv->ssl_ctx.alpn_len);
4828#endif
4829
Emeric Brun94324a42012-10-11 14:00:19 +02004830
4831 return cfgerr;
4832}
4833
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004834/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004835 * be NULL, in which case nothing is done. Returns the number of errors
4836 * encountered.
4837 */
Willy Tarreau03209342016-12-22 17:08:28 +01004838int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004839{
4840 struct ebmb_node *node;
4841 struct sni_ctx *sni;
4842 int err = 0;
4843
Willy Tarreaufce03112015-01-15 21:32:40 +01004844 /* Automatic memory computations need to know we use SSL there */
4845 global.ssl_used_frontend = 1;
4846
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004847 /* Make sure openssl opens /dev/urandom before the chroot */
4848 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004849 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004850 err++;
4851 }
4852 /* Create initial_ctx used to start the ssl connection before do switchctx */
4853 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004854 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004855 /* It should not be necessary to call this function, but it's
4856 necessary first to check and move all initialisation related
4857 to initial_ctx in ssl_sock_initial_ctx. */
4858 err += ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx);
4859 }
Emeric Brun0bed9942014-10-30 19:25:24 +01004860 if (bind_conf->default_ctx)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004861 err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx);
Emeric Brun0bed9942014-10-30 19:25:24 +01004862
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004863 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004864 while (node) {
4865 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004866 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4867 /* only initialize the CTX on its first occurrence and
4868 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004869 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004870 node = ebmb_next(node);
4871 }
4872
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004873 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004874 while (node) {
4875 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004876 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4877 /* only initialize the CTX on its first occurrence and
4878 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004879 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004880 node = ebmb_next(node);
4881 }
4882 return err;
4883}
4884
Willy Tarreau55d37912016-12-21 23:38:39 +01004885/* Prepares all the contexts for a bind_conf and allocates the shared SSL
4886 * context if needed. Returns < 0 on error, 0 on success. The warnings and
4887 * alerts are directly emitted since the rest of the stack does it below.
4888 */
4889int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
4890{
4891 struct proxy *px = bind_conf->frontend;
4892 int alloc_ctx;
4893 int err;
4894
4895 if (!bind_conf->is_ssl) {
4896 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004897 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
4898 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01004899 }
4900 return 0;
4901 }
4902 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004903 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004904 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
4905 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004906 }
4907 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004908 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
4909 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004910 return -1;
4911 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004912 }
William Lallemandc61c0b32017-12-04 18:46:39 +01004913 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01004914 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
Frédéric Lécailleb7838af2018-10-22 16:21:39 +02004915 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE, -1,
William Lallemandc3cd35f2017-11-28 11:04:43 +01004916 sizeof(*sh_ssl_sess_tree),
4917 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
Frédéric Lécaille4c8aa112018-10-25 20:22:46 +02004918 if (alloc_ctx <= 0) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01004919 if (alloc_ctx == SHCTX_E_INIT_LOCK)
4920 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
4921 else
4922 ha_alert("Unable to allocate SSL session cache.\n");
4923 return -1;
4924 }
4925 /* free block callback */
4926 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
4927 /* init the root tree within the extra space */
4928 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
4929 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01004930 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004931 err = 0;
4932 /* initialize all certificate contexts */
4933 err += ssl_sock_prepare_all_ctx(bind_conf);
4934
4935 /* initialize CA variables if the certificates generation is enabled */
4936 err += ssl_sock_load_ca(bind_conf);
4937
4938 return -err;
4939}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02004940
4941/* release ssl context allocated for servers. */
4942void ssl_sock_free_srv_ctx(struct server *srv)
4943{
Olivier Houchardc7566002018-11-20 23:33:50 +01004944#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4945 if (srv->ssl_ctx.alpn_str)
4946 free(srv->ssl_ctx.alpn_str);
4947#endif
Lukas Tribusda95fd92018-11-25 13:21:27 +01004948#ifdef OPENSSL_NPN_NEGOTIATED
Olivier Houchardc7566002018-11-20 23:33:50 +01004949 if (srv->ssl_ctx.npn_str)
4950 free(srv->ssl_ctx.npn_str);
Lukas Tribus7706b852018-11-26 22:57:17 +01004951#endif
Christopher Faulet77fe80c2015-07-29 13:02:40 +02004952 if (srv->ssl_ctx.ctx)
4953 SSL_CTX_free(srv->ssl_ctx.ctx);
4954}
4955
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004956/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004957 * be NULL, in which case nothing is done. The default_ctx is nullified too.
4958 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004959void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004960{
4961 struct ebmb_node *node, *back;
4962 struct sni_ctx *sni;
4963
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004964 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004965 while (node) {
4966 sni = ebmb_entry(node, struct sni_ctx, name);
4967 back = ebmb_next(node);
4968 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004969 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02004970 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004971 ssl_sock_free_ssl_conf(sni->conf);
4972 free(sni->conf);
4973 sni->conf = NULL;
4974 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004975 free(sni);
4976 node = back;
4977 }
4978
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004979 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004980 while (node) {
4981 sni = ebmb_entry(node, struct sni_ctx, name);
4982 back = ebmb_next(node);
4983 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004984 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02004985 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004986 ssl_sock_free_ssl_conf(sni->conf);
4987 free(sni->conf);
4988 sni->conf = NULL;
4989 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004990 free(sni);
4991 node = back;
4992 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004993 SSL_CTX_free(bind_conf->initial_ctx);
4994 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004995 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004996 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02004997}
4998
Willy Tarreau795cdab2016-12-22 17:30:54 +01004999/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
5000void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
5001{
5002 ssl_sock_free_ca(bind_conf);
5003 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005004 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01005005 free(bind_conf->ca_sign_file);
5006 free(bind_conf->ca_sign_pass);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02005007 if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) {
Willy Tarreau795cdab2016-12-22 17:30:54 +01005008 free(bind_conf->keys_ref->filename);
5009 free(bind_conf->keys_ref->tlskeys);
5010 LIST_DEL(&bind_conf->keys_ref->list);
5011 free(bind_conf->keys_ref);
5012 }
5013 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005014 bind_conf->ca_sign_pass = NULL;
5015 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005016}
5017
Christopher Faulet31af49d2015-06-09 17:29:50 +02005018/* Load CA cert file and private key used to generate certificates */
5019int
Willy Tarreau03209342016-12-22 17:08:28 +01005020ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005021{
Willy Tarreau03209342016-12-22 17:08:28 +01005022 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005023 FILE *fp;
5024 X509 *cacert = NULL;
5025 EVP_PKEY *capkey = NULL;
5026 int err = 0;
5027
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02005028 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005029 return err;
5030
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005031#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02005032 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01005033 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005034 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02005035 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005036 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02005037#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02005038
Christopher Faulet31af49d2015-06-09 17:29:50 +02005039 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005040 ha_alert("Proxy '%s': cannot enable certificate generation, "
5041 "no CA certificate File configured at [%s:%d].\n",
5042 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005043 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005044 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005045
5046 /* read in the CA certificate */
5047 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005048 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5049 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005050 goto load_error;
5051 }
5052 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005053 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5054 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005055 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005056 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005057 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005058 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005059 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
5060 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005061 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005062 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005063
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005064 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005065 bind_conf->ca_sign_cert = cacert;
5066 bind_conf->ca_sign_pkey = capkey;
5067 return err;
5068
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005069 read_error:
5070 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005071 if (capkey) EVP_PKEY_free(capkey);
5072 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005073 load_error:
5074 bind_conf->generate_certs = 0;
5075 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005076 return err;
5077}
5078
5079/* Release CA cert and private key used to generate certificated */
5080void
5081ssl_sock_free_ca(struct bind_conf *bind_conf)
5082{
Christopher Faulet31af49d2015-06-09 17:29:50 +02005083 if (bind_conf->ca_sign_pkey)
5084 EVP_PKEY_free(bind_conf->ca_sign_pkey);
5085 if (bind_conf->ca_sign_cert)
5086 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01005087 bind_conf->ca_sign_pkey = NULL;
5088 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005089}
5090
Emeric Brun46591952012-05-18 15:47:34 +02005091/*
5092 * This function is called if SSL * context is not yet allocated. The function
5093 * is designed to be called before any other data-layer operation and sets the
5094 * handshake flag on the connection. It is safe to call it multiple times.
5095 * It returns 0 on success and -1 in error case.
5096 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005097static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005098{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005099 struct ssl_sock_ctx *ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005100 /* already initialized */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005101 if (*xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005102 return 0;
5103
Willy Tarreau3c728722014-01-23 13:50:42 +01005104 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005105 return 0;
5106
Olivier Houchard66ab4982019-02-26 18:37:15 +01005107 ctx = pool_alloc(ssl_sock_ctx_pool);
5108 if (!ctx) {
5109 conn->err_code = CO_ER_SSL_NO_MEM;
5110 return -1;
5111 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005112 ctx->wait_event.tasklet = tasklet_new();
5113 if (!ctx->wait_event.tasklet) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005114 conn->err_code = CO_ER_SSL_NO_MEM;
5115 pool_free(ssl_sock_ctx_pool, ctx);
5116 return -1;
5117 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005118 ctx->wait_event.tasklet->process = ssl_sock_io_cb;
5119 ctx->wait_event.tasklet->context = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005120 ctx->wait_event.events = 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005121 ctx->sent_early_data = 0;
5122 ctx->tmp_early_data = -1;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005123 ctx->conn = conn;
Olivier Houchard81284e62019-06-06 13:21:23 +02005124 ctx->send_wait = NULL;
5125 ctx->recv_wait = NULL;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005126
5127 /* Only work with sockets for now, this should be adapted when we'll
5128 * add QUIC support.
5129 */
5130 ctx->xprt = xprt_get(XPRT_RAW);
Olivier Houchard19afb272019-05-23 18:24:07 +02005131 if (ctx->xprt->init) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005132 if (ctx->xprt->init(conn, &ctx->xprt_ctx) != 0)
5133 goto err;
Olivier Houchard19afb272019-05-23 18:24:07 +02005134 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005135
Willy Tarreau20879a02012-12-03 16:32:10 +01005136 if (global.maxsslconn && sslconns >= global.maxsslconn) {
5137 conn->err_code = CO_ER_SSL_TOO_MANY;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005138 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005139 }
Willy Tarreau403edff2012-09-06 11:58:37 +02005140
Emeric Brun46591952012-05-18 15:47:34 +02005141 /* If it is in client mode initiate SSL session
5142 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005143 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005144 int may_retry = 1;
5145
5146 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02005147 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005148 ctx->ssl = SSL_new(__objt_server(conn->target)->ssl_ctx.ctx);
5149 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005150 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005151 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005152 goto retry_connect;
5153 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005154 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005155 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005156 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005157 ctx->bio = BIO_new(ha_meth);
5158 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005159 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005160 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005161 goto retry_connect;
5162 }
Emeric Brun55476152014-11-12 17:35:37 +01005163 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005164 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005165 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005166 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005167 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005168
Evan Broderbe554312013-06-27 00:05:25 -07005169 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005170 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5171 SSL_free(ctx->ssl);
5172 ctx->ssl = NULL;
Emeric Brun55476152014-11-12 17:35:37 +01005173 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005174 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005175 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005176 goto retry_connect;
5177 }
Emeric Brun55476152014-11-12 17:35:37 +01005178 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005179 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005180 }
5181
Olivier Houchard66ab4982019-02-26 18:37:15 +01005182 SSL_set_connect_state(ctx->ssl);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005183 if (__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5184 const unsigned char *ptr = __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
5185 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, __objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005186 if (sess && !SSL_set_session(ctx->ssl, sess)) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005187 SSL_SESSION_free(sess);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005188 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5189 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Olivier Houcharde6060c52017-11-16 17:42:52 +01005190 } else if (sess) {
5191 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01005192 }
5193 }
Evan Broderbe554312013-06-27 00:05:25 -07005194
Emeric Brun46591952012-05-18 15:47:34 +02005195 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005196 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02005197
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005198 _HA_ATOMIC_ADD(&sslconns, 1);
5199 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005200 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005201 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005202 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005203 if (conn->flags & CO_FL_ERROR)
5204 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005205 return 0;
5206 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005207 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005208 int may_retry = 1;
5209
5210 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02005211 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005212 ctx->ssl = SSL_new(__objt_listener(conn->target)->bind_conf->initial_ctx);
5213 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005214 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005215 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005216 goto retry_accept;
5217 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005218 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005219 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005220 }
Emeric Brun46591952012-05-18 15:47:34 +02005221
Olivier Houcharda8955d52019-04-07 22:00:38 +02005222 ctx->bio = BIO_new(ha_meth);
5223 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005224 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005225 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005226 goto retry_accept;
5227 }
Emeric Brun55476152014-11-12 17:35:37 +01005228 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005229 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005230 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005231 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005232 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005233
Emeric Brune1f38db2012-09-03 20:36:47 +02005234 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005235 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5236 SSL_free(ctx->ssl);
5237 ctx->ssl = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005238 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005239 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005240 goto retry_accept;
5241 }
Emeric Brun55476152014-11-12 17:35:37 +01005242 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005243 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005244 }
5245
Olivier Houchard66ab4982019-02-26 18:37:15 +01005246 SSL_set_accept_state(ctx->ssl);
Emeric Brune1f38db2012-09-03 20:36:47 +02005247
Emeric Brun46591952012-05-18 15:47:34 +02005248 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005249 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005250#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005251 conn->flags |= CO_FL_EARLY_SSL_HS;
5252#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02005253
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005254 _HA_ATOMIC_ADD(&sslconns, 1);
5255 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005256 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005257 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005258 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005259 if (conn->flags & CO_FL_ERROR)
5260 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005261 return 0;
5262 }
5263 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01005264 conn->err_code = CO_ER_SSL_NO_TARGET;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005265err:
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005266 if (ctx && ctx->wait_event.tasklet)
5267 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005268 pool_free(ssl_sock_ctx_pool, ctx);
Emeric Brun46591952012-05-18 15:47:34 +02005269 return -1;
5270}
5271
5272
5273/* This is the callback which is used when an SSL handshake is pending. It
5274 * updates the FD status if it wants some polling before being called again.
5275 * It returns 0 if it fails in a fatal way or needs to poll to go further,
5276 * otherwise it returns non-zero and removes itself from the connection's
5277 * flags (the bit is provided in <flag> by the caller).
5278 */
Olivier Houchard000694c2019-05-23 14:45:12 +02005279static int ssl_sock_handshake(struct connection *conn, unsigned int flag)
Emeric Brun46591952012-05-18 15:47:34 +02005280{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005281 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005282 int ret;
5283
Willy Tarreau3c728722014-01-23 13:50:42 +01005284 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005285 return 0;
5286
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005287 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005288 goto out_error;
5289
Willy Tarreau5db847a2019-05-09 14:13:35 +02005290#if HA_OPENSSL_VERSION_NUMBER >= 0x10101000L
Olivier Houchardc2aae742017-09-22 18:26:28 +02005291 /*
5292 * Check if we have early data. If we do, we have to read them
5293 * before SSL_do_handshake() is called, And there's no way to
5294 * detect early data, except to try to read them
5295 */
5296 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5297 size_t read_data;
5298
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005299 ret = SSL_read_early_data(ctx->ssl, &ctx->tmp_early_data,
Olivier Houchardc2aae742017-09-22 18:26:28 +02005300 1, &read_data);
5301 if (ret == SSL_READ_EARLY_DATA_ERROR)
5302 goto check_error;
5303 if (ret == SSL_READ_EARLY_DATA_SUCCESS) {
5304 conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
5305 return 1;
5306 } else
5307 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5308 }
5309#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005310 /* If we use SSL_do_handshake to process a reneg initiated by
5311 * the remote peer, it sometimes returns SSL_ERROR_SSL.
5312 * Usually SSL_write and SSL_read are used and process implicitly
5313 * the reneg handshake.
5314 * Here we use SSL_peek as a workaround for reneg.
5315 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005316 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005317 char c;
5318
Olivier Houchard66ab4982019-02-26 18:37:15 +01005319 ret = SSL_peek(ctx->ssl, &c, 1);
Emeric Brun674b7432012-11-08 19:21:55 +01005320 if (ret <= 0) {
5321 /* handshake may have not been completed, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005322 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005323
Emeric Brun674b7432012-11-08 19:21:55 +01005324 if (ret == SSL_ERROR_WANT_WRITE) {
5325 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005326 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005327 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01005328 return 0;
5329 }
5330 else if (ret == SSL_ERROR_WANT_READ) {
5331 /* handshake may have been completed but we have
5332 * no more data to read.
5333 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005334 if (!SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005335 ret = 1;
5336 goto reneg_ok;
5337 }
5338 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005339 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005340 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01005341 return 0;
5342 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005343#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005344 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005345 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005346 return 0;
5347 }
5348#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005349 else if (ret == SSL_ERROR_SYSCALL) {
5350 /* if errno is null, then connection was successfully established */
5351 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5352 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01005353 if (!conn->err_code) {
Lukas Tribus49799162019-07-08 14:29:15 +02005354#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
5355 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005356 conn->err_code = CO_ER_SSL_HANDSHAKE;
5357#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005358 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005359#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus49799162019-07-08 14:29:15 +02005360 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005361 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)ctx->ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005362 empty_handshake = state == TLS_ST_BEFORE;
5363#else
Lukas Tribus49799162019-07-08 14:29:15 +02005364 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
5365 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005366#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005367 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02005368 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005369 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005370 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5371 else
5372 conn->err_code = CO_ER_SSL_EMPTY;
5373 }
5374 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005375 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005376 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5377 else
5378 conn->err_code = CO_ER_SSL_ABORT;
5379 }
5380 }
5381 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005382 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005383 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01005384 else
Emeric Brun29f037d2014-04-25 19:05:36 +02005385 conn->err_code = CO_ER_SSL_HANDSHAKE;
5386 }
Lukas Tribus49799162019-07-08 14:29:15 +02005387#endif /* BoringSSL or LibreSSL */
Willy Tarreau20879a02012-12-03 16:32:10 +01005388 }
Emeric Brun674b7432012-11-08 19:21:55 +01005389 goto out_error;
5390 }
5391 else {
5392 /* Fail on all other handshake errors */
5393 /* Note: OpenSSL may leave unread bytes in the socket's
5394 * buffer, causing an RST to be emitted upon close() on
5395 * TCP sockets. We first try to drain possibly pending
5396 * data to avoid this as much as possible.
5397 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005398 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005399 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005400 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02005401 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01005402 goto out_error;
5403 }
5404 }
5405 /* read some data: consider handshake completed */
5406 goto reneg_ok;
5407 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005408 ret = SSL_do_handshake(ctx->ssl);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005409check_error:
Emeric Brun46591952012-05-18 15:47:34 +02005410 if (ret != 1) {
5411 /* handshake did not complete, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005412 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005413
5414 if (ret == SSL_ERROR_WANT_WRITE) {
5415 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005416 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005417 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02005418 return 0;
5419 }
5420 else if (ret == SSL_ERROR_WANT_READ) {
5421 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchardea8dd942019-05-20 14:02:16 +02005422 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005423 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
5424 SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02005425 return 0;
5426 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005427#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005428 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005429 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005430 return 0;
5431 }
5432#endif
Willy Tarreau89230192012-09-28 20:22:13 +02005433 else if (ret == SSL_ERROR_SYSCALL) {
5434 /* if errno is null, then connection was successfully established */
5435 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5436 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005437 if (!conn->err_code) {
Lukas Tribus49799162019-07-08 14:29:15 +02005438#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
5439 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005440 conn->err_code = CO_ER_SSL_HANDSHAKE;
5441#else
5442 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005443#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus49799162019-07-08 14:29:15 +02005444 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005445 OSSL_HANDSHAKE_STATE state = SSL_get_state(ctx->ssl);
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005446 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005447#else
Lukas Tribus49799162019-07-08 14:29:15 +02005448 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
5449 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005450#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005451 if (empty_handshake) {
5452 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005453 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005454 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5455 else
5456 conn->err_code = CO_ER_SSL_EMPTY;
5457 }
5458 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005459 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005460 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5461 else
5462 conn->err_code = CO_ER_SSL_ABORT;
5463 }
Emeric Brun29f037d2014-04-25 19:05:36 +02005464 }
5465 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005466 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005467 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5468 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005469 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02005470 }
Lukas Tribus49799162019-07-08 14:29:15 +02005471#endif /* BoringSSL or LibreSSL */
Emeric Brun29f037d2014-04-25 19:05:36 +02005472 }
Willy Tarreau89230192012-09-28 20:22:13 +02005473 goto out_error;
5474 }
Emeric Brun46591952012-05-18 15:47:34 +02005475 else {
5476 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02005477 /* Note: OpenSSL may leave unread bytes in the socket's
5478 * buffer, causing an RST to be emitted upon close() on
5479 * TCP sockets. We first try to drain possibly pending
5480 * data to avoid this as much as possible.
5481 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005482 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005483 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005484 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02005485 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005486 goto out_error;
5487 }
5488 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005489#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard522eea72017-11-03 16:27:47 +01005490 else {
5491 /*
5492 * If the server refused the early data, we have to send a
5493 * 425 to the client, as we no longer have the data to sent
5494 * them again.
5495 */
5496 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005497 if (SSL_get_early_data_status(ctx->ssl) == SSL_EARLY_DATA_REJECTED) {
Olivier Houchard522eea72017-11-03 16:27:47 +01005498 conn->err_code = CO_ER_SSL_EARLY_FAILED;
5499 goto out_error;
5500 }
5501 }
5502 }
5503#endif
5504
Emeric Brun46591952012-05-18 15:47:34 +02005505
Emeric Brun674b7432012-11-08 19:21:55 +01005506reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00005507
Willy Tarreau5db847a2019-05-09 14:13:35 +02005508#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005509 /* ASYNC engine API doesn't support moving read/write
5510 * buffers. So we disable ASYNC mode right after
5511 * the handshake to avoid buffer oveflows.
5512 */
5513 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005514 SSL_clear_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005515#endif
Emeric Brun46591952012-05-18 15:47:34 +02005516 /* Handshake succeeded */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005517 if (!SSL_session_reused(ctx->ssl)) {
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005518 if (objt_server(conn->target)) {
5519 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
5520 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
5521 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02005522 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005523 else {
5524 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
5525 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
5526 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
5527 }
Emeric Brun46591952012-05-18 15:47:34 +02005528 }
5529
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005530#ifdef OPENSSL_IS_BORINGSSL
Olivier Houchard66ab4982019-02-26 18:37:15 +01005531 if ((conn->flags & CO_FL_EARLY_SSL_HS) && !SSL_in_early_data(ctx->ssl))
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005532 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5533#endif
Emeric Brun46591952012-05-18 15:47:34 +02005534 /* The connection is now established at both layers, it's time to leave */
5535 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
5536 return 1;
5537
5538 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005539 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005540 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005541 ERR_clear_error();
5542
Emeric Brun9fa89732012-10-04 17:09:56 +02005543 /* free resumed session if exists */
Willy Tarreau07d94e42018-09-20 10:57:52 +02005544 if (objt_server(conn->target) && __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5545 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5546 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02005547 }
5548
Emeric Brun46591952012-05-18 15:47:34 +02005549 /* Fail on all other handshake errors */
5550 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01005551 if (!conn->err_code)
5552 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005553 return 0;
5554}
5555
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005556static int ssl_subscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01005557{
Olivier Houchardea8dd942019-05-20 14:02:16 +02005558 struct wait_event *sw;
5559 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005560
Olivier Houchard0ff28652019-06-24 18:57:39 +02005561 if (!ctx)
5562 return -1;
5563
Olivier Houchardea8dd942019-05-20 14:02:16 +02005564 if (event_type & SUB_RETRY_RECV) {
5565 sw = param;
5566 BUG_ON(ctx->recv_wait != NULL || (sw->events & SUB_RETRY_RECV));
5567 sw->events |= SUB_RETRY_RECV;
5568 ctx->recv_wait = sw;
5569 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
5570 !(ctx->wait_event.events & SUB_RETRY_RECV))
5571 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
5572 event_type &= ~SUB_RETRY_RECV;
5573 }
5574 if (event_type & SUB_RETRY_SEND) {
5575sw = param;
5576 BUG_ON(ctx->send_wait != NULL || (sw->events & SUB_RETRY_SEND));
5577 sw->events |= SUB_RETRY_SEND;
5578 ctx->send_wait = sw;
5579 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
5580 !(ctx->wait_event.events & SUB_RETRY_SEND))
5581 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
5582 event_type &= ~SUB_RETRY_SEND;
5583
5584 }
5585 if (event_type != 0)
5586 return -1;
5587 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01005588}
5589
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005590static int ssl_unsubscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01005591{
Olivier Houchardea8dd942019-05-20 14:02:16 +02005592 struct wait_event *sw;
5593 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005594
Olivier Houchardea8dd942019-05-20 14:02:16 +02005595 if (event_type & SUB_RETRY_RECV) {
5596 sw = param;
5597 BUG_ON(ctx->recv_wait != sw);
5598 ctx->recv_wait = NULL;
5599 sw->events &= ~SUB_RETRY_RECV;
5600 /* If we subscribed, and we're not doing the handshake,
5601 * then we subscribed because the upper layer asked for it,
5602 * as the upper layer is no longer interested, we can
5603 * unsubscribe too.
5604 */
5605 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
5606 (ctx->wait_event.events & SUB_RETRY_RECV))
5607 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV,
5608 &ctx->wait_event);
5609 }
5610 if (event_type & SUB_RETRY_SEND) {
5611 sw = param;
5612 BUG_ON(ctx->send_wait != sw);
5613 ctx->send_wait = NULL;
5614 sw->events &= ~SUB_RETRY_SEND;
5615 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
5616 (ctx->wait_event.events & SUB_RETRY_SEND))
5617 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND,
5618 &ctx->wait_event);
5619
5620 }
5621
5622 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01005623}
5624
Olivier Houchard2e055482019-05-27 19:50:12 +02005625/* Use the provided XPRT as an underlying XPRT, and provide the old one.
5626 * Returns 0 on success, and non-zero on failure.
5627 */
5628static int ssl_add_xprt(struct connection *conn, void *xprt_ctx, void *toadd_ctx, const struct xprt_ops *toadd_ops, void **oldxprt_ctx, const struct xprt_ops **oldxprt_ops)
5629{
5630 struct ssl_sock_ctx *ctx = xprt_ctx;
5631
5632 if (oldxprt_ops != NULL)
5633 *oldxprt_ops = ctx->xprt;
5634 if (oldxprt_ctx != NULL)
5635 *oldxprt_ctx = ctx->xprt_ctx;
5636 ctx->xprt = toadd_ops;
5637 ctx->xprt_ctx = toadd_ctx;
5638 return 0;
5639}
5640
Olivier Houchard5149b592019-05-23 17:47:36 +02005641/* Remove the specified xprt. If if it our underlying XPRT, remove it and
5642 * return 0, otherwise just call the remove_xprt method from the underlying
5643 * XPRT.
5644 */
5645static int ssl_remove_xprt(struct connection *conn, void *xprt_ctx, void *toremove_ctx, const struct xprt_ops *newops, void *newctx)
5646{
5647 struct ssl_sock_ctx *ctx = xprt_ctx;
5648
5649 if (ctx->xprt_ctx == toremove_ctx) {
5650 ctx->xprt_ctx = newctx;
5651 ctx->xprt = newops;
5652 return 0;
5653 }
5654 return (ctx->xprt->remove_xprt(conn, ctx->xprt_ctx, toremove_ctx, newops, newctx));
5655}
5656
Olivier Houchardea8dd942019-05-20 14:02:16 +02005657static struct task *ssl_sock_io_cb(struct task *t, void *context, unsigned short state)
5658{
5659 struct ssl_sock_ctx *ctx = context;
5660
5661 /* First if we're doing an handshake, try that */
5662 if (ctx->conn->flags & CO_FL_SSL_WAIT_HS)
5663 ssl_sock_handshake(ctx->conn, CO_FL_SSL_WAIT_HS);
5664 /* If we had an error, or the handshake is done and I/O is available,
5665 * let the upper layer know.
5666 * If no mux was set up yet, and nobody subscribed, then call
5667 * xprt_done_cb() ourself if it's set, or destroy the connection,
5668 * we can't be sure conn_fd_handler() will be called again.
5669 */
5670 if ((ctx->conn->flags & CO_FL_ERROR) ||
5671 !(ctx->conn->flags & CO_FL_SSL_WAIT_HS)) {
5672 int ret = 0;
5673 int woke = 0;
5674
5675 /* On error, wake any waiter */
5676 if (ctx->recv_wait) {
5677 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005678 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005679 ctx->recv_wait = NULL;
5680 woke = 1;
5681 }
5682 if (ctx->send_wait) {
5683 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005684 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005685 ctx->send_wait = NULL;
5686 woke = 1;
5687 }
5688 /* If we're the first xprt for the connection, let the
5689 * upper layers know. If xprt_done_cb() is set, call it,
5690 * otherwise, we should have a mux, so call its wake
5691 * method if we didn't woke a tasklet already.
5692 */
5693 if (ctx->conn->xprt_ctx == ctx) {
5694 if (ctx->conn->xprt_done_cb)
5695 ret = ctx->conn->xprt_done_cb(ctx->conn);
5696 if (ret >= 0 && !woke && ctx->conn->mux && ctx->conn->mux->wake)
5697 ctx->conn->mux->wake(ctx->conn);
5698 return NULL;
5699 }
5700 }
5701 return NULL;
5702}
5703
Emeric Brun46591952012-05-18 15:47:34 +02005704/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01005705 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02005706 * buffer wraps, in which case a second call may be performed. The connection's
5707 * flags are updated with whatever special event is detected (error, read0,
5708 * empty). The caller is responsible for taking care of those events and
5709 * avoiding the call if inappropriate. The function does not call the
5710 * connection's polling update function, so the caller is responsible for this.
5711 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005712static size_t ssl_sock_to_buf(struct connection *conn, void *xprt_ctx, struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005713{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005714 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreaubfc4d772018-07-18 11:22:03 +02005715 ssize_t ret;
5716 size_t try, done = 0;
Emeric Brun46591952012-05-18 15:47:34 +02005717
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005718 conn_refresh_polling_flags(conn);
5719
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005720 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005721 goto out_error;
5722
5723 if (conn->flags & CO_FL_HANDSHAKE)
5724 /* a handshake was requested */
5725 return 0;
5726
Emeric Brun46591952012-05-18 15:47:34 +02005727 /* read the largest possible block. For this, we perform only one call
5728 * to recv() unless the buffer wraps and we exactly fill the first hunk,
5729 * in which case we accept to do it once again. A new attempt is made on
5730 * EINTR too.
5731 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01005732 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005733 int need_out = 0;
5734
Willy Tarreau591d4452018-06-15 17:21:00 +02005735 try = b_contig_space(buf);
5736 if (!try)
5737 break;
5738
Willy Tarreauabf08d92014-01-14 11:31:27 +01005739 if (try > count)
5740 try = count;
Willy Tarreau591d4452018-06-15 17:21:00 +02005741
Olivier Houchardc2aae742017-09-22 18:26:28 +02005742 if (((conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_EARLY_SSL_HS) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005743 ctx->tmp_early_data != -1) {
5744 *b_tail(buf) = ctx->tmp_early_data;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005745 done++;
5746 try--;
5747 count--;
Olivier Houchardacd14032018-06-28 18:17:23 +02005748 b_add(buf, 1);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005749 ctx->tmp_early_data = -1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005750 continue;
5751 }
Willy Tarreauabf08d92014-01-14 11:31:27 +01005752
Willy Tarreau5db847a2019-05-09 14:13:35 +02005753#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005754 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5755 size_t read_length;
5756
Olivier Houchard66ab4982019-02-26 18:37:15 +01005757 ret = SSL_read_early_data(ctx->ssl,
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005758 b_tail(buf), try, &read_length);
Olivier Houchard522eea72017-11-03 16:27:47 +01005759 if (ret == SSL_READ_EARLY_DATA_SUCCESS &&
5760 read_length > 0)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005761 conn->flags |= CO_FL_EARLY_DATA;
5762 if (ret == SSL_READ_EARLY_DATA_SUCCESS ||
5763 ret == SSL_READ_EARLY_DATA_FINISH) {
5764 if (ret == SSL_READ_EARLY_DATA_FINISH) {
5765 /*
5766 * We're done reading the early data,
5767 * let's make the handshake
5768 */
5769 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5770 conn->flags |= CO_FL_SSL_WAIT_HS;
5771 need_out = 1;
Olivier Houchard965e84e2019-06-15 20:59:30 +02005772 /* Now initiate the handshake */
5773 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005774 if (read_length == 0)
5775 break;
5776 }
5777 ret = read_length;
5778 }
5779 } else
5780#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01005781 ret = SSL_read(ctx->ssl, b_tail(buf), try);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005782#ifdef OPENSSL_IS_BORINGSSL
5783 if (conn->flags & CO_FL_EARLY_SSL_HS) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005784 if (SSL_in_early_data(ctx->ssl)) {
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005785 if (ret > 0)
5786 conn->flags |= CO_FL_EARLY_DATA;
5787 } else {
Emmanuel Hocdetcebd7962017-11-27 16:14:40 +01005788 conn->flags &= ~(CO_FL_EARLY_SSL_HS);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005789 }
5790 }
5791#endif
Emeric Brune1f38db2012-09-03 20:36:47 +02005792 if (conn->flags & CO_FL_ERROR) {
5793 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005794 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005795 }
Emeric Brun46591952012-05-18 15:47:34 +02005796 if (ret > 0) {
Olivier Houchardacd14032018-06-28 18:17:23 +02005797 b_add(buf, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005798 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005799 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005800 }
Emeric Brun46591952012-05-18 15:47:34 +02005801 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005802 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005803 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005804 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02005805 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005806 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02005807#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005808 /* Async mode can be re-enabled, because we're leaving data state.*/
5809 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005810 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005811#endif
Emeric Brun46591952012-05-18 15:47:34 +02005812 break;
5813 }
5814 else if (ret == SSL_ERROR_WANT_READ) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005815 if (SSL_renegotiate_pending(ctx->ssl)) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005816 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
5817 SUB_RETRY_RECV,
5818 &ctx->wait_event);
Emeric Brun282a76a2012-11-08 18:02:56 +01005819 /* handshake is running, and it may need to re-enable read */
5820 conn->flags |= CO_FL_SSL_WAIT_HS;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005821#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005822 /* Async mode can be re-enabled, because we're leaving data state.*/
5823 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005824 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005825#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005826 break;
5827 }
Emeric Brun46591952012-05-18 15:47:34 +02005828 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005829 } else if (ret == SSL_ERROR_ZERO_RETURN)
5830 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005831 /* For SSL_ERROR_SYSCALL, make sure to clear the error
5832 * stack before shutting down the connection for
5833 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005834 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
5835 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02005836 /* otherwise it's a real error */
5837 goto out_error;
5838 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005839 if (need_out)
5840 break;
Emeric Brun46591952012-05-18 15:47:34 +02005841 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005842 leave:
Emeric Brun46591952012-05-18 15:47:34 +02005843 return done;
5844
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005845 clear_ssl_error:
5846 /* Clear openssl global errors stack */
5847 ssl_sock_dump_errors(conn);
5848 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02005849 read0:
5850 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005851 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005852
Emeric Brun46591952012-05-18 15:47:34 +02005853 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005854 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01005855 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005856 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005857 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005858 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005859}
5860
5861
Willy Tarreau787db9a2018-06-14 18:31:46 +02005862/* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s
5863 * socket. <flags> may contain some CO_SFL_* flags to hint the system about
5864 * other pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02005865 * Only one call to send() is performed, unless the buffer wraps, in which case
5866 * a second call may be performed. The connection's flags are updated with
5867 * whatever special event is detected (error, empty). The caller is responsible
5868 * for taking care of those events and avoiding the call if inappropriate. The
5869 * function does not call the connection's polling update function, so the caller
Willy Tarreau787db9a2018-06-14 18:31:46 +02005870 * is responsible for this. The buffer's output is not adjusted, it's up to the
5871 * caller to take care of this. It's up to the caller to update the buffer's
5872 * contents based on the return value.
Emeric Brun46591952012-05-18 15:47:34 +02005873 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005874static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005875{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005876 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreau787db9a2018-06-14 18:31:46 +02005877 ssize_t ret;
5878 size_t try, done;
Emeric Brun46591952012-05-18 15:47:34 +02005879
5880 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005881 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005882
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005883 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005884 goto out_error;
5885
Olivier Houchard010941f2019-05-03 20:56:19 +02005886 if (conn->flags & (CO_FL_HANDSHAKE | CO_FL_EARLY_SSL_HS))
Emeric Brun46591952012-05-18 15:47:34 +02005887 /* a handshake was requested */
5888 return 0;
5889
5890 /* send the largest possible block. For this we perform only one call
5891 * to send() unless the buffer wraps and we exactly fill the first hunk,
5892 * in which case we accept to do it once again.
5893 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02005894 while (count) {
Willy Tarreau5db847a2019-05-09 14:13:35 +02005895#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005896 size_t written_data;
5897#endif
5898
Willy Tarreau787db9a2018-06-14 18:31:46 +02005899 try = b_contig_data(buf, done);
5900 if (try > count)
5901 try = count;
Willy Tarreaubfd59462013-02-21 07:46:09 +01005902
Willy Tarreau7bed9452014-02-02 02:00:24 +01005903 if (!(flags & CO_SFL_STREAMER) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005904 !(ctx->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01005905 global_ssl.max_record && try > global_ssl.max_record) {
5906 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005907 }
5908 else {
5909 /* we need to keep the information about the fact that
5910 * we're not limiting the upcoming send(), because if it
5911 * fails, we'll have to retry with at least as many data.
5912 */
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005913 ctx->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005914 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01005915
Willy Tarreau5db847a2019-05-09 14:13:35 +02005916#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard010941f2019-05-03 20:56:19 +02005917 if (!SSL_is_init_finished(ctx->ssl) && conn_is_back(conn)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005918 unsigned int max_early;
5919
Olivier Houchard522eea72017-11-03 16:27:47 +01005920 if (objt_listener(conn->target))
Olivier Houchard66ab4982019-02-26 18:37:15 +01005921 max_early = SSL_get_max_early_data(ctx->ssl);
Olivier Houchard522eea72017-11-03 16:27:47 +01005922 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005923 if (SSL_get0_session(ctx->ssl))
5924 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(ctx->ssl));
Olivier Houchard522eea72017-11-03 16:27:47 +01005925 else
5926 max_early = 0;
5927 }
5928
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005929 if (try + ctx->sent_early_data > max_early) {
5930 try -= (try + ctx->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01005931 if (try <= 0) {
Olivier Houchard010941f2019-05-03 20:56:19 +02005932 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchard965e84e2019-06-15 20:59:30 +02005933 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005934 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01005935 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005936 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005937 ret = SSL_write_early_data(ctx->ssl, b_peek(buf, done), try, &written_data);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005938 if (ret == 1) {
5939 ret = written_data;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005940 ctx->sent_early_data += ret;
Olivier Houchard965e84e2019-06-15 20:59:30 +02005941 if (objt_server(conn->target)) {
Olivier Houchard522eea72017-11-03 16:27:47 +01005942 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
Olivier Houchard965e84e2019-06-15 20:59:30 +02005943 /* Initiate the handshake, now */
5944 tasklet_wakeup(ctx->wait_event.tasklet);
5945 }
Olivier Houchard522eea72017-11-03 16:27:47 +01005946
Olivier Houchardc2aae742017-09-22 18:26:28 +02005947 }
5948
5949 } else
5950#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01005951 ret = SSL_write(ctx->ssl, b_peek(buf, done), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01005952
Emeric Brune1f38db2012-09-03 20:36:47 +02005953 if (conn->flags & CO_FL_ERROR) {
5954 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005955 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005956 }
Emeric Brun46591952012-05-18 15:47:34 +02005957 if (ret > 0) {
Olivier Houchardf24502b2019-01-17 19:09:11 +01005958 /* A send succeeded, so we can consier ourself connected */
5959 conn->flags |= CO_FL_CONNECTED;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005960 ctx->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau787db9a2018-06-14 18:31:46 +02005961 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005962 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005963 }
5964 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005965 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005966
Emeric Brun46591952012-05-18 15:47:34 +02005967 if (ret == SSL_ERROR_WANT_WRITE) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005968 if (SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005969 /* handshake is running, and it may need to re-enable write */
5970 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005971 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02005972#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005973 /* Async mode can be re-enabled, because we're leaving data state.*/
5974 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005975 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005976#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005977 break;
5978 }
Olivier Houchardea8dd942019-05-20 14:02:16 +02005979
Emeric Brun46591952012-05-18 15:47:34 +02005980 break;
5981 }
5982 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005983 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02005984 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005985 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
5986 SUB_RETRY_RECV,
5987 &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02005988#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005989 /* Async mode can be re-enabled, because we're leaving data state.*/
5990 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005991 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005992#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005993 break;
5994 }
Emeric Brun46591952012-05-18 15:47:34 +02005995 goto out_error;
5996 }
5997 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005998 leave:
Emeric Brun46591952012-05-18 15:47:34 +02005999 return done;
6000
6001 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01006002 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006003 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006004 ERR_clear_error();
6005
Emeric Brun46591952012-05-18 15:47:34 +02006006 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006007 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02006008}
6009
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006010static void ssl_sock_close(struct connection *conn, void *xprt_ctx) {
Emeric Brun46591952012-05-18 15:47:34 +02006011
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006012 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006013
Olivier Houchardea8dd942019-05-20 14:02:16 +02006014
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006015 if (ctx) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006016 if (ctx->wait_event.events != 0)
6017 ctx->xprt->unsubscribe(ctx->conn, ctx->xprt_ctx,
6018 ctx->wait_event.events,
6019 &ctx->wait_event);
6020 if (ctx->send_wait) {
6021 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006022 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006023 }
6024 if (ctx->recv_wait) {
6025 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006026 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006027 }
Olivier Houchard692c1d02019-05-23 18:41:47 +02006028 if (ctx->xprt->close)
6029 ctx->xprt->close(conn, ctx->xprt_ctx);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006030#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02006031 if (global_ssl.async) {
6032 OSSL_ASYNC_FD all_fd[32], afd;
6033 size_t num_all_fds = 0;
6034 int i;
6035
Olivier Houchard66ab4982019-02-26 18:37:15 +01006036 SSL_get_all_async_fds(ctx->ssl, NULL, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006037 if (num_all_fds > 32) {
6038 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
6039 return;
6040 }
6041
Olivier Houchard66ab4982019-02-26 18:37:15 +01006042 SSL_get_all_async_fds(ctx->ssl, all_fd, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006043
6044 /* If an async job is pending, we must try to
6045 to catch the end using polling before calling
6046 SSL_free */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006047 if (num_all_fds && SSL_waiting_for_async(ctx->ssl)) {
Emeric Brun3854e012017-05-17 20:42:48 +02006048 for (i=0 ; i < num_all_fds ; i++) {
6049 /* switch on an handler designed to
6050 * handle the SSL_free
6051 */
6052 afd = all_fd[i];
6053 fdtab[afd].iocb = ssl_async_fd_free;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006054 fdtab[afd].owner = ctx->ssl;
Emeric Brun3854e012017-05-17 20:42:48 +02006055 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00006056 /* To ensure that the fd cache won't be used
6057 * and we'll catch a real RD event.
6058 */
6059 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02006060 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006061 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006062 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006063 _HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006064 return;
6065 }
Emeric Brun3854e012017-05-17 20:42:48 +02006066 /* Else we can remove the fds from the fdtab
6067 * and call SSL_free.
6068 * note: we do a fd_remove and not a delete
6069 * because the fd is owned by the engine.
6070 * the engine is responsible to close
6071 */
6072 for (i=0 ; i < num_all_fds ; i++)
6073 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006074 }
6075#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006076 SSL_free(ctx->ssl);
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006077 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006078 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006079 _HA_ATOMIC_SUB(&sslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006080 }
Emeric Brun46591952012-05-18 15:47:34 +02006081}
6082
6083/* This function tries to perform a clean shutdown on an SSL connection, and in
6084 * any case, flags the connection as reusable if no handshake was in progress.
6085 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006086static void ssl_sock_shutw(struct connection *conn, void *xprt_ctx, int clean)
Emeric Brun46591952012-05-18 15:47:34 +02006087{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006088 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006089
Emeric Brun46591952012-05-18 15:47:34 +02006090 if (conn->flags & CO_FL_HANDSHAKE)
6091 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01006092 if (!clean)
6093 /* don't sent notify on SSL_shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006094 SSL_set_quiet_shutdown(ctx->ssl, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006095 /* no handshake was in progress, try a clean ssl shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006096 if (SSL_shutdown(ctx->ssl) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01006097 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006098 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006099 ERR_clear_error();
6100 }
Emeric Brun46591952012-05-18 15:47:34 +02006101}
6102
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006103/* used for ppv2 pkey alog (can be used for logging) */
Willy Tarreau83061a82018-07-13 11:56:34 +02006104int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006105{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006106 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006107 struct pkey_info *pkinfo;
6108 int bits = 0;
6109 int sig = TLSEXT_signature_anonymous;
6110 int len = -1;
6111
6112 if (!ssl_sock_is_ssl(conn))
6113 return 0;
6114
Olivier Houchard66ab4982019-02-26 18:37:15 +01006115 pkinfo = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ctx->ssl), ssl_pkey_info_index);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006116 if (pkinfo) {
6117 sig = pkinfo->sig;
6118 bits = pkinfo->bits;
6119 } else {
6120 /* multicert and generated cert have no pkey info */
6121 X509 *crt;
6122 EVP_PKEY *pkey;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006123 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006124 if (!crt)
6125 return 0;
6126 pkey = X509_get_pubkey(crt);
6127 if (pkey) {
6128 bits = EVP_PKEY_bits(pkey);
6129 switch(EVP_PKEY_base_id(pkey)) {
6130 case EVP_PKEY_RSA:
6131 sig = TLSEXT_signature_rsa;
6132 break;
6133 case EVP_PKEY_EC:
6134 sig = TLSEXT_signature_ecdsa;
6135 break;
6136 case EVP_PKEY_DSA:
6137 sig = TLSEXT_signature_dsa;
6138 break;
6139 }
6140 EVP_PKEY_free(pkey);
6141 }
6142 }
6143
6144 switch(sig) {
6145 case TLSEXT_signature_rsa:
6146 len = chunk_printf(out, "RSA%d", bits);
6147 break;
6148 case TLSEXT_signature_ecdsa:
6149 len = chunk_printf(out, "EC%d", bits);
6150 break;
6151 case TLSEXT_signature_dsa:
6152 len = chunk_printf(out, "DSA%d", bits);
6153 break;
6154 default:
6155 return 0;
6156 }
6157 if (len < 0)
6158 return 0;
6159 return 1;
6160}
6161
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006162/* used for ppv2 cert signature (can be used for logging) */
6163const char *ssl_sock_get_cert_sig(struct connection *conn)
6164{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006165 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6166
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006167 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
6168 X509 *crt;
6169
6170 if (!ssl_sock_is_ssl(conn))
6171 return NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006172 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006173 if (!crt)
6174 return NULL;
6175 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6176 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
6177}
6178
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006179/* used for ppv2 authority */
6180const char *ssl_sock_get_sni(struct connection *conn)
6181{
6182#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Olivier Houchard66ab4982019-02-26 18:37:15 +01006183 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6184
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006185 if (!ssl_sock_is_ssl(conn))
6186 return NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006187 return SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006188#else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006189 return NULL;
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006190#endif
6191}
6192
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006193/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006194const char *ssl_sock_get_cipher_name(struct connection *conn)
6195{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006196 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6197
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006198 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006199 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006200
Olivier Houchard66ab4982019-02-26 18:37:15 +01006201 return SSL_get_cipher_name(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006202}
6203
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006204/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006205const char *ssl_sock_get_proto_version(struct connection *conn)
6206{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006207 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6208
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006209 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006210 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006211
Olivier Houchard66ab4982019-02-26 18:37:15 +01006212 return SSL_get_version(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006213}
6214
Willy Tarreau8d598402012-10-22 17:58:39 +02006215/* Extract a serial from a cert, and copy it to a chunk.
6216 * Returns 1 if serial is found and copied, 0 if no serial found and
6217 * -1 if output is not large enough.
6218 */
6219static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006220ssl_sock_get_serial(X509 *crt, struct buffer *out)
Willy Tarreau8d598402012-10-22 17:58:39 +02006221{
6222 ASN1_INTEGER *serial;
6223
6224 serial = X509_get_serialNumber(crt);
6225 if (!serial)
6226 return 0;
6227
6228 if (out->size < serial->length)
6229 return -1;
6230
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006231 memcpy(out->area, serial->data, serial->length);
6232 out->data = serial->length;
Willy Tarreau8d598402012-10-22 17:58:39 +02006233 return 1;
6234}
6235
Emeric Brun43e79582014-10-29 19:03:26 +01006236/* Extract a cert to der, and copy it to a chunk.
Joseph Herlant017b3da2018-11-15 09:07:59 -08006237 * Returns 1 if the cert is found and copied, 0 on der conversion failure
6238 * and -1 if the output is not large enough.
Emeric Brun43e79582014-10-29 19:03:26 +01006239 */
6240static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006241ssl_sock_crt2der(X509 *crt, struct buffer *out)
Emeric Brun43e79582014-10-29 19:03:26 +01006242{
6243 int len;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006244 unsigned char *p = (unsigned char *) out->area;;
Emeric Brun43e79582014-10-29 19:03:26 +01006245
6246 len =i2d_X509(crt, NULL);
6247 if (len <= 0)
6248 return 1;
6249
6250 if (out->size < len)
6251 return -1;
6252
6253 i2d_X509(crt,&p);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006254 out->data = len;
Emeric Brun43e79582014-10-29 19:03:26 +01006255 return 1;
6256}
6257
Emeric Brunce5ad802012-10-22 14:11:22 +02006258
Willy Tarreau83061a82018-07-13 11:56:34 +02006259/* Copy Date in ASN1_UTCTIME format in struct buffer out.
Emeric Brunce5ad802012-10-22 14:11:22 +02006260 * Returns 1 if serial is found and copied, 0 if no valid time found
6261 * and -1 if output is not large enough.
6262 */
6263static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006264ssl_sock_get_time(ASN1_TIME *tm, struct buffer *out)
Emeric Brunce5ad802012-10-22 14:11:22 +02006265{
6266 if (tm->type == V_ASN1_GENERALIZEDTIME) {
6267 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
6268
6269 if (gentm->length < 12)
6270 return 0;
6271 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
6272 return 0;
6273 if (out->size < gentm->length-2)
6274 return -1;
6275
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006276 memcpy(out->area, gentm->data+2, gentm->length-2);
6277 out->data = gentm->length-2;
Emeric Brunce5ad802012-10-22 14:11:22 +02006278 return 1;
6279 }
6280 else if (tm->type == V_ASN1_UTCTIME) {
6281 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
6282
6283 if (utctm->length < 10)
6284 return 0;
6285 if (utctm->data[0] >= 0x35)
6286 return 0;
6287 if (out->size < utctm->length)
6288 return -1;
6289
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006290 memcpy(out->area, utctm->data, utctm->length);
6291 out->data = utctm->length;
Emeric Brunce5ad802012-10-22 14:11:22 +02006292 return 1;
6293 }
6294
6295 return 0;
6296}
6297
Emeric Brun87855892012-10-17 17:39:35 +02006298/* Extract an entry from a X509_NAME and copy its value to an output chunk.
6299 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
6300 */
6301static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006302ssl_sock_get_dn_entry(X509_NAME *a, const struct buffer *entry, int pos,
6303 struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006304{
6305 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006306 ASN1_OBJECT *obj;
6307 ASN1_STRING *data;
6308 const unsigned char *data_ptr;
6309 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006310 int i, j, n;
6311 int cur = 0;
6312 const char *s;
6313 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006314 int name_count;
6315
6316 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006317
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006318 out->data = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006319 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02006320 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006321 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02006322 else
6323 j = i;
6324
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006325 ne = X509_NAME_get_entry(a, j);
6326 obj = X509_NAME_ENTRY_get_object(ne);
6327 data = X509_NAME_ENTRY_get_data(ne);
6328 data_ptr = ASN1_STRING_get0_data(data);
6329 data_len = ASN1_STRING_length(data);
6330 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006331 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006332 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006333 s = tmp;
6334 }
6335
6336 if (chunk_strcasecmp(entry, s) != 0)
6337 continue;
6338
6339 if (pos < 0)
6340 cur--;
6341 else
6342 cur++;
6343
6344 if (cur != pos)
6345 continue;
6346
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006347 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02006348 return -1;
6349
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006350 memcpy(out->area, data_ptr, data_len);
6351 out->data = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006352 return 1;
6353 }
6354
6355 return 0;
6356
6357}
6358
6359/* Extract and format full DN from a X509_NAME and copy result into a chunk
6360 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
6361 */
6362static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006363ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006364{
6365 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006366 ASN1_OBJECT *obj;
6367 ASN1_STRING *data;
6368 const unsigned char *data_ptr;
6369 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006370 int i, n, ln;
6371 int l = 0;
6372 const char *s;
6373 char *p;
6374 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006375 int name_count;
6376
6377
6378 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006379
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006380 out->data = 0;
6381 p = out->area;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006382 for (i = 0; i < name_count; i++) {
6383 ne = X509_NAME_get_entry(a, i);
6384 obj = X509_NAME_ENTRY_get_object(ne);
6385 data = X509_NAME_ENTRY_get_data(ne);
6386 data_ptr = ASN1_STRING_get0_data(data);
6387 data_len = ASN1_STRING_length(data);
6388 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006389 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006390 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006391 s = tmp;
6392 }
6393 ln = strlen(s);
6394
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006395 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006396 if (l > out->size)
6397 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006398 out->data = l;
Emeric Brun87855892012-10-17 17:39:35 +02006399
6400 *(p++)='/';
6401 memcpy(p, s, ln);
6402 p += ln;
6403 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006404 memcpy(p, data_ptr, data_len);
6405 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006406 }
6407
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006408 if (!out->data)
Emeric Brun87855892012-10-17 17:39:35 +02006409 return 0;
6410
6411 return 1;
6412}
6413
Olivier Houchardab28a322018-12-21 19:45:40 +01006414void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int len)
6415{
6416#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Olivier Houchard66ab4982019-02-26 18:37:15 +01006417 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6418
Olivier Houcharde488ea82019-06-28 14:10:33 +02006419 if (!ssl_sock_is_ssl(conn))
6420 return;
6421
Olivier Houchard66ab4982019-02-26 18:37:15 +01006422 SSL_set_alpn_protos(ctx->ssl, alpn, len);
Olivier Houchardab28a322018-12-21 19:45:40 +01006423#endif
6424}
6425
Willy Tarreau119a4082016-12-22 21:58:38 +01006426/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
6427 * to disable SNI.
6428 */
Willy Tarreau63076412015-07-10 11:33:32 +02006429void ssl_sock_set_servername(struct connection *conn, const char *hostname)
6430{
6431#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Olivier Houchard66ab4982019-02-26 18:37:15 +01006432 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6433
Willy Tarreau119a4082016-12-22 21:58:38 +01006434 char *prev_name;
6435
Willy Tarreau63076412015-07-10 11:33:32 +02006436 if (!ssl_sock_is_ssl(conn))
6437 return;
6438
Willy Tarreau119a4082016-12-22 21:58:38 +01006439 /* if the SNI changes, we must destroy the reusable context so that a
6440 * new connection will present a new SNI. As an optimization we could
6441 * later imagine having a small cache of ssl_ctx to hold a few SNI per
6442 * server.
6443 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006444 prev_name = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau119a4082016-12-22 21:58:38 +01006445 if ((!prev_name && hostname) ||
6446 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
Olivier Houchard66ab4982019-02-26 18:37:15 +01006447 SSL_set_session(ctx->ssl, NULL);
Willy Tarreau119a4082016-12-22 21:58:38 +01006448
Olivier Houchard66ab4982019-02-26 18:37:15 +01006449 SSL_set_tlsext_host_name(ctx->ssl, hostname);
Willy Tarreau63076412015-07-10 11:33:32 +02006450#endif
6451}
6452
Emeric Brun0abf8362014-06-24 18:26:41 +02006453/* Extract peer certificate's common name into the chunk dest
6454 * Returns
6455 * the len of the extracted common name
6456 * or 0 if no CN found in DN
6457 * or -1 on error case (i.e. no peer certificate)
6458 */
Willy Tarreau83061a82018-07-13 11:56:34 +02006459int ssl_sock_get_remote_common_name(struct connection *conn,
6460 struct buffer *dest)
David Safb76832014-05-08 23:42:08 -04006461{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006462 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
David Safb76832014-05-08 23:42:08 -04006463 X509 *crt = NULL;
6464 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04006465 const char find_cn[] = "CN";
Willy Tarreau83061a82018-07-13 11:56:34 +02006466 const struct buffer find_cn_chunk = {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006467 .area = (char *)&find_cn,
6468 .data = sizeof(find_cn)-1
David Safb76832014-05-08 23:42:08 -04006469 };
Emeric Brun0abf8362014-06-24 18:26:41 +02006470 int result = -1;
David Safb76832014-05-08 23:42:08 -04006471
6472 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02006473 goto out;
David Safb76832014-05-08 23:42:08 -04006474
6475 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006476 crt = SSL_get_peer_certificate(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04006477 if (!crt)
6478 goto out;
6479
6480 name = X509_get_subject_name(crt);
6481 if (!name)
6482 goto out;
David Safb76832014-05-08 23:42:08 -04006483
Emeric Brun0abf8362014-06-24 18:26:41 +02006484 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
6485out:
David Safb76832014-05-08 23:42:08 -04006486 if (crt)
6487 X509_free(crt);
6488
6489 return result;
6490}
6491
Dave McCowan328fb582014-07-30 10:39:13 -04006492/* returns 1 if client passed a certificate for this session, 0 if not */
6493int ssl_sock_get_cert_used_sess(struct connection *conn)
6494{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006495 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04006496 X509 *crt = NULL;
6497
6498 if (!ssl_sock_is_ssl(conn))
6499 return 0;
6500
6501 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006502 crt = SSL_get_peer_certificate(ctx->ssl);
Dave McCowan328fb582014-07-30 10:39:13 -04006503 if (!crt)
6504 return 0;
6505
6506 X509_free(crt);
6507 return 1;
6508}
6509
6510/* returns 1 if client passed a certificate for this connection, 0 if not */
6511int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04006512{
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006513 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6514
David Safb76832014-05-08 23:42:08 -04006515 if (!ssl_sock_is_ssl(conn))
6516 return 0;
6517
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006518 return SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
David Safb76832014-05-08 23:42:08 -04006519}
6520
6521/* returns result from SSL verify */
6522unsigned int ssl_sock_get_verify_result(struct connection *conn)
6523{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006524 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6525
David Safb76832014-05-08 23:42:08 -04006526 if (!ssl_sock_is_ssl(conn))
6527 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
6528
Olivier Houchard66ab4982019-02-26 18:37:15 +01006529 return (unsigned int)SSL_get_verify_result(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04006530}
6531
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006532/* Returns the application layer protocol name in <str> and <len> when known.
6533 * Zero is returned if the protocol name was not found, otherwise non-zero is
6534 * returned. The string is allocated in the SSL context and doesn't have to be
6535 * freed by the caller. NPN is also checked if available since older versions
6536 * of openssl (1.0.1) which are more common in field only support this one.
6537 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006538static int ssl_sock_get_alpn(const struct connection *conn, void *xprt_ctx, const char **str, int *len)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006539{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006540#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) || \
6541 defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006542 struct ssl_sock_ctx *ctx = xprt_ctx;
6543 if (!ctx)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006544 return 0;
6545
6546 *str = NULL;
6547
6548#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Olivier Houchard66ab4982019-02-26 18:37:15 +01006549 SSL_get0_alpn_selected(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006550 if (*str)
6551 return 1;
6552#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01006553#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006554 SSL_get0_next_proto_negotiated(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006555 if (*str)
6556 return 1;
6557#endif
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006558#endif
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006559 return 0;
6560}
6561
Willy Tarreau7875d092012-09-10 08:20:03 +02006562/***** Below are some sample fetching functions for ACL/patterns *****/
6563
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006564static int
6565smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
6566{
6567 struct connection *conn;
6568
6569 conn = objt_conn(smp->sess->origin);
6570 if (!conn || conn->xprt != &ssl_sock)
6571 return 0;
6572
6573 smp->flags = 0;
6574 smp->data.type = SMP_T_BOOL;
Olivier Houchard25ae45a2017-11-29 19:51:19 +01006575 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
6576 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_HANDSHAKE))) ? 1 : 0;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006577
6578 return 1;
6579}
6580
Emeric Brune64aef12012-09-21 13:15:06 +02006581/* boolean, returns true if client cert was present */
6582static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006583smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02006584{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006585 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006586 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006587
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006588 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006589 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02006590 return 0;
6591
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006592 ctx = conn->xprt_ctx;
6593
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006594 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02006595 smp->flags |= SMP_F_MAY_CHANGE;
6596 return 0;
6597 }
6598
6599 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006600 smp->data.type = SMP_T_BOOL;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006601 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02006602
6603 return 1;
6604}
6605
Emeric Brun43e79582014-10-29 19:03:26 +01006606/* binary, returns a certificate in a binary chunk (der/raw).
6607 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6608 * should be use.
6609 */
6610static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006611smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01006612{
6613 int cert_peer = (kw[4] == 'c') ? 1 : 0;
6614 X509 *crt = NULL;
6615 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006616 struct buffer *smp_trash;
Emeric Brun43e79582014-10-29 19:03:26 +01006617 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006618 struct ssl_sock_ctx *ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01006619
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006620 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01006621 if (!conn || conn->xprt != &ssl_sock)
6622 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006623 ctx = conn->xprt_ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01006624
6625 if (!(conn->flags & CO_FL_CONNECTED)) {
6626 smp->flags |= SMP_F_MAY_CHANGE;
6627 return 0;
6628 }
6629
6630 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006631 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01006632 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006633 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01006634
6635 if (!crt)
6636 goto out;
6637
6638 smp_trash = get_trash_chunk();
6639 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
6640 goto out;
6641
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006642 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006643 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01006644 ret = 1;
6645out:
6646 /* SSL_get_peer_certificate, it increase X509 * ref count */
6647 if (cert_peer && crt)
6648 X509_free(crt);
6649 return ret;
6650}
6651
Emeric Brunba841a12014-04-30 17:05:08 +02006652/* binary, returns serial of certificate in a binary chunk.
6653 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6654 * should be use.
6655 */
Willy Tarreau8d598402012-10-22 17:58:39 +02006656static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006657smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02006658{
Emeric Brunba841a12014-04-30 17:05:08 +02006659 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02006660 X509 *crt = NULL;
6661 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006662 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006663 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006664 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006665
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006666 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006667 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02006668 return 0;
6669
Olivier Houchard66ab4982019-02-26 18:37:15 +01006670 ctx = conn->xprt_ctx;
6671
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006672 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02006673 smp->flags |= SMP_F_MAY_CHANGE;
6674 return 0;
6675 }
6676
Emeric Brunba841a12014-04-30 17:05:08 +02006677 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006678 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006679 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006680 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006681
Willy Tarreau8d598402012-10-22 17:58:39 +02006682 if (!crt)
6683 goto out;
6684
Willy Tarreau47ca5452012-12-23 20:22:19 +01006685 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02006686 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
6687 goto out;
6688
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006689 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006690 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02006691 ret = 1;
6692out:
Emeric Brunba841a12014-04-30 17:05:08 +02006693 /* SSL_get_peer_certificate, it increase X509 * ref count */
6694 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02006695 X509_free(crt);
6696 return ret;
6697}
Emeric Brune64aef12012-09-21 13:15:06 +02006698
Emeric Brunba841a12014-04-30 17:05:08 +02006699/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
6700 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6701 * should be use.
6702 */
James Votha051b4a2013-05-14 20:37:59 +02006703static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006704smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02006705{
Emeric Brunba841a12014-04-30 17:05:08 +02006706 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02006707 X509 *crt = NULL;
6708 const EVP_MD *digest;
6709 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006710 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006711 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006712 struct ssl_sock_ctx *ctx;
James Votha051b4a2013-05-14 20:37:59 +02006713
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006714 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006715 if (!conn || conn->xprt != &ssl_sock)
6716 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006717 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006718
6719 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02006720 smp->flags |= SMP_F_MAY_CHANGE;
6721 return 0;
6722 }
6723
Emeric Brunba841a12014-04-30 17:05:08 +02006724 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006725 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006726 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006727 crt = SSL_get_certificate(ctx->ssl);
James Votha051b4a2013-05-14 20:37:59 +02006728 if (!crt)
6729 goto out;
6730
6731 smp_trash = get_trash_chunk();
6732 digest = EVP_sha1();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006733 X509_digest(crt, digest, (unsigned char *) smp_trash->area,
6734 (unsigned int *)&smp_trash->data);
James Votha051b4a2013-05-14 20:37:59 +02006735
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006736 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006737 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02006738 ret = 1;
6739out:
Emeric Brunba841a12014-04-30 17:05:08 +02006740 /* SSL_get_peer_certificate, it increase X509 * ref count */
6741 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02006742 X509_free(crt);
6743 return ret;
6744}
6745
Emeric Brunba841a12014-04-30 17:05:08 +02006746/* string, returns certificate's notafter date in ASN1_UTCTIME format.
6747 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6748 * should be use.
6749 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006750static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006751smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006752{
Emeric Brunba841a12014-04-30 17:05:08 +02006753 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006754 X509 *crt = NULL;
6755 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006756 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006757 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006758 struct ssl_sock_ctx *ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02006759
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006760 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006761 if (!conn || conn->xprt != &ssl_sock)
6762 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006763 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006764
6765 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006766 smp->flags |= SMP_F_MAY_CHANGE;
6767 return 0;
6768 }
6769
Emeric Brunba841a12014-04-30 17:05:08 +02006770 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006771 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006772 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006773 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02006774 if (!crt)
6775 goto out;
6776
Willy Tarreau47ca5452012-12-23 20:22:19 +01006777 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08006778 if (ssl_sock_get_time(X509_getm_notAfter(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02006779 goto out;
6780
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006781 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006782 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006783 ret = 1;
6784out:
Emeric Brunba841a12014-04-30 17:05:08 +02006785 /* SSL_get_peer_certificate, it increase X509 * ref count */
6786 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006787 X509_free(crt);
6788 return ret;
6789}
6790
Emeric Brunba841a12014-04-30 17:05:08 +02006791/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
6792 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6793 * should be use.
6794 */
Emeric Brun87855892012-10-17 17:39:35 +02006795static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006796smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006797{
Emeric Brunba841a12014-04-30 17:05:08 +02006798 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006799 X509 *crt = NULL;
6800 X509_NAME *name;
6801 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006802 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006803 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006804 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02006805
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006806 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006807 if (!conn || conn->xprt != &ssl_sock)
6808 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006809 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006810
6811 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006812 smp->flags |= SMP_F_MAY_CHANGE;
6813 return 0;
6814 }
6815
Emeric Brunba841a12014-04-30 17:05:08 +02006816 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006817 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006818 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006819 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02006820 if (!crt)
6821 goto out;
6822
6823 name = X509_get_issuer_name(crt);
6824 if (!name)
6825 goto out;
6826
Willy Tarreau47ca5452012-12-23 20:22:19 +01006827 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006828 if (args && args[0].type == ARGT_STR) {
6829 int pos = 1;
6830
6831 if (args[1].type == ARGT_SINT)
6832 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006833
6834 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6835 goto out;
6836 }
6837 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6838 goto out;
6839
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006840 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006841 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006842 ret = 1;
6843out:
Emeric Brunba841a12014-04-30 17:05:08 +02006844 /* SSL_get_peer_certificate, it increase X509 * ref count */
6845 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006846 X509_free(crt);
6847 return ret;
6848}
6849
Emeric Brunba841a12014-04-30 17:05:08 +02006850/* string, returns notbefore date in ASN1_UTCTIME format.
6851 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6852 * should be use.
6853 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006854static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006855smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006856{
Emeric Brunba841a12014-04-30 17:05:08 +02006857 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006858 X509 *crt = NULL;
6859 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006860 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006861 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006862 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006863
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006864 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006865 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02006866 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006867 ctx = conn->xprt_ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02006868
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006869 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006870 smp->flags |= SMP_F_MAY_CHANGE;
6871 return 0;
6872 }
6873
Emeric Brunba841a12014-04-30 17:05:08 +02006874 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006875 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006876 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006877 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02006878 if (!crt)
6879 goto out;
6880
Willy Tarreau47ca5452012-12-23 20:22:19 +01006881 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08006882 if (ssl_sock_get_time(X509_getm_notBefore(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02006883 goto out;
6884
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006885 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006886 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006887 ret = 1;
6888out:
Emeric Brunba841a12014-04-30 17:05:08 +02006889 /* SSL_get_peer_certificate, it increase X509 * ref count */
6890 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006891 X509_free(crt);
6892 return ret;
6893}
6894
Emeric Brunba841a12014-04-30 17:05:08 +02006895/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
6896 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6897 * should be use.
6898 */
Emeric Brun87855892012-10-17 17:39:35 +02006899static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006900smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006901{
Emeric Brunba841a12014-04-30 17:05:08 +02006902 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006903 X509 *crt = NULL;
6904 X509_NAME *name;
6905 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006906 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006907 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006908 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02006909
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006910 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006911 if (!conn || conn->xprt != &ssl_sock)
6912 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006913 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006914
6915 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006916 smp->flags |= SMP_F_MAY_CHANGE;
6917 return 0;
6918 }
6919
Emeric Brunba841a12014-04-30 17:05:08 +02006920 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006921 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006922 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006923 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02006924 if (!crt)
6925 goto out;
6926
6927 name = X509_get_subject_name(crt);
6928 if (!name)
6929 goto out;
6930
Willy Tarreau47ca5452012-12-23 20:22:19 +01006931 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006932 if (args && args[0].type == ARGT_STR) {
6933 int pos = 1;
6934
6935 if (args[1].type == ARGT_SINT)
6936 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006937
6938 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6939 goto out;
6940 }
6941 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6942 goto out;
6943
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006944 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006945 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006946 ret = 1;
6947out:
Emeric Brunba841a12014-04-30 17:05:08 +02006948 /* SSL_get_peer_certificate, it increase X509 * ref count */
6949 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006950 X509_free(crt);
6951 return ret;
6952}
Emeric Brun9143d372012-12-20 15:44:16 +01006953
6954/* integer, returns true if current session use a client certificate */
6955static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006956smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01006957{
6958 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006959 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006960 struct ssl_sock_ctx *ctx;
Emeric Brun9143d372012-12-20 15:44:16 +01006961
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006962 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006963 if (!conn || conn->xprt != &ssl_sock)
6964 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006965 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006966
6967 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01006968 smp->flags |= SMP_F_MAY_CHANGE;
6969 return 0;
6970 }
6971
6972 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006973 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun9143d372012-12-20 15:44:16 +01006974 if (crt) {
6975 X509_free(crt);
6976 }
6977
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006978 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006979 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01006980 return 1;
6981}
6982
Emeric Brunba841a12014-04-30 17:05:08 +02006983/* integer, returns the certificate version
6984 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6985 * should be use.
6986 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02006987static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006988smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006989{
Emeric Brunba841a12014-04-30 17:05:08 +02006990 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006991 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006992 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006993 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006994
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006995 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006996 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006997 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006998 ctx = conn->xprt_ctx;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006999
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007000 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02007001 smp->flags |= SMP_F_MAY_CHANGE;
7002 return 0;
7003 }
7004
Emeric Brunba841a12014-04-30 17:05:08 +02007005 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007006 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007007 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007008 crt = SSL_get_certificate(ctx->ssl);
Emeric Bruna7359fd2012-10-17 15:03:11 +02007009 if (!crt)
7010 return 0;
7011
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007012 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02007013 /* SSL_get_peer_certificate increase X509 * ref count */
7014 if (cert_peer)
7015 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007016 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007017
7018 return 1;
7019}
7020
Emeric Brunba841a12014-04-30 17:05:08 +02007021/* string, returns the certificate's signature algorithm.
7022 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7023 * should be use.
7024 */
Emeric Brun7f56e742012-10-19 18:15:40 +02007025static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007026smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02007027{
Emeric Brunba841a12014-04-30 17:05:08 +02007028 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02007029 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007030 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02007031 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007032 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007033 struct ssl_sock_ctx *ctx;
Emeric Brun7f56e742012-10-19 18:15:40 +02007034
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007035 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007036 if (!conn || conn->xprt != &ssl_sock)
7037 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007038 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007039
7040 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02007041 smp->flags |= SMP_F_MAY_CHANGE;
7042 return 0;
7043 }
7044
Emeric Brunba841a12014-04-30 17:05:08 +02007045 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007046 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007047 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007048 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun7f56e742012-10-19 18:15:40 +02007049 if (!crt)
7050 return 0;
7051
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007052 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
7053 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02007054
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007055 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7056 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007057 /* SSL_get_peer_certificate increase X509 * ref count */
7058 if (cert_peer)
7059 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007060 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007061 }
Emeric Brun7f56e742012-10-19 18:15:40 +02007062
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007063 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007064 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007065 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007066 /* SSL_get_peer_certificate increase X509 * ref count */
7067 if (cert_peer)
7068 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007069
7070 return 1;
7071}
7072
Emeric Brunba841a12014-04-30 17:05:08 +02007073/* string, returns the certificate's key algorithm.
7074 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7075 * should be use.
7076 */
Emeric Brun521a0112012-10-22 12:22:55 +02007077static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007078smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02007079{
Emeric Brunba841a12014-04-30 17:05:08 +02007080 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02007081 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007082 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02007083 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007084 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007085 struct ssl_sock_ctx *ctx;
Emeric Brun521a0112012-10-22 12:22:55 +02007086
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007087 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007088 if (!conn || conn->xprt != &ssl_sock)
7089 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007090 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007091
7092 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02007093 smp->flags |= SMP_F_MAY_CHANGE;
7094 return 0;
7095 }
7096
Emeric Brunba841a12014-04-30 17:05:08 +02007097 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007098 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007099 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007100 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun521a0112012-10-22 12:22:55 +02007101 if (!crt)
7102 return 0;
7103
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007104 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
7105 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02007106
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007107 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7108 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007109 /* SSL_get_peer_certificate increase X509 * ref count */
7110 if (cert_peer)
7111 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007112 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007113 }
Emeric Brun521a0112012-10-22 12:22:55 +02007114
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007115 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007116 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007117 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007118 if (cert_peer)
7119 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007120
7121 return 1;
7122}
7123
Emeric Brun645ae792014-04-30 14:21:06 +02007124/* boolean, returns true if front conn. transport layer is SSL.
7125 * This function is also usable on backend conn if the fetch keyword 5th
7126 * char is 'b'.
7127 */
Willy Tarreau7875d092012-09-10 08:20:03 +02007128static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007129smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007130{
Emeric Bruneb8def92018-02-19 15:59:48 +01007131 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7132 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007133
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007134 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007135 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02007136 return 1;
7137}
7138
Emeric Brun2525b6b2012-10-18 15:59:43 +02007139/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02007140static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007141smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007142{
7143#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007144 struct connection *conn = objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007145 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007146
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007147 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007148 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007149 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007150 SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02007151 return 1;
7152#else
7153 return 0;
7154#endif
7155}
7156
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007157/* boolean, returns true if client session has been resumed.
7158 * This function is also usable on backend conn if the fetch keyword 5th
7159 * char is 'b'.
7160 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007161static int
7162smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
7163{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007164 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7165 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007166 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007167
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007168
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007169 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007170 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007171 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007172 SSL_session_reused(ctx->ssl);
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007173 return 1;
7174}
7175
Emeric Brun645ae792014-04-30 14:21:06 +02007176/* string, returns the used cipher if front conn. transport layer is SSL.
7177 * This function is also usable on backend conn if the fetch keyword 5th
7178 * char is 'b'.
7179 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007180static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007181smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007182{
Emeric Bruneb8def92018-02-19 15:59:48 +01007183 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7184 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007185 struct ssl_sock_ctx *ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007186
Willy Tarreaube508f12016-03-10 11:47:01 +01007187 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007188 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007189 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007190 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007191
Olivier Houchard66ab4982019-02-26 18:37:15 +01007192 smp->data.u.str.area = (char *)SSL_get_cipher_name(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007193 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007194 return 0;
7195
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007196 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007197 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007198 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007199
7200 return 1;
7201}
7202
Emeric Brun645ae792014-04-30 14:21:06 +02007203/* integer, returns the algoritm's keysize if front conn. transport layer
7204 * is SSL.
7205 * This function is also usable on backend conn if the fetch keyword 5th
7206 * char is 'b'.
7207 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007208static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007209smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007210{
Emeric Bruneb8def92018-02-19 15:59:48 +01007211 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7212 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007213 struct ssl_sock_ctx *ctx;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007214 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01007215
Emeric Brun589fcad2012-10-16 14:13:26 +02007216 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007217 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007218 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007219 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007220
Olivier Houchard66ab4982019-02-26 18:37:15 +01007221 if (!SSL_get_cipher_bits(ctx->ssl, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007222 return 0;
7223
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007224 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007225 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007226
7227 return 1;
7228}
7229
Emeric Brun645ae792014-04-30 14:21:06 +02007230/* integer, returns the used keysize if front conn. transport layer is SSL.
7231 * This function is also usable on backend conn if the fetch keyword 5th
7232 * char is 'b'.
7233 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007234static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007235smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007236{
Emeric Bruneb8def92018-02-19 15:59:48 +01007237 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7238 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007239 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007240
Emeric Brun589fcad2012-10-16 14:13:26 +02007241 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007242 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7243 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007244 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007245
Olivier Houchard66ab4982019-02-26 18:37:15 +01007246 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(ctx->ssl, NULL);
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007247 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02007248 return 0;
7249
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007250 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007251
7252 return 1;
7253}
7254
Bernard Spil13c53f82018-02-15 13:34:58 +01007255#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau7875d092012-09-10 08:20:03 +02007256static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007257smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007258{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007259 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007260 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007261
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007262 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007263 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007264
Olivier Houchard6b77f492018-11-22 18:18:29 +01007265 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7266 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007267 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7268 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007269 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007270
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007271 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007272 SSL_get0_next_proto_negotiated(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007273 (const unsigned char **)&smp->data.u.str.area,
7274 (unsigned *)&smp->data.u.str.data);
Willy Tarreaua33c6542012-10-15 13:19:06 +02007275
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007276 if (!smp->data.u.str.area)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007277 return 0;
7278
7279 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007280}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007281#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02007282
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01007283#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02007284static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007285smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02007286{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007287 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007288 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007289
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007290 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007291 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02007292
Olivier Houchard6b77f492018-11-22 18:18:29 +01007293 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7294 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7295
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007296 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02007297 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007298 ctx = conn->xprt_ctx;
Willy Tarreauab861d32013-04-02 02:30:41 +02007299
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007300 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007301 SSL_get0_alpn_selected(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007302 (const unsigned char **)&smp->data.u.str.area,
7303 (unsigned *)&smp->data.u.str.data);
Willy Tarreauab861d32013-04-02 02:30:41 +02007304
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007305 if (!smp->data.u.str.area)
Willy Tarreauab861d32013-04-02 02:30:41 +02007306 return 0;
7307
7308 return 1;
7309}
7310#endif
7311
Emeric Brun645ae792014-04-30 14:21:06 +02007312/* string, returns the used protocol if front conn. transport layer is SSL.
7313 * This function is also usable on backend conn if the fetch keyword 5th
7314 * char is 'b'.
7315 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02007316static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007317smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007318{
Emeric Bruneb8def92018-02-19 15:59:48 +01007319 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7320 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007321 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007322
Emeric Brun589fcad2012-10-16 14:13:26 +02007323 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007324 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7325 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007326 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007327
Olivier Houchard66ab4982019-02-26 18:37:15 +01007328 smp->data.u.str.area = (char *)SSL_get_version(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007329 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007330 return 0;
7331
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007332 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007333 smp->flags = SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007334 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007335
7336 return 1;
7337}
7338
Willy Tarreau87b09662015-04-03 00:22:06 +02007339/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02007340 * This function is also usable on backend conn if the fetch keyword 5th
7341 * char is 'b'.
7342 */
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007343#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun589fcad2012-10-16 14:13:26 +02007344static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007345smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02007346{
Emeric Bruneb8def92018-02-19 15:59:48 +01007347 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7348 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007349 SSL_SESSION *ssl_sess;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007350 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007351
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007352 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007353 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02007354
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007355 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7356 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007357 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007358
Olivier Houchard66ab4982019-02-26 18:37:15 +01007359 ssl_sess = SSL_get_session(ctx->ssl);
Willy Tarreau192252e2015-04-04 01:47:55 +02007360 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02007361 return 0;
7362
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007363 smp->data.u.str.area = (char *)SSL_SESSION_get_id(ssl_sess,
7364 (unsigned int *)&smp->data.u.str.data);
7365 if (!smp->data.u.str.area || !smp->data.u.str.data)
Emeric Brunfe68f682012-10-16 14:59:28 +02007366 return 0;
7367
7368 return 1;
Emeric Brunfe68f682012-10-16 14:59:28 +02007369}
Patrick Hemmer41966772018-04-28 19:15:48 -04007370#endif
7371
Emeric Brunfe68f682012-10-16 14:59:28 +02007372
Emmanuel Hocdet839af572019-05-14 16:27:35 +02007373#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmere0275472018-04-28 19:15:51 -04007374static int
Patrick Hemmer65674662019-06-04 08:13:03 -04007375smp_fetch_ssl_fc_random(const struct arg *args, struct sample *smp, const char *kw, void *private)
7376{
7377 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7378 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7379 struct buffer *data;
7380 struct ssl_sock_ctx *ctx;
7381
7382 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7383 return 0;
7384 ctx = conn->xprt_ctx;
7385
7386 data = get_trash_chunk();
7387 if (kw[7] == 'c')
7388 data->data = SSL_get_client_random(ctx->ssl,
7389 (unsigned char *) data->area,
7390 data->size);
7391 else
7392 data->data = SSL_get_server_random(ctx->ssl,
7393 (unsigned char *) data->area,
7394 data->size);
7395 if (!data->data)
7396 return 0;
7397
7398 smp->flags = 0;
7399 smp->data.type = SMP_T_BIN;
7400 smp->data.u.str = *data;
7401
7402 return 1;
7403}
7404
7405static int
Patrick Hemmere0275472018-04-28 19:15:51 -04007406smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
7407{
7408 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7409 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7410 SSL_SESSION *ssl_sess;
Willy Tarreau83061a82018-07-13 11:56:34 +02007411 struct buffer *data;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007412 struct ssl_sock_ctx *ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04007413
7414 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7415 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007416 ctx = conn->xprt_ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04007417
Olivier Houchard66ab4982019-02-26 18:37:15 +01007418 ssl_sess = SSL_get_session(ctx->ssl);
Patrick Hemmere0275472018-04-28 19:15:51 -04007419 if (!ssl_sess)
7420 return 0;
7421
7422 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007423 data->data = SSL_SESSION_get_master_key(ssl_sess,
7424 (unsigned char *) data->area,
7425 data->size);
7426 if (!data->data)
Patrick Hemmere0275472018-04-28 19:15:51 -04007427 return 0;
7428
7429 smp->flags = 0;
7430 smp->data.type = SMP_T_BIN;
7431 smp->data.u.str = *data;
7432
7433 return 1;
7434}
7435#endif
7436
Patrick Hemmer41966772018-04-28 19:15:48 -04007437#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emeric Brunfe68f682012-10-16 14:59:28 +02007438static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007439smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007440{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007441 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007442 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007443
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007444 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007445 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02007446
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007447 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007448 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7449 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007450 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007451
Olivier Houchard66ab4982019-02-26 18:37:15 +01007452 smp->data.u.str.area = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007453 if (!smp->data.u.str.area)
Willy Tarreau3e394c92012-09-14 23:56:58 +02007454 return 0;
7455
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007456 smp->data.u.str.data = strlen(smp->data.u.str.area);
Willy Tarreau7875d092012-09-10 08:20:03 +02007457 return 1;
Willy Tarreau7875d092012-09-10 08:20:03 +02007458}
Patrick Hemmer41966772018-04-28 19:15:48 -04007459#endif
Willy Tarreau7875d092012-09-10 08:20:03 +02007460
David Sc1ad52e2014-04-08 18:48:47 -04007461static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007462smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
7463{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007464 struct connection *conn;
7465 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007466 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007467
7468 conn = objt_conn(smp->sess->origin);
7469 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7470 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007471 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007472
Olivier Houchard66ab4982019-02-26 18:37:15 +01007473 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007474 if (!capture)
7475 return 0;
7476
7477 smp->flags = SMP_F_CONST;
7478 smp->data.type = SMP_T_BIN;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007479 smp->data.u.str.area = capture->ciphersuite;
7480 smp->data.u.str.data = capture->ciphersuite_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007481 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007482}
7483
7484static int
7485smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
7486{
Willy Tarreau83061a82018-07-13 11:56:34 +02007487 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007488
7489 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7490 return 0;
7491
7492 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007493 dump_binary(data, smp->data.u.str.area, smp->data.u.str.data);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007494 smp->data.type = SMP_T_BIN;
7495 smp->data.u.str = *data;
7496 return 1;
7497}
7498
7499static int
7500smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
7501{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007502 struct connection *conn;
7503 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007504 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007505
7506 conn = objt_conn(smp->sess->origin);
7507 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7508 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007509 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007510
Olivier Houchard66ab4982019-02-26 18:37:15 +01007511 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007512 if (!capture)
7513 return 0;
7514
7515 smp->data.type = SMP_T_SINT;
7516 smp->data.u.sint = capture->xxh64;
7517 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007518}
7519
7520static int
7521smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
7522{
Willy Tarreau5db847a2019-05-09 14:13:35 +02007523#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL)
Willy Tarreau83061a82018-07-13 11:56:34 +02007524 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007525 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007526
7527 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7528 return 0;
7529
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007530 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007531 for (i = 0; i + 1 < smp->data.u.str.data; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007532 const char *str;
7533 const SSL_CIPHER *cipher;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007534 const unsigned char *bin = (const unsigned char *) smp->data.u.str.area + i;
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007535 uint16_t id = (bin[0] << 8) | bin[1];
7536#if defined(OPENSSL_IS_BORINGSSL)
7537 cipher = SSL_get_cipher_by_value(id);
7538#else
Willy Tarreaub7290772018-10-15 11:01:59 +02007539 struct connection *conn = __objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007540 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
7541 cipher = SSL_CIPHER_find(ctx->ssl, bin);
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007542#endif
7543 str = SSL_CIPHER_get_name(cipher);
7544 if (!str || strcmp(str, "(NONE)") == 0)
7545 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007546 else
7547 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
7548 }
7549 smp->data.type = SMP_T_STR;
7550 smp->data.u.str = *data;
7551 return 1;
7552#else
7553 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
7554#endif
7555}
7556
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007557#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007558static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007559smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04007560{
Emeric Bruneb8def92018-02-19 15:59:48 +01007561 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7562 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04007563 int finished_len;
Willy Tarreau83061a82018-07-13 11:56:34 +02007564 struct buffer *finished_trash;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007565 struct ssl_sock_ctx *ctx;
David Sc1ad52e2014-04-08 18:48:47 -04007566
7567 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04007568 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7569 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007570 ctx = conn->xprt_ctx;
David Sc1ad52e2014-04-08 18:48:47 -04007571
7572 if (!(conn->flags & CO_FL_CONNECTED)) {
7573 smp->flags |= SMP_F_MAY_CHANGE;
7574 return 0;
7575 }
7576
7577 finished_trash = get_trash_chunk();
Olivier Houchard66ab4982019-02-26 18:37:15 +01007578 if (!SSL_session_reused(ctx->ssl))
7579 finished_len = SSL_get_peer_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007580 finished_trash->area,
7581 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007582 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007583 finished_len = SSL_get_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007584 finished_trash->area,
7585 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007586
7587 if (!finished_len)
7588 return 0;
7589
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007590 finished_trash->data = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007591 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007592 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04007593
7594 return 1;
David Sc1ad52e2014-04-08 18:48:47 -04007595}
Patrick Hemmer41966772018-04-28 19:15:48 -04007596#endif
David Sc1ad52e2014-04-08 18:48:47 -04007597
Emeric Brun2525b6b2012-10-18 15:59:43 +02007598/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007599static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007600smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007601{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007602 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007603 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007604
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007605 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007606 if (!conn || conn->xprt != &ssl_sock)
7607 return 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007608 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007609
7610 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007611 smp->flags = SMP_F_MAY_CHANGE;
7612 return 0;
7613 }
7614
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007615 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007616 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007617 smp->flags = 0;
7618
7619 return 1;
7620}
7621
Emeric Brun2525b6b2012-10-18 15:59:43 +02007622/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007623static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007624smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007625{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007626 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007627 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007628
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007629 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007630 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02007631 return 0;
7632
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007633 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007634 smp->flags = SMP_F_MAY_CHANGE;
7635 return 0;
7636 }
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007637 ctx = conn->xprt_ctx;
Emeric Brunf282a812012-09-21 15:27:54 +02007638
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007639 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007640 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007641 smp->flags = 0;
7642
7643 return 1;
7644}
7645
Emeric Brun2525b6b2012-10-18 15:59:43 +02007646/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02007647static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007648smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007649{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007650 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007651 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007652
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007653 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007654 if (!conn || conn->xprt != &ssl_sock)
7655 return 0;
7656
7657 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007658 smp->flags = SMP_F_MAY_CHANGE;
7659 return 0;
7660 }
7661
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007662 ctx = conn->xprt_ctx;
7663
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007664 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007665 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007666 smp->flags = 0;
7667
7668 return 1;
7669}
7670
Emeric Brun2525b6b2012-10-18 15:59:43 +02007671/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007672static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007673smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007674{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007675 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007676 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007677
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007678 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007679 if (!conn || conn->xprt != &ssl_sock)
7680 return 0;
7681
7682 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007683 smp->flags = SMP_F_MAY_CHANGE;
7684 return 0;
7685 }
7686
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007687 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007688 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007689 ctx = conn->xprt_ctx;
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007690
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007691 smp->data.type = SMP_T_SINT;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007692 smp->data.u.sint = (long long int)SSL_get_verify_result(ctx->ssl);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007693 smp->flags = 0;
7694
7695 return 1;
7696}
7697
Emeric Brunfb510ea2012-10-05 12:00:26 +02007698/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007699static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007700{
7701 if (!*args[cur_arg + 1]) {
7702 if (err)
7703 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7704 return ERR_ALERT | ERR_FATAL;
7705 }
7706
Willy Tarreauef934602016-12-22 23:12:01 +01007707 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7708 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007709 else
7710 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007711
Emeric Brund94b3fe2012-09-20 18:23:56 +02007712 return 0;
7713}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007714static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7715{
7716 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
7717}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007718
Christopher Faulet31af49d2015-06-09 17:29:50 +02007719/* parse the "ca-sign-file" bind keyword */
7720static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7721{
7722 if (!*args[cur_arg + 1]) {
7723 if (err)
7724 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7725 return ERR_ALERT | ERR_FATAL;
7726 }
7727
Willy Tarreauef934602016-12-22 23:12:01 +01007728 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7729 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02007730 else
7731 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
7732
7733 return 0;
7734}
7735
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007736/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02007737static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7738{
7739 if (!*args[cur_arg + 1]) {
7740 if (err)
7741 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
7742 return ERR_ALERT | ERR_FATAL;
7743 }
7744 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
7745 return 0;
7746}
7747
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007748/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007749static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007750{
7751 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007752 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007753 return ERR_ALERT | ERR_FATAL;
7754 }
7755
Emeric Brun76d88952012-10-05 15:47:31 +02007756 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02007757 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007758 return 0;
7759}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007760static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7761{
7762 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
7763}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02007764
Emmanuel Hocdet839af572019-05-14 16:27:35 +02007765#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02007766/* parse the "ciphersuites" bind keyword */
7767static int ssl_bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7768{
7769 if (!*args[cur_arg + 1]) {
7770 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
7771 return ERR_ALERT | ERR_FATAL;
7772 }
7773
7774 free(conf->ciphersuites);
7775 conf->ciphersuites = strdup(args[cur_arg + 1]);
7776 return 0;
7777}
7778static int bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7779{
7780 return ssl_bind_parse_ciphersuites(args, cur_arg, px, &conf->ssl_conf, err);
7781}
7782#endif
7783
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007784/* parse the "crt" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007785static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007786{
Willy Tarreau38011032013-08-13 16:59:39 +02007787 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02007788
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007789 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007790 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007791 return ERR_ALERT | ERR_FATAL;
7792 }
7793
Willy Tarreauef934602016-12-22 23:12:01 +01007794 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
7795 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02007796 memprintf(err, "'%s' : path too long", args[cur_arg]);
7797 return ERR_ALERT | ERR_FATAL;
7798 }
Willy Tarreauef934602016-12-22 23:12:01 +01007799 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreau03209342016-12-22 17:08:28 +01007800 if (ssl_sock_load_cert(path, conf, err) > 0)
Emeric Brunc8e8d122012-10-02 18:42:10 +02007801 return ERR_ALERT | ERR_FATAL;
7802
7803 return 0;
7804 }
7805
Willy Tarreau03209342016-12-22 17:08:28 +01007806 if (ssl_sock_load_cert(args[cur_arg + 1], conf, err) > 0)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007807 return ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007808
7809 return 0;
7810}
7811
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007812/* parse the "crt-list" bind keyword */
7813static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7814{
7815 if (!*args[cur_arg + 1]) {
7816 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
7817 return ERR_ALERT | ERR_FATAL;
7818 }
7819
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007820 if (ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err) > 0) {
Willy Tarreauad1731d2013-04-02 17:35:58 +02007821 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007822 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02007823 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007824
7825 return 0;
7826}
7827
Emeric Brunfb510ea2012-10-05 12:00:26 +02007828/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007829static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007830{
Emeric Brun051cdab2012-10-02 19:25:50 +02007831#ifndef X509_V_FLAG_CRL_CHECK
7832 if (err)
7833 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
7834 return ERR_ALERT | ERR_FATAL;
7835#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02007836 if (!*args[cur_arg + 1]) {
7837 if (err)
7838 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
7839 return ERR_ALERT | ERR_FATAL;
7840 }
Emeric Brun2b58d042012-09-20 17:10:03 +02007841
Willy Tarreauef934602016-12-22 23:12:01 +01007842 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7843 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007844 else
7845 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007846
Emeric Brun2b58d042012-09-20 17:10:03 +02007847 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02007848#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02007849}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007850static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7851{
7852 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
7853}
Emeric Brun2b58d042012-09-20 17:10:03 +02007854
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007855/* parse the "curves" bind keyword keyword */
7856static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7857{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007858#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007859 if (!*args[cur_arg + 1]) {
7860 if (err)
7861 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
7862 return ERR_ALERT | ERR_FATAL;
7863 }
7864 conf->curves = strdup(args[cur_arg + 1]);
7865 return 0;
7866#else
7867 if (err)
7868 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
7869 return ERR_ALERT | ERR_FATAL;
7870#endif
7871}
7872static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7873{
7874 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
7875}
7876
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007877/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007878static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02007879{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007880#if HA_OPENSSL_VERSION_NUMBER < 0x0090800fL
Emeric Brun2b58d042012-09-20 17:10:03 +02007881 if (err)
7882 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
7883 return ERR_ALERT | ERR_FATAL;
7884#elif defined(OPENSSL_NO_ECDH)
7885 if (err)
7886 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
7887 return ERR_ALERT | ERR_FATAL;
7888#else
7889 if (!*args[cur_arg + 1]) {
7890 if (err)
7891 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
7892 return ERR_ALERT | ERR_FATAL;
7893 }
7894
7895 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007896
7897 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02007898#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007899}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007900static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7901{
7902 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
7903}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007904
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007905/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02007906static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7907{
7908 int code;
7909 char *p = args[cur_arg + 1];
7910 unsigned long long *ignerr = &conf->crt_ignerr;
7911
7912 if (!*p) {
7913 if (err)
7914 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
7915 return ERR_ALERT | ERR_FATAL;
7916 }
7917
7918 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
7919 ignerr = &conf->ca_ignerr;
7920
7921 if (strcmp(p, "all") == 0) {
7922 *ignerr = ~0ULL;
7923 return 0;
7924 }
7925
7926 while (p) {
7927 code = atoi(p);
7928 if ((code <= 0) || (code > 63)) {
7929 if (err)
7930 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
7931 args[cur_arg], code, args[cur_arg + 1]);
7932 return ERR_ALERT | ERR_FATAL;
7933 }
7934 *ignerr |= 1ULL << code;
7935 p = strchr(p, ',');
7936 if (p)
7937 p++;
7938 }
7939
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007940 return 0;
7941}
7942
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007943/* parse tls_method_options "no-xxx" and "force-xxx" */
7944static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007945{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007946 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007947 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007948 p = strchr(arg, '-');
7949 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007950 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007951 p++;
7952 if (!strcmp(p, "sslv3"))
7953 v = CONF_SSLV3;
7954 else if (!strcmp(p, "tlsv10"))
7955 v = CONF_TLSV10;
7956 else if (!strcmp(p, "tlsv11"))
7957 v = CONF_TLSV11;
7958 else if (!strcmp(p, "tlsv12"))
7959 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02007960 else if (!strcmp(p, "tlsv13"))
7961 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007962 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007963 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007964 if (!strncmp(arg, "no-", 3))
7965 methods->flags |= methodVersions[v].flag;
7966 else if (!strncmp(arg, "force-", 6))
7967 methods->min = methods->max = v;
7968 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007969 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007970 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007971 fail:
7972 if (err)
7973 memprintf(err, "'%s' : option not implemented", arg);
7974 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007975}
7976
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007977static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007978{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007979 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007980}
7981
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007982static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007983{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007984 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
7985}
7986
7987/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
7988static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
7989{
7990 uint16_t i, v = 0;
7991 char *argv = args[cur_arg + 1];
7992 if (!*argv) {
7993 if (err)
7994 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
7995 return ERR_ALERT | ERR_FATAL;
7996 }
7997 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
7998 if (!strcmp(argv, methodVersions[i].name))
7999 v = i;
8000 if (!v) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008001 if (err)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008002 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008003 return ERR_ALERT | ERR_FATAL;
8004 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008005 if (!strcmp("ssl-min-ver", args[cur_arg]))
8006 methods->min = v;
8007 else if (!strcmp("ssl-max-ver", args[cur_arg]))
8008 methods->max = v;
8009 else {
8010 if (err)
8011 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
8012 return ERR_ALERT | ERR_FATAL;
8013 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008014 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008015}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008016
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008017static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8018{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008019#if (HA_OPENSSL_VERSION_NUMBER < 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01008020 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008021#endif
8022 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
8023}
8024
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008025static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8026{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008027 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008028}
8029
8030static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8031{
8032 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
8033}
8034
Emeric Brun2d0c4822012-10-02 13:45:20 +02008035/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008036static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02008037{
Emeric Brun89675492012-10-05 13:48:26 +02008038 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02008039 return 0;
8040}
Emeric Brun2d0c4822012-10-02 13:45:20 +02008041
Olivier Houchardc2aae742017-09-22 18:26:28 +02008042/* parse the "allow-0rtt" bind keyword */
8043static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8044{
8045 conf->early_data = 1;
8046 return 0;
8047}
8048
8049static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8050{
Olivier Houchard9679ac92017-10-27 14:58:08 +02008051 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02008052 return 0;
8053}
8054
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008055/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008056static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008057{
Bernard Spil13c53f82018-02-15 13:34:58 +01008058#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008059 char *p1, *p2;
8060
8061 if (!*args[cur_arg + 1]) {
8062 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
8063 return ERR_ALERT | ERR_FATAL;
8064 }
8065
8066 free(conf->npn_str);
8067
Willy Tarreau3724da12016-02-12 17:11:12 +01008068 /* the NPN string is built as a suite of (<len> <name>)*,
8069 * so we reuse each comma to store the next <len> and need
8070 * one more for the end of the string.
8071 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008072 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01008073 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008074 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
8075
8076 /* replace commas with the name length */
8077 p1 = conf->npn_str;
8078 p2 = p1 + 1;
8079 while (1) {
8080 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
8081 if (!p2)
8082 p2 = p1 + 1 + strlen(p1 + 1);
8083
8084 if (p2 - (p1 + 1) > 255) {
8085 *p2 = '\0';
8086 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8087 return ERR_ALERT | ERR_FATAL;
8088 }
8089
8090 *p1 = p2 - (p1 + 1);
8091 p1 = p2;
8092
8093 if (!*p2)
8094 break;
8095
8096 *(p2++) = '\0';
8097 }
8098 return 0;
8099#else
8100 if (err)
8101 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
8102 return ERR_ALERT | ERR_FATAL;
8103#endif
8104}
8105
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008106static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8107{
8108 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
8109}
8110
Willy Tarreauab861d32013-04-02 02:30:41 +02008111/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008112static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02008113{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008114#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02008115 char *p1, *p2;
8116
8117 if (!*args[cur_arg + 1]) {
8118 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
8119 return ERR_ALERT | ERR_FATAL;
8120 }
8121
8122 free(conf->alpn_str);
8123
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008124 /* the ALPN string is built as a suite of (<len> <name>)*,
8125 * so we reuse each comma to store the next <len> and need
8126 * one more for the end of the string.
8127 */
Willy Tarreauab861d32013-04-02 02:30:41 +02008128 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008129 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02008130 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
8131
8132 /* replace commas with the name length */
8133 p1 = conf->alpn_str;
8134 p2 = p1 + 1;
8135 while (1) {
8136 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
8137 if (!p2)
8138 p2 = p1 + 1 + strlen(p1 + 1);
8139
8140 if (p2 - (p1 + 1) > 255) {
8141 *p2 = '\0';
8142 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8143 return ERR_ALERT | ERR_FATAL;
8144 }
8145
8146 *p1 = p2 - (p1 + 1);
8147 p1 = p2;
8148
8149 if (!*p2)
8150 break;
8151
8152 *(p2++) = '\0';
8153 }
8154 return 0;
8155#else
8156 if (err)
8157 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
8158 return ERR_ALERT | ERR_FATAL;
8159#endif
8160}
8161
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008162static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8163{
8164 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
8165}
8166
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008167/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02008168static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008169{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01008170 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02008171 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02008172
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008173 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
8174 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008175#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008176 if (global_ssl.listen_default_ciphersuites && !conf->ssl_conf.ciphersuites)
8177 conf->ssl_conf.ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
8178#endif
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008179 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008180 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
8181 if (!conf->ssl_conf.ssl_methods.min)
8182 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
8183 if (!conf->ssl_conf.ssl_methods.max)
8184 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02008185
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008186 return 0;
8187}
8188
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008189/* parse the "prefer-client-ciphers" bind keyword */
8190static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8191{
8192 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
8193 return 0;
8194}
8195
Christopher Faulet31af49d2015-06-09 17:29:50 +02008196/* parse the "generate-certificates" bind keyword */
8197static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8198{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008199#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02008200 conf->generate_certs = 1;
8201#else
8202 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
8203 err && *err ? *err : "");
8204#endif
8205 return 0;
8206}
8207
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008208/* parse the "strict-sni" bind keyword */
8209static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8210{
8211 conf->strict_sni = 1;
8212 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008213}
8214
8215/* parse the "tls-ticket-keys" bind keyword */
8216static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8217{
8218#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8219 FILE *f;
8220 int i = 0;
8221 char thisline[LINESIZE];
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008222 struct tls_keys_ref *keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008223
8224 if (!*args[cur_arg + 1]) {
8225 if (err)
8226 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
8227 return ERR_ALERT | ERR_FATAL;
8228 }
8229
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008230 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008231 if (keys_ref) {
8232 keys_ref->refcount++;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008233 conf->keys_ref = keys_ref;
8234 return 0;
8235 }
8236
Vincent Bernat02779b62016-04-03 13:48:43 +02008237 keys_ref = malloc(sizeof(*keys_ref));
Emeric Brun09852f72019-01-10 10:51:13 +01008238 if (!keys_ref) {
8239 if (err)
8240 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
8241 return ERR_ALERT | ERR_FATAL;
8242 }
8243
Emeric Brun9e754772019-01-10 17:51:55 +01008244 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(union tls_sess_key));
Emeric Brun09852f72019-01-10 10:51:13 +01008245 if (!keys_ref->tlskeys) {
8246 free(keys_ref);
8247 if (err)
8248 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
8249 return ERR_ALERT | ERR_FATAL;
8250 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008251
8252 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
Emeric Brun09852f72019-01-10 10:51:13 +01008253 free(keys_ref->tlskeys);
8254 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008255 if (err)
8256 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
8257 return ERR_ALERT | ERR_FATAL;
8258 }
8259
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008260 keys_ref->filename = strdup(args[cur_arg + 1]);
Emeric Brun09852f72019-01-10 10:51:13 +01008261 if (!keys_ref->filename) {
8262 free(keys_ref->tlskeys);
8263 free(keys_ref);
8264 if (err)
8265 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
8266 return ERR_ALERT | ERR_FATAL;
8267 }
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008268
Emeric Brun9e754772019-01-10 17:51:55 +01008269 keys_ref->key_size_bits = 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008270 while (fgets(thisline, sizeof(thisline), f) != NULL) {
8271 int len = strlen(thisline);
Emeric Brun9e754772019-01-10 17:51:55 +01008272 int dec_size;
8273
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008274 /* Strip newline characters from the end */
8275 if(thisline[len - 1] == '\n')
8276 thisline[--len] = 0;
8277
8278 if(thisline[len - 1] == '\r')
8279 thisline[--len] = 0;
8280
Emeric Brun9e754772019-01-10 17:51:55 +01008281 dec_size = base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(union tls_sess_key));
8282 if (dec_size < 0) {
Emeric Brun09852f72019-01-10 10:51:13 +01008283 free(keys_ref->filename);
8284 free(keys_ref->tlskeys);
8285 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008286 if (err)
8287 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
mildis16aa0152016-06-22 17:46:29 +02008288 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008289 return ERR_ALERT | ERR_FATAL;
8290 }
Emeric Brun9e754772019-01-10 17:51:55 +01008291 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_128))) {
8292 keys_ref->key_size_bits = 128;
8293 }
8294 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_256))) {
8295 keys_ref->key_size_bits = 256;
8296 }
8297 else if (((dec_size != sizeof(struct tls_sess_key_128)) && (dec_size != sizeof(struct tls_sess_key_256)))
8298 || ((dec_size == sizeof(struct tls_sess_key_128) && (keys_ref->key_size_bits != 128)))
8299 || ((dec_size == sizeof(struct tls_sess_key_256) && (keys_ref->key_size_bits != 256)))) {
8300 free(keys_ref->filename);
8301 free(keys_ref->tlskeys);
8302 free(keys_ref);
8303 if (err)
8304 memprintf(err, "'%s' : wrong sized key on line %d", args[cur_arg+1], i + 1);
8305 fclose(f);
8306 return ERR_ALERT | ERR_FATAL;
8307 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008308 i++;
8309 }
8310
8311 if (i < TLS_TICKETS_NO) {
Emeric Brun09852f72019-01-10 10:51:13 +01008312 free(keys_ref->filename);
8313 free(keys_ref->tlskeys);
8314 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008315 if (err)
8316 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
mildis16aa0152016-06-22 17:46:29 +02008317 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008318 return ERR_ALERT | ERR_FATAL;
8319 }
8320
8321 fclose(f);
8322
8323 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01008324 i -= 2;
8325 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008326 keys_ref->unique_id = -1;
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008327 keys_ref->refcount = 1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01008328 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008329 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008330
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008331 LIST_ADD(&tlskeys_reference, &keys_ref->list);
8332
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008333 return 0;
8334#else
8335 if (err)
8336 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
8337 return ERR_ALERT | ERR_FATAL;
8338#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008339}
8340
Emeric Brund94b3fe2012-09-20 18:23:56 +02008341/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008342static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008343{
8344 if (!*args[cur_arg + 1]) {
8345 if (err)
8346 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
8347 return ERR_ALERT | ERR_FATAL;
8348 }
8349
8350 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008351 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008352 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008353 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008354 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008355 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008356 else {
8357 if (err)
8358 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
8359 args[cur_arg], args[cur_arg + 1]);
8360 return ERR_ALERT | ERR_FATAL;
8361 }
8362
8363 return 0;
8364}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008365static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8366{
8367 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
8368}
Emeric Brund94b3fe2012-09-20 18:23:56 +02008369
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008370/* parse the "no-ca-names" bind keyword */
8371static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8372{
8373 conf->no_ca_names = 1;
8374 return 0;
8375}
8376static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8377{
8378 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
8379}
8380
Willy Tarreau92faadf2012-10-10 23:04:25 +02008381/************** "server" keywords ****************/
8382
Olivier Houchardc7566002018-11-20 23:33:50 +01008383/* parse the "npn" bind keyword */
8384static int srv_parse_npn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8385{
8386#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
8387 char *p1, *p2;
8388
8389 if (!*args[*cur_arg + 1]) {
8390 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[*cur_arg]);
8391 return ERR_ALERT | ERR_FATAL;
8392 }
8393
8394 free(newsrv->ssl_ctx.npn_str);
8395
8396 /* the NPN string is built as a suite of (<len> <name>)*,
8397 * so we reuse each comma to store the next <len> and need
8398 * one more for the end of the string.
8399 */
8400 newsrv->ssl_ctx.npn_len = strlen(args[*cur_arg + 1]) + 1;
8401 newsrv->ssl_ctx.npn_str = calloc(1, newsrv->ssl_ctx.npn_len + 1);
8402 memcpy(newsrv->ssl_ctx.npn_str + 1, args[*cur_arg + 1],
8403 newsrv->ssl_ctx.npn_len);
8404
8405 /* replace commas with the name length */
8406 p1 = newsrv->ssl_ctx.npn_str;
8407 p2 = p1 + 1;
8408 while (1) {
8409 p2 = memchr(p1 + 1, ',', newsrv->ssl_ctx.npn_str +
8410 newsrv->ssl_ctx.npn_len - (p1 + 1));
8411 if (!p2)
8412 p2 = p1 + 1 + strlen(p1 + 1);
8413
8414 if (p2 - (p1 + 1) > 255) {
8415 *p2 = '\0';
8416 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8417 return ERR_ALERT | ERR_FATAL;
8418 }
8419
8420 *p1 = p2 - (p1 + 1);
8421 p1 = p2;
8422
8423 if (!*p2)
8424 break;
8425
8426 *(p2++) = '\0';
8427 }
8428 return 0;
8429#else
8430 if (err)
8431 memprintf(err, "'%s' : library does not support TLS NPN extension", args[*cur_arg]);
8432 return ERR_ALERT | ERR_FATAL;
8433#endif
8434}
8435
Olivier Houchard92150142018-12-21 19:47:01 +01008436/* parse the "alpn" or the "check-alpn" server keyword */
Olivier Houchardc7566002018-11-20 23:33:50 +01008437static int srv_parse_alpn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8438{
8439#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
8440 char *p1, *p2;
Olivier Houchard92150142018-12-21 19:47:01 +01008441 char **alpn_str;
8442 int *alpn_len;
Olivier Houchardc7566002018-11-20 23:33:50 +01008443
Olivier Houchard92150142018-12-21 19:47:01 +01008444 if (*args[*cur_arg] == 'c') {
8445 alpn_str = &newsrv->check.alpn_str;
8446 alpn_len = &newsrv->check.alpn_len;
8447 } else {
8448 alpn_str = &newsrv->ssl_ctx.alpn_str;
8449 alpn_len = &newsrv->ssl_ctx.alpn_len;
8450
8451 }
Olivier Houchardc7566002018-11-20 23:33:50 +01008452 if (!*args[*cur_arg + 1]) {
8453 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[*cur_arg]);
8454 return ERR_ALERT | ERR_FATAL;
8455 }
8456
Olivier Houchard92150142018-12-21 19:47:01 +01008457 free(*alpn_str);
Olivier Houchardc7566002018-11-20 23:33:50 +01008458
8459 /* the ALPN string is built as a suite of (<len> <name>)*,
8460 * so we reuse each comma to store the next <len> and need
8461 * one more for the end of the string.
8462 */
Olivier Houchard92150142018-12-21 19:47:01 +01008463 *alpn_len = strlen(args[*cur_arg + 1]) + 1;
8464 *alpn_str = calloc(1, *alpn_len + 1);
8465 memcpy(*alpn_str + 1, args[*cur_arg + 1], *alpn_len);
Olivier Houchardc7566002018-11-20 23:33:50 +01008466
8467 /* replace commas with the name length */
Olivier Houchard92150142018-12-21 19:47:01 +01008468 p1 = *alpn_str;
Olivier Houchardc7566002018-11-20 23:33:50 +01008469 p2 = p1 + 1;
8470 while (1) {
Olivier Houchard92150142018-12-21 19:47:01 +01008471 p2 = memchr(p1 + 1, ',', *alpn_str + *alpn_len - (p1 + 1));
Olivier Houchardc7566002018-11-20 23:33:50 +01008472 if (!p2)
8473 p2 = p1 + 1 + strlen(p1 + 1);
8474
8475 if (p2 - (p1 + 1) > 255) {
8476 *p2 = '\0';
8477 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8478 return ERR_ALERT | ERR_FATAL;
8479 }
8480
8481 *p1 = p2 - (p1 + 1);
8482 p1 = p2;
8483
8484 if (!*p2)
8485 break;
8486
8487 *(p2++) = '\0';
8488 }
8489 return 0;
8490#else
8491 if (err)
8492 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[*cur_arg]);
8493 return ERR_ALERT | ERR_FATAL;
8494#endif
8495}
8496
Emeric Brunef42d922012-10-11 16:11:36 +02008497/* parse the "ca-file" server keyword */
8498static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8499{
8500 if (!*args[*cur_arg + 1]) {
8501 if (err)
8502 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
8503 return ERR_ALERT | ERR_FATAL;
8504 }
8505
Willy Tarreauef934602016-12-22 23:12:01 +01008506 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8507 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008508 else
8509 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
8510
8511 return 0;
8512}
8513
Olivier Houchard9130a962017-10-17 17:33:43 +02008514/* parse the "check-sni" server keyword */
8515static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8516{
8517 if (!*args[*cur_arg + 1]) {
8518 if (err)
8519 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
8520 return ERR_ALERT | ERR_FATAL;
8521 }
8522
8523 newsrv->check.sni = strdup(args[*cur_arg + 1]);
8524 if (!newsrv->check.sni) {
8525 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
8526 return ERR_ALERT | ERR_FATAL;
8527 }
8528 return 0;
8529
8530}
8531
Willy Tarreau92faadf2012-10-10 23:04:25 +02008532/* parse the "check-ssl" server keyword */
8533static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8534{
8535 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008536 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8537 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008538#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008539 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8540 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8541#endif
Willy Tarreauef934602016-12-22 23:12:01 +01008542 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008543 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
8544 if (!newsrv->ssl_ctx.methods.min)
8545 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
8546 if (!newsrv->ssl_ctx.methods.max)
8547 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
8548
Willy Tarreau92faadf2012-10-10 23:04:25 +02008549 return 0;
8550}
8551
8552/* parse the "ciphers" server keyword */
8553static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8554{
8555 if (!*args[*cur_arg + 1]) {
8556 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8557 return ERR_ALERT | ERR_FATAL;
8558 }
8559
8560 free(newsrv->ssl_ctx.ciphers);
8561 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
8562 return 0;
8563}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008564
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008565#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008566/* parse the "ciphersuites" server keyword */
8567static int srv_parse_ciphersuites(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8568{
8569 if (!*args[*cur_arg + 1]) {
8570 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8571 return ERR_ALERT | ERR_FATAL;
8572 }
8573
8574 free(newsrv->ssl_ctx.ciphersuites);
8575 newsrv->ssl_ctx.ciphersuites = strdup(args[*cur_arg + 1]);
8576 return 0;
8577}
8578#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02008579
Emeric Brunef42d922012-10-11 16:11:36 +02008580/* parse the "crl-file" server keyword */
8581static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8582{
8583#ifndef X509_V_FLAG_CRL_CHECK
8584 if (err)
8585 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
8586 return ERR_ALERT | ERR_FATAL;
8587#else
8588 if (!*args[*cur_arg + 1]) {
8589 if (err)
8590 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
8591 return ERR_ALERT | ERR_FATAL;
8592 }
8593
Willy Tarreauef934602016-12-22 23:12:01 +01008594 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8595 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008596 else
8597 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
8598
8599 return 0;
8600#endif
8601}
8602
Emeric Bruna7aa3092012-10-26 12:58:00 +02008603/* parse the "crt" server keyword */
8604static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8605{
8606 if (!*args[*cur_arg + 1]) {
8607 if (err)
8608 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
8609 return ERR_ALERT | ERR_FATAL;
8610 }
8611
Willy Tarreauef934602016-12-22 23:12:01 +01008612 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01008613 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02008614 else
8615 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
8616
8617 return 0;
8618}
Emeric Brunef42d922012-10-11 16:11:36 +02008619
Frédéric Lécaille340ae602017-03-13 10:38:04 +01008620/* parse the "no-check-ssl" server keyword */
8621static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8622{
8623 newsrv->check.use_ssl = 0;
8624 free(newsrv->ssl_ctx.ciphers);
8625 newsrv->ssl_ctx.ciphers = NULL;
8626 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
8627 return 0;
8628}
8629
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01008630/* parse the "no-send-proxy-v2-ssl" server keyword */
8631static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8632{
8633 newsrv->pp_opts &= ~SRV_PP_V2;
8634 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8635 return 0;
8636}
8637
8638/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
8639static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8640{
8641 newsrv->pp_opts &= ~SRV_PP_V2;
8642 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8643 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
8644 return 0;
8645}
8646
Frédéric Lécaillee381d762017-03-13 11:54:17 +01008647/* parse the "no-ssl" server keyword */
8648static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8649{
8650 newsrv->use_ssl = 0;
8651 free(newsrv->ssl_ctx.ciphers);
8652 newsrv->ssl_ctx.ciphers = NULL;
8653 return 0;
8654}
8655
Olivier Houchard522eea72017-11-03 16:27:47 +01008656/* parse the "allow-0rtt" server keyword */
8657static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8658{
8659 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
8660 return 0;
8661}
8662
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01008663/* parse the "no-ssl-reuse" server keyword */
8664static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8665{
8666 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
8667 return 0;
8668}
8669
Emeric Brunf9c5c472012-10-11 15:28:34 +02008670/* parse the "no-tls-tickets" server keyword */
8671static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8672{
8673 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
8674 return 0;
8675}
David Safb76832014-05-08 23:42:08 -04008676/* parse the "send-proxy-v2-ssl" server keyword */
8677static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8678{
8679 newsrv->pp_opts |= SRV_PP_V2;
8680 newsrv->pp_opts |= SRV_PP_V2_SSL;
8681 return 0;
8682}
8683
8684/* parse the "send-proxy-v2-ssl-cn" server keyword */
8685static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8686{
8687 newsrv->pp_opts |= SRV_PP_V2;
8688 newsrv->pp_opts |= SRV_PP_V2_SSL;
8689 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
8690 return 0;
8691}
Emeric Brunf9c5c472012-10-11 15:28:34 +02008692
Willy Tarreau732eac42015-07-09 11:40:25 +02008693/* parse the "sni" server keyword */
8694static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8695{
8696#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
8697 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
8698 return ERR_ALERT | ERR_FATAL;
8699#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008700 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02008701
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008702 arg = args[*cur_arg + 1];
8703 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02008704 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
8705 return ERR_ALERT | ERR_FATAL;
8706 }
8707
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008708 free(newsrv->sni_expr);
8709 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02008710
Willy Tarreau732eac42015-07-09 11:40:25 +02008711 return 0;
8712#endif
8713}
8714
Willy Tarreau92faadf2012-10-10 23:04:25 +02008715/* parse the "ssl" server keyword */
8716static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8717{
8718 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008719 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8720 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008721#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008722 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8723 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8724#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02008725 return 0;
8726}
8727
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008728/* parse the "ssl-reuse" server keyword */
8729static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8730{
8731 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
8732 return 0;
8733}
8734
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008735/* parse the "tls-tickets" server keyword */
8736static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8737{
8738 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
8739 return 0;
8740}
8741
Emeric Brunef42d922012-10-11 16:11:36 +02008742/* parse the "verify" server keyword */
8743static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8744{
8745 if (!*args[*cur_arg + 1]) {
8746 if (err)
8747 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
8748 return ERR_ALERT | ERR_FATAL;
8749 }
8750
8751 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008752 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02008753 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008754 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02008755 else {
8756 if (err)
8757 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
8758 args[*cur_arg], args[*cur_arg + 1]);
8759 return ERR_ALERT | ERR_FATAL;
8760 }
8761
Evan Broderbe554312013-06-27 00:05:25 -07008762 return 0;
8763}
8764
8765/* parse the "verifyhost" server keyword */
8766static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8767{
8768 if (!*args[*cur_arg + 1]) {
8769 if (err)
8770 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
8771 return ERR_ALERT | ERR_FATAL;
8772 }
8773
Frédéric Lécaille273f3212017-03-13 15:52:01 +01008774 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07008775 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
8776
Emeric Brunef42d922012-10-11 16:11:36 +02008777 return 0;
8778}
8779
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008780/* parse the "ssl-default-bind-options" keyword in global section */
8781static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
8782 struct proxy *defpx, const char *file, int line,
8783 char **err) {
8784 int i = 1;
8785
8786 if (*(args[i]) == 0) {
8787 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8788 return -1;
8789 }
8790 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008791 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008792 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008793 else if (!strcmp(args[i], "prefer-client-ciphers"))
8794 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008795 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8796 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
8797 i++;
8798 else {
8799 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8800 return -1;
8801 }
8802 }
8803 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008804 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8805 return -1;
8806 }
8807 i++;
8808 }
8809 return 0;
8810}
8811
8812/* parse the "ssl-default-server-options" keyword in global section */
8813static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
8814 struct proxy *defpx, const char *file, int line,
8815 char **err) {
8816 int i = 1;
8817
8818 if (*(args[i]) == 0) {
8819 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8820 return -1;
8821 }
8822 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008823 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008824 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008825 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8826 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
8827 i++;
8828 else {
8829 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8830 return -1;
8831 }
8832 }
8833 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008834 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8835 return -1;
8836 }
8837 i++;
8838 }
8839 return 0;
8840}
8841
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008842/* parse the "ca-base" / "crt-base" keywords in global section.
8843 * Returns <0 on alert, >0 on warning, 0 on success.
8844 */
8845static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
8846 struct proxy *defpx, const char *file, int line,
8847 char **err)
8848{
8849 char **target;
8850
Willy Tarreauef934602016-12-22 23:12:01 +01008851 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008852
8853 if (too_many_args(1, args, err, NULL))
8854 return -1;
8855
8856 if (*target) {
8857 memprintf(err, "'%s' already specified.", args[0]);
8858 return -1;
8859 }
8860
8861 if (*(args[1]) == 0) {
8862 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
8863 return -1;
8864 }
8865 *target = strdup(args[1]);
8866 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008867}
8868
8869/* parse the "ssl-mode-async" keyword in global section.
8870 * Returns <0 on alert, >0 on warning, 0 on success.
8871 */
8872static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
8873 struct proxy *defpx, const char *file, int line,
8874 char **err)
8875{
Willy Tarreau5db847a2019-05-09 14:13:35 +02008876#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008877 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01008878 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008879 return 0;
8880#else
8881 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
8882 return -1;
8883#endif
8884}
8885
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008886#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008887static int ssl_check_async_engine_count(void) {
8888 int err_code = 0;
8889
Emeric Brun3854e012017-05-17 20:42:48 +02008890 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01008891 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008892 err_code = ERR_ABORT;
8893 }
8894 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008895}
8896
Grant Zhang872f9c22017-01-21 01:10:18 +00008897/* parse the "ssl-engine" keyword in global section.
8898 * Returns <0 on alert, >0 on warning, 0 on success.
8899 */
8900static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
8901 struct proxy *defpx, const char *file, int line,
8902 char **err)
8903{
8904 char *algo;
8905 int ret = -1;
8906
8907 if (*(args[1]) == 0) {
8908 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
8909 return ret;
8910 }
8911
8912 if (*(args[2]) == 0) {
8913 /* if no list of algorithms is given, it defaults to ALL */
8914 algo = strdup("ALL");
8915 goto add_engine;
8916 }
8917
8918 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
8919 if (strcmp(args[2], "algo") != 0) {
8920 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
8921 return ret;
8922 }
8923
8924 if (*(args[3]) == 0) {
8925 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
8926 return ret;
8927 }
8928 algo = strdup(args[3]);
8929
8930add_engine:
8931 if (ssl_init_single_engine(args[1], algo)==0) {
8932 openssl_engines_initialized++;
8933 ret = 0;
8934 }
8935 free(algo);
8936 return ret;
8937}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008938#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00008939
Willy Tarreauf22e9682016-12-21 23:23:19 +01008940/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
8941 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
8942 */
8943static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
8944 struct proxy *defpx, const char *file, int line,
8945 char **err)
8946{
8947 char **target;
8948
Willy Tarreauef934602016-12-22 23:12:01 +01008949 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01008950
8951 if (too_many_args(1, args, err, NULL))
8952 return -1;
8953
8954 if (*(args[1]) == 0) {
8955 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
8956 return -1;
8957 }
8958
8959 free(*target);
8960 *target = strdup(args[1]);
8961 return 0;
8962}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008963
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008964#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008965/* parse the "ssl-default-bind-ciphersuites" / "ssl-default-server-ciphersuites" keywords
8966 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
8967 */
8968static int ssl_parse_global_ciphersuites(char **args, int section_type, struct proxy *curpx,
8969 struct proxy *defpx, const char *file, int line,
8970 char **err)
8971{
8972 char **target;
8973
8974 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphersuites : &global_ssl.connect_default_ciphersuites;
8975
8976 if (too_many_args(1, args, err, NULL))
8977 return -1;
8978
8979 if (*(args[1]) == 0) {
8980 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
8981 return -1;
8982 }
8983
8984 free(*target);
8985 *target = strdup(args[1]);
8986 return 0;
8987}
8988#endif
Willy Tarreauf22e9682016-12-21 23:23:19 +01008989
Willy Tarreau9ceda382016-12-21 23:13:03 +01008990/* parse various global tune.ssl settings consisting in positive integers.
8991 * Returns <0 on alert, >0 on warning, 0 on success.
8992 */
8993static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
8994 struct proxy *defpx, const char *file, int line,
8995 char **err)
8996{
8997 int *target;
8998
8999 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
9000 target = &global.tune.sslcachesize;
9001 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009002 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009003 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009004 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009005 else if (strcmp(args[0], "maxsslconn") == 0)
9006 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009007 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
9008 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009009 else {
9010 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
9011 return -1;
9012 }
9013
9014 if (too_many_args(1, args, err, NULL))
9015 return -1;
9016
9017 if (*(args[1]) == 0) {
9018 memprintf(err, "'%s' expects an integer argument.", args[0]);
9019 return -1;
9020 }
9021
9022 *target = atoi(args[1]);
9023 if (*target < 0) {
9024 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
9025 return -1;
9026 }
9027 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009028}
9029
9030static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
9031 struct proxy *defpx, const char *file, int line,
9032 char **err)
9033{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009034 int ret;
9035
9036 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
9037 if (ret != 0)
9038 return ret;
9039
Willy Tarreaubafbe012017-11-24 17:34:44 +01009040 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009041 memprintf(err, "'%s' is already configured.", args[0]);
9042 return -1;
9043 }
9044
Willy Tarreaubafbe012017-11-24 17:34:44 +01009045 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
9046 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009047 memprintf(err, "Out of memory error.");
9048 return -1;
9049 }
9050 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009051}
9052
9053/* parse "ssl.force-private-cache".
9054 * Returns <0 on alert, >0 on warning, 0 on success.
9055 */
9056static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
9057 struct proxy *defpx, const char *file, int line,
9058 char **err)
9059{
9060 if (too_many_args(0, args, err, NULL))
9061 return -1;
9062
Willy Tarreauef934602016-12-22 23:12:01 +01009063 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009064 return 0;
9065}
9066
9067/* parse "ssl.lifetime".
9068 * Returns <0 on alert, >0 on warning, 0 on success.
9069 */
9070static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
9071 struct proxy *defpx, const char *file, int line,
9072 char **err)
9073{
9074 const char *res;
9075
9076 if (too_many_args(1, args, err, NULL))
9077 return -1;
9078
9079 if (*(args[1]) == 0) {
9080 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
9081 return -1;
9082 }
9083
Willy Tarreauef934602016-12-22 23:12:01 +01009084 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9faebe32019-06-07 19:00:37 +02009085 if (res == PARSE_TIME_OVER) {
9086 memprintf(err, "timer overflow in argument '%s' to <%s> (maximum value is 2147483647 s or ~68 years).",
9087 args[1], args[0]);
9088 return -1;
9089 }
9090 else if (res == PARSE_TIME_UNDER) {
9091 memprintf(err, "timer underflow in argument '%s' to <%s> (minimum non-null value is 1 s).",
9092 args[1], args[0]);
9093 return -1;
9094 }
9095 else if (res) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009096 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
9097 return -1;
9098 }
9099 return 0;
9100}
9101
9102#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01009103/* parse "ssl-dh-param-file".
9104 * Returns <0 on alert, >0 on warning, 0 on success.
9105 */
9106static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
9107 struct proxy *defpx, const char *file, int line,
9108 char **err)
9109{
9110 if (too_many_args(1, args, err, NULL))
9111 return -1;
9112
9113 if (*(args[1]) == 0) {
9114 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
9115 return -1;
9116 }
9117
9118 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
9119 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
9120 return -1;
9121 }
9122 return 0;
9123}
9124
Willy Tarreau9ceda382016-12-21 23:13:03 +01009125/* parse "ssl.default-dh-param".
9126 * Returns <0 on alert, >0 on warning, 0 on success.
9127 */
9128static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
9129 struct proxy *defpx, const char *file, int line,
9130 char **err)
9131{
9132 if (too_many_args(1, args, err, NULL))
9133 return -1;
9134
9135 if (*(args[1]) == 0) {
9136 memprintf(err, "'%s' expects an integer argument.", args[0]);
9137 return -1;
9138 }
9139
Willy Tarreauef934602016-12-22 23:12:01 +01009140 global_ssl.default_dh_param = atoi(args[1]);
9141 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009142 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
9143 return -1;
9144 }
9145 return 0;
9146}
9147#endif
9148
9149
William Lallemand32af2032016-10-29 18:09:35 +02009150/* This function is used with TLS ticket keys management. It permits to browse
9151 * each reference. The variable <getnext> must contain the current node,
9152 * <end> point to the root node.
9153 */
9154#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9155static inline
9156struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
9157{
9158 struct tls_keys_ref *ref = getnext;
9159
9160 while (1) {
9161
9162 /* Get next list entry. */
9163 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
9164
9165 /* If the entry is the last of the list, return NULL. */
9166 if (&ref->list == end)
9167 return NULL;
9168
9169 return ref;
9170 }
9171}
9172
9173static inline
9174struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
9175{
9176 int id;
9177 char *error;
9178
9179 /* If the reference starts by a '#', this is numeric id. */
9180 if (reference[0] == '#') {
9181 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
9182 id = strtol(reference + 1, &error, 10);
9183 if (*error != '\0')
9184 return NULL;
9185
9186 /* Perform the unique id lookup. */
9187 return tlskeys_ref_lookupid(id);
9188 }
9189
9190 /* Perform the string lookup. */
9191 return tlskeys_ref_lookup(reference);
9192}
9193#endif
9194
9195
9196#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9197
9198static int cli_io_handler_tlskeys_files(struct appctx *appctx);
9199
9200static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
9201 return cli_io_handler_tlskeys_files(appctx);
9202}
9203
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009204/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
9205 * (next index to be dumped), and cli.p0 (next key reference).
9206 */
William Lallemand32af2032016-10-29 18:09:35 +02009207static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
9208
9209 struct stream_interface *si = appctx->owner;
9210
9211 switch (appctx->st2) {
9212 case STAT_ST_INIT:
9213 /* Display the column headers. If the message cannot be sent,
Joseph Herlant017b3da2018-11-15 09:07:59 -08009214 * quit the function with returning 0. The function is called
William Lallemand32af2032016-10-29 18:09:35 +02009215 * later and restart at the state "STAT_ST_INIT".
9216 */
9217 chunk_reset(&trash);
9218
9219 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
9220 chunk_appendf(&trash, "# id secret\n");
9221 else
9222 chunk_appendf(&trash, "# id (file)\n");
9223
Willy Tarreau06d80a92017-10-19 14:32:15 +02009224 if (ci_putchk(si_ic(si), &trash) == -1) {
Willy Tarreaudb398432018-11-15 11:08:52 +01009225 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009226 return 0;
9227 }
9228
William Lallemand32af2032016-10-29 18:09:35 +02009229 /* Now, we start the browsing of the references lists.
9230 * Note that the following call to LIST_ELEM return bad pointer. The only
9231 * available field of this pointer is <list>. It is used with the function
9232 * tlskeys_list_get_next() for retruning the first available entry
9233 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009234 if (appctx->ctx.cli.p0 == NULL) {
9235 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
9236 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009237 }
9238
9239 appctx->st2 = STAT_ST_LIST;
9240 /* fall through */
9241
9242 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009243 while (appctx->ctx.cli.p0) {
9244 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +02009245
9246 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009247 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +02009248 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009249
9250 if (appctx->ctx.cli.i1 == 0)
9251 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
9252
William Lallemand32af2032016-10-29 18:09:35 +02009253 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +01009254 int head;
9255
9256 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
9257 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009258 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
Willy Tarreau83061a82018-07-13 11:56:34 +02009259 struct buffer *t2 = get_trash_chunk();
William Lallemand32af2032016-10-29 18:09:35 +02009260
9261 chunk_reset(t2);
9262 /* should never fail here because we dump only a key in the t2 buffer */
Emeric Brun9e754772019-01-10 17:51:55 +01009263 if (ref->key_size_bits == 128) {
9264 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9265 sizeof(struct tls_sess_key_128),
9266 t2->area, t2->size);
9267 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9268 t2->area);
9269 }
9270 else if (ref->key_size_bits == 256) {
9271 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9272 sizeof(struct tls_sess_key_256),
9273 t2->area, t2->size);
9274 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9275 t2->area);
9276 }
9277 else {
9278 /* This case should never happen */
9279 chunk_appendf(&trash, "%d.%d <unknown>\n", ref->unique_id, appctx->ctx.cli.i1);
9280 }
William Lallemand32af2032016-10-29 18:09:35 +02009281
Willy Tarreau06d80a92017-10-19 14:32:15 +02009282 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009283 /* let's try again later from this stream. We add ourselves into
9284 * this stream's users so that it can remove us upon termination.
9285 */
Christopher Faulet16f45c82018-02-16 11:23:49 +01009286 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreaudb398432018-11-15 11:08:52 +01009287 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009288 return 0;
9289 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009290 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +02009291 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01009292 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009293 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009294 }
Willy Tarreau06d80a92017-10-19 14:32:15 +02009295 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009296 /* let's try again later from this stream. We add ourselves into
9297 * this stream's users so that it can remove us upon termination.
9298 */
Willy Tarreaudb398432018-11-15 11:08:52 +01009299 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009300 return 0;
9301 }
9302
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009303 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +02009304 break;
9305
9306 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009307 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009308 }
9309
9310 appctx->st2 = STAT_ST_FIN;
9311 /* fall through */
9312
9313 default:
9314 appctx->st2 = STAT_ST_FIN;
9315 return 1;
9316 }
9317 return 0;
9318}
9319
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009320/* sets cli.i0 to non-zero if only file lists should be dumped */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009321static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009322{
William Lallemand32af2032016-10-29 18:09:35 +02009323 /* no parameter, shows only file list */
9324 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009325 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009326 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009327 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009328 }
9329
9330 if (args[2][0] == '*') {
9331 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009332 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009333 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009334 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
9335 if (!appctx->ctx.cli.p0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009336 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009337 appctx->ctx.cli.msg = "'show tls-keys' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009338 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009339 return 1;
9340 }
9341 }
William Lallemand32af2032016-10-29 18:09:35 +02009342 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009343 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009344}
9345
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009346static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009347{
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009348 struct tls_keys_ref *ref;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009349 int ret;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009350
William Lallemand32af2032016-10-29 18:09:35 +02009351 /* Expect two parameters: the filename and the new new TLS key in encoding */
9352 if (!*args[3] || !*args[4]) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009353 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009354 appctx->ctx.cli.msg = "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009355 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009356 return 1;
9357 }
9358
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009359 ref = tlskeys_ref_lookup_ref(args[3]);
9360 if (!ref) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009361 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009362 appctx->ctx.cli.msg = "'set ssl tls-key' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009363 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009364 return 1;
9365 }
9366
Willy Tarreau1c913e42018-08-22 05:26:57 +02009367 ret = base64dec(args[4], strlen(args[4]), trash.area, trash.size);
Emeric Brun9e754772019-01-10 17:51:55 +01009368 if (ret < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009369 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009370 appctx->ctx.cli.msg = "'set ssl tls-key' received invalid base64 encoded TLS key.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009371 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009372 return 1;
9373 }
Emeric Brun9e754772019-01-10 17:51:55 +01009374
Willy Tarreau1c913e42018-08-22 05:26:57 +02009375 trash.data = ret;
Emeric Brun9e754772019-01-10 17:51:55 +01009376 if (ssl_sock_update_tlskey_ref(ref, &trash) < 0) {
9377 appctx->ctx.cli.severity = LOG_ERR;
9378 appctx->ctx.cli.msg = "'set ssl tls-key' received a key of wrong size.\n";
9379 appctx->st0 = CLI_ST_PRINT;
9380 return 1;
9381 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009382 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01009383 appctx->ctx.cli.msg = "TLS ticket key updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009384 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009385 return 1;
9386
9387}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009388#endif
William Lallemand32af2032016-10-29 18:09:35 +02009389
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009390static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009391{
9392#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
9393 char *err = NULL;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009394 int i, j, ret;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009395
9396 if (!payload)
9397 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +02009398
9399 /* Expect one parameter: the new response in base64 encoding */
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009400 if (!*payload) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009401 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009402 appctx->ctx.cli.msg = "'set ssl ocsp-response' expects response in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009403 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009404 return 1;
9405 }
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009406
9407 /* remove \r and \n from the payload */
9408 for (i = 0, j = 0; payload[i]; i++) {
9409 if (payload[i] == '\r' || payload[i] == '\n')
9410 continue;
9411 payload[j++] = payload[i];
9412 }
9413 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009414
Willy Tarreau1c913e42018-08-22 05:26:57 +02009415 ret = base64dec(payload, j, trash.area, trash.size);
9416 if (ret < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009417 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009418 appctx->ctx.cli.msg = "'set ssl ocsp-response' received invalid base64 encoded response.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009419 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009420 return 1;
9421 }
9422
Willy Tarreau1c913e42018-08-22 05:26:57 +02009423 trash.data = ret;
William Lallemand32af2032016-10-29 18:09:35 +02009424 if (ssl_sock_update_ocsp_response(&trash, &err)) {
9425 if (err) {
9426 memprintf(&err, "%s.\n", err);
9427 appctx->ctx.cli.err = err;
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009428 appctx->st0 = CLI_ST_PRINT_FREE;
William Lallemand32af2032016-10-29 18:09:35 +02009429 }
Aurélien Nephtali9a4da682018-04-16 19:02:42 +02009430 else {
9431 appctx->ctx.cli.severity = LOG_ERR;
9432 appctx->ctx.cli.msg = "Failed to update OCSP response.\n";
9433 appctx->st0 = CLI_ST_PRINT;
9434 }
William Lallemand32af2032016-10-29 18:09:35 +02009435 return 1;
9436 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009437 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01009438 appctx->ctx.cli.msg = "OCSP Response updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009439 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009440 return 1;
9441#else
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009442 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009443 appctx->ctx.cli.msg = "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009444 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009445 return 1;
9446#endif
9447
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009448}
9449
Willy Tarreau86a394e2019-05-09 14:15:32 +02009450#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009451static inline int sample_conv_var2smp_str(const struct arg *arg, struct sample *smp)
9452{
9453 switch (arg->type) {
9454 case ARGT_STR:
9455 smp->data.type = SMP_T_STR;
9456 smp->data.u.str = arg->data.str;
9457 return 1;
9458 case ARGT_VAR:
9459 if (!vars_get_by_desc(&arg->data.var, smp))
9460 return 0;
9461 if (!sample_casts[smp->data.type][SMP_T_STR])
9462 return 0;
9463 if (!sample_casts[smp->data.type][SMP_T_STR](smp))
9464 return 0;
9465 return 1;
9466 default:
9467 return 0;
9468 }
9469}
9470
9471static int check_aes_gcm(struct arg *args, struct sample_conv *conv,
9472 const char *file, int line, char **err)
9473{
9474 switch(args[0].data.sint) {
9475 case 128:
9476 case 192:
9477 case 256:
9478 break;
9479 default:
9480 memprintf(err, "key size must be 128, 192 or 256 (bits).");
9481 return 0;
9482 }
9483 /* Try to decode a variable. */
9484 vars_check_arg(&args[1], NULL);
9485 vars_check_arg(&args[2], NULL);
9486 vars_check_arg(&args[3], NULL);
9487 return 1;
9488}
9489
9490/* Arguements: AES size in bits, nonce, key, tag. The last three arguments are base64 encoded */
9491static int sample_conv_aes_gcm_dec(const struct arg *arg_p, struct sample *smp, void *private)
9492{
9493 struct sample nonce, key, aead_tag;
9494 struct buffer *smp_trash, *smp_trash_alloc;
9495 EVP_CIPHER_CTX *ctx;
9496 int dec_size, ret;
9497
9498 smp_set_owner(&nonce, smp->px, smp->sess, smp->strm, smp->opt);
9499 if (!sample_conv_var2smp_str(&arg_p[1], &nonce))
9500 return 0;
9501
9502 smp_set_owner(&key, smp->px, smp->sess, smp->strm, smp->opt);
9503 if (!sample_conv_var2smp_str(&arg_p[2], &key))
9504 return 0;
9505
9506 smp_set_owner(&aead_tag, smp->px, smp->sess, smp->strm, smp->opt);
9507 if (!sample_conv_var2smp_str(&arg_p[3], &aead_tag))
9508 return 0;
9509
9510 smp_trash = get_trash_chunk();
9511 smp_trash_alloc = alloc_trash_chunk();
9512 if (!smp_trash_alloc)
9513 return 0;
9514
9515 ctx = EVP_CIPHER_CTX_new();
9516
9517 if (!ctx)
9518 goto err;
9519
9520 dec_size = base64dec(nonce.data.u.str.area, nonce.data.u.str.data, smp_trash->area, smp_trash->size);
9521 if (dec_size < 0)
9522 goto err;
9523 smp_trash->data = dec_size;
9524
9525 /* Set cipher type and mode */
9526 switch(arg_p[0].data.sint) {
9527 case 128:
9528 EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
9529 break;
9530 case 192:
9531 EVP_DecryptInit_ex(ctx, EVP_aes_192_gcm(), NULL, NULL, NULL);
9532 break;
9533 case 256:
9534 EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
9535 break;
9536 }
9537
9538 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, smp_trash->data, NULL);
9539
9540 /* Initialise IV */
9541 if(!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, (unsigned char *) smp_trash->area))
9542 goto err;
9543
9544 dec_size = base64dec(key.data.u.str.area, key.data.u.str.data, smp_trash->area, smp_trash->size);
9545 if (dec_size < 0)
9546 goto err;
9547 smp_trash->data = dec_size;
9548
9549 /* Initialise key */
9550 if (!EVP_DecryptInit_ex(ctx, NULL, NULL, (unsigned char *) smp_trash->area, NULL))
9551 goto err;
9552
9553 if (!EVP_DecryptUpdate(ctx, (unsigned char *) smp_trash->area, (int *) &smp_trash->data,
9554 (unsigned char *) smp->data.u.str.area, (int) smp->data.u.str.data))
9555 goto err;
9556
9557 dec_size = base64dec(aead_tag.data.u.str.area, aead_tag.data.u.str.data, smp_trash_alloc->area, smp_trash_alloc->size);
9558 if (dec_size < 0)
9559 goto err;
9560 smp_trash_alloc->data = dec_size;
9561 dec_size = smp_trash->data;
9562
9563 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, smp_trash_alloc->data, (void *) smp_trash_alloc->area);
9564 ret = EVP_DecryptFinal_ex(ctx, (unsigned char *) smp_trash->area + smp_trash->data, (int *) &smp_trash->data);
9565
9566 if (ret <= 0)
9567 goto err;
9568
9569 smp->data.u.str.data = dec_size + smp_trash->data;
9570 smp->data.u.str.area = smp_trash->area;
9571 smp->data.type = SMP_T_BIN;
9572 smp->flags &= ~SMP_F_CONST;
9573 free_trash_chunk(smp_trash_alloc);
9574 return 1;
9575
9576err:
9577 free_trash_chunk(smp_trash_alloc);
9578 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009579}
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009580# endif
William Lallemand32af2032016-10-29 18:09:35 +02009581
9582/* register cli keywords */
9583static struct cli_kw_list cli_kws = {{ },{
9584#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9585 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +02009586 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009587#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009588 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009589 { { NULL }, NULL, NULL, NULL }
9590}};
9591
Willy Tarreau0108d902018-11-25 19:14:37 +01009592INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);
William Lallemand32af2032016-10-29 18:09:35 +02009593
Willy Tarreau7875d092012-09-10 08:20:03 +02009594/* Note: must not be declared <const> as its list will be overwritten.
9595 * Please take care of keeping this list alphabetically sorted.
9596 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009597static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +02009598 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009599 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009600#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Jérôme Magnine064a802018-12-03 22:21:04 +01009601 { "ssl_bc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009602#endif
Emeric Brun645ae792014-04-30 14:21:06 +02009603 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009604#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
9605 { "ssl_bc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
9606#endif
Emeric Brun74f7ffa2018-02-19 16:14:12 +01009607 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02009608 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +02009609 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009610 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009611#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +02009612 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04009613#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009614#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -04009615 { "ssl_bc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
9616 { "ssl_bc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmere0275472018-04-28 19:15:51 -04009617 { "ssl_bc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
9618#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009619 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9620 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009621 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009622 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009623 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9624 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9625 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9626 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9627 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9628 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9629 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9630 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009631 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009632 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9633 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009634 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009635 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9636 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9637 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9638 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9639 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9640 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9641 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +02009642 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009643 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009644 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009645 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009646 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009647 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009648 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009649 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02009650 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Bernard Spil13c53f82018-02-15 13:34:58 +01009651#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009652 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +02009653#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01009654#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009655 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +02009656#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009657 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009658#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brunb73a9b02014-04-30 18:49:19 +02009659 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009660#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009661 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009662#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009663 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009664#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009665#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -04009666 { "ssl_fc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9667 { "ssl_fc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmere0275472018-04-28 19:15:51 -04009668 { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9669#endif
Patrick Hemmer41966772018-04-28 19:15:48 -04009670#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009671 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009672#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009673 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9674 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9675 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9676 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +02009677 { NULL, NULL, 0, 0, 0 },
9678}};
9679
Willy Tarreau0108d902018-11-25 19:14:37 +01009680INITCALL1(STG_REGISTER, sample_register_fetches, &sample_fetch_keywords);
9681
Willy Tarreau7875d092012-09-10 08:20:03 +02009682/* Note: must not be declared <const> as its list will be overwritten.
9683 * Please take care of keeping this list alphabetically sorted.
9684 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009685static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +01009686 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
9687 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +01009688 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +02009689}};
9690
Willy Tarreau0108d902018-11-25 19:14:37 +01009691INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
9692
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009693/* Note: must not be declared <const> as its list will be overwritten.
9694 * Please take care of keeping this list alphabetically sorted, doing so helps
9695 * all code contributors.
9696 * Optional keywords are also declared with a NULL ->parse() function so that
9697 * the config parser can report an appropriate error when a known keyword was
9698 * not enabled.
9699 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009700static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009701 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009702 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9703 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9704 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009705#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009706 { "ciphersuites", ssl_bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9707#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009708 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01009709 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009710 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009711 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009712 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02009713 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
9714 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009715 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
9716 { NULL, NULL, 0 },
9717};
9718
Willy Tarreau0108d902018-11-25 19:14:37 +01009719/* no initcall for ssl_bind_kws, these ones are parsed in the parser loop */
9720
Willy Tarreau51fb7652012-09-18 18:24:39 +02009721static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009722 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009723 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9724 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9725 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
9726 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
9727 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
9728 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009729#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009730 { "ciphersuites", bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9731#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009732 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
9733 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
9734 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
9735 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
9736 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
9737 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
9738 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
9739 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
9740 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
9741 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009742 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009743 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009744 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009745 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
9746 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
9747 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
9748 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009749 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009750 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
9751 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009752 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
9753 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009754 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
9755 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
9756 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
9757 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
9758 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009759 { NULL, NULL, 0 },
9760}};
Emeric Brun46591952012-05-18 15:47:34 +02009761
Willy Tarreau0108d902018-11-25 19:14:37 +01009762INITCALL1(STG_REGISTER, bind_register_keywords, &bind_kws);
9763
Willy Tarreau92faadf2012-10-10 23:04:25 +02009764/* Note: must not be declared <const> as its list will be overwritten.
9765 * Please take care of keeping this list alphabetically sorted, doing so helps
9766 * all code contributors.
9767 * Optional keywords are also declared with a NULL ->parse() function so that
9768 * the config parser can report an appropriate error when a known keyword was
9769 * not enabled.
9770 */
9771static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +01009772 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Olivier Houchardc7566002018-11-20 23:33:50 +01009773 { "alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009774 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard92150142018-12-21 19:47:01 +01009775 { "check-alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN used for checks */
Olivier Houchard9130a962017-10-17 17:33:43 +02009776 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009777 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
9778 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009779#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009780 { "ciphersuites", srv_parse_ciphersuites, 1, 1 }, /* select the cipher suite */
9781#endif
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009782 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
9783 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
9784 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
9785 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
9786 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
9787 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
9788 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
9789 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
9790 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
9791 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
9792 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
9793 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
9794 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
9795 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
9796 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
9797 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
9798 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
9799 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
Olivier Houchardc7566002018-11-20 23:33:50 +01009800 { "npn", srv_parse_npn, 1, 1 }, /* Set NPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009801 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
9802 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
9803 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
9804 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
9805 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
9806 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
9807 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
9808 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
9809 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
9810 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +02009811 { NULL, NULL, 0, 0 },
9812}};
9813
Willy Tarreau0108d902018-11-25 19:14:37 +01009814INITCALL1(STG_REGISTER, srv_register_keywords, &srv_kws);
9815
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009816static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009817 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
9818 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009819 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009820 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
9821 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +01009822#ifndef OPENSSL_NO_DH
9823 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
9824#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009825 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009826#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009827 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009828#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +01009829 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
9830#ifndef OPENSSL_NO_DH
9831 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
9832#endif
9833 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
9834 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
9835 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
9836 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009837 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +01009838 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
9839 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009840#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009841 { CFG_GLOBAL, "ssl-default-bind-ciphersuites", ssl_parse_global_ciphersuites },
9842 { CFG_GLOBAL, "ssl-default-server-ciphersuites", ssl_parse_global_ciphersuites },
9843#endif
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009844 { 0, NULL, NULL },
9845}};
9846
Willy Tarreau0108d902018-11-25 19:14:37 +01009847INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws);
9848
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009849/* Note: must not be declared <const> as its list will be overwritten */
9850static struct sample_conv_kw_list conv_kws = {ILH, {
Willy Tarreau86a394e2019-05-09 14:15:32 +02009851#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009852 { "aes_gcm_dec", sample_conv_aes_gcm_dec, ARG4(4,SINT,STR,STR,STR), check_aes_gcm, SMP_T_BIN, SMP_T_BIN },
9853#endif
9854 { NULL, NULL, 0, 0, 0 },
9855}};
9856
9857INITCALL1(STG_REGISTER, sample_register_convs, &conv_kws);
9858
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02009859/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +01009860static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +02009861 .snd_buf = ssl_sock_from_buf,
9862 .rcv_buf = ssl_sock_to_buf,
Olivier Houcharddf357842019-03-21 16:30:07 +01009863 .subscribe = ssl_subscribe,
9864 .unsubscribe = ssl_unsubscribe,
Olivier Houchard5149b592019-05-23 17:47:36 +02009865 .remove_xprt = ssl_remove_xprt,
Olivier Houchard2e055482019-05-27 19:50:12 +02009866 .add_xprt = ssl_add_xprt,
Emeric Brun46591952012-05-18 15:47:34 +02009867 .rcv_pipe = NULL,
9868 .snd_pipe = NULL,
9869 .shutr = NULL,
9870 .shutw = ssl_sock_shutw,
9871 .close = ssl_sock_close,
9872 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +01009873 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +01009874 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +01009875 .prepare_srv = ssl_sock_prepare_srv_ctx,
9876 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +01009877 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +01009878 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +02009879};
9880
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009881enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
9882 struct session *sess, struct stream *s, int flags)
9883{
9884 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009885 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009886
9887 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009888 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009889
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009890 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009891 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009892 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009893 s->req.flags |= CF_READ_NULL;
9894 return ACT_RET_YIELD;
9895 }
9896 }
9897 return (ACT_RET_CONT);
9898}
9899
9900static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
9901{
9902 rule->action_ptr = ssl_action_wait_for_hs;
9903
9904 return ACT_RET_PRS_OK;
9905}
9906
9907static struct action_kw_list http_req_actions = {ILH, {
9908 { "wait-for-handshake", ssl_parse_wait_for_hs },
9909 { /* END */ }
9910}};
9911
Willy Tarreau0108d902018-11-25 19:14:37 +01009912INITCALL1(STG_REGISTER, http_req_keywords_register, &http_req_actions);
9913
Willy Tarreau5db847a2019-05-09 14:13:35 +02009914#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009915
9916static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
9917{
9918 if (ptr) {
9919 chunk_destroy(ptr);
9920 free(ptr);
9921 }
9922}
9923
9924#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01009925static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
9926{
Willy Tarreaubafbe012017-11-24 17:34:44 +01009927 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01009928}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009929
Emeric Brun46591952012-05-18 15:47:34 +02009930__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +02009931static void __ssl_sock_init(void)
9932{
Ilya Shipitsin0590f442019-05-25 19:30:50 +05009933#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +02009934 STACK_OF(SSL_COMP)* cm;
Ilya Shipitsine242f3d2019-05-25 03:38:14 +05009935 int n;
Ilya Shipitsin0590f442019-05-25 19:30:50 +05009936#endif
Emeric Brun46591952012-05-18 15:47:34 +02009937
Willy Tarreauef934602016-12-22 23:12:01 +01009938 if (global_ssl.listen_default_ciphers)
9939 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
9940 if (global_ssl.connect_default_ciphers)
9941 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009942#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009943 if (global_ssl.listen_default_ciphersuites)
9944 global_ssl.listen_default_ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
9945 if (global_ssl.connect_default_ciphersuites)
9946 global_ssl.connect_default_ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
9947#endif
Willy Tarreau610f04b2014-02-13 11:36:41 +01009948
Willy Tarreau13e14102016-12-22 20:25:26 +01009949 xprt_register(XPRT_SSL, &ssl_sock);
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009950#if HA_OPENSSL_VERSION_NUMBER < 0x10100000L
Emeric Brun46591952012-05-18 15:47:34 +02009951 SSL_library_init();
Rosen Penev68185952018-12-14 08:47:02 -08009952#endif
Ilya Shipitsin0590f442019-05-25 19:30:50 +05009953#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +02009954 cm = SSL_COMP_get_compression_methods();
Ilya Shipitsine242f3d2019-05-25 03:38:14 +05009955 n = sk_SSL_COMP_num(cm);
9956 while (n--) {
9957 (void) sk_SSL_COMP_pop(cm);
9958 }
Ilya Shipitsin0590f442019-05-25 19:30:50 +05009959#endif
Ilya Shipitsine242f3d2019-05-25 03:38:14 +05009960
Willy Tarreau5db847a2019-05-09 14:13:35 +02009961#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Emeric Brun821bb9b2017-06-15 16:37:39 +02009962 ssl_locking_init();
9963#endif
Willy Tarreau5db847a2019-05-09 14:13:35 +02009964#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009965 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
9966#endif
Thierry FOURNIER28962c92018-06-17 21:37:05 +02009967 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +02009968 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01009969 ssl_pkey_info_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009970#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009971 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009972 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009973#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +01009974#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9975 hap_register_post_check(tlskeys_finalize_config);
9976#endif
Willy Tarreau80713382018-11-26 10:19:54 +01009977
9978 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
9979 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
9980
9981#ifndef OPENSSL_NO_DH
9982 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
9983 hap_register_post_deinit(ssl_free_dh);
9984#endif
9985#ifndef OPENSSL_NO_ENGINE
9986 hap_register_post_deinit(ssl_free_engines);
9987#endif
9988 /* Load SSL string for the verbose & debug mode. */
9989 ERR_load_SSL_strings();
Olivier Houcharda8955d52019-04-07 22:00:38 +02009990 ha_meth = BIO_meth_new(0x666, "ha methods");
9991 BIO_meth_set_write(ha_meth, ha_ssl_write);
9992 BIO_meth_set_read(ha_meth, ha_ssl_read);
9993 BIO_meth_set_ctrl(ha_meth, ha_ssl_ctrl);
9994 BIO_meth_set_create(ha_meth, ha_ssl_new);
9995 BIO_meth_set_destroy(ha_meth, ha_ssl_free);
9996 BIO_meth_set_puts(ha_meth, ha_ssl_puts);
9997 BIO_meth_set_gets(ha_meth, ha_ssl_gets);
Willy Tarreau80713382018-11-26 10:19:54 +01009998}
Willy Tarreaud92aa5c2015-01-15 21:34:39 +01009999
Willy Tarreau80713382018-11-26 10:19:54 +010010000/* Compute and register the version string */
10001static void ssl_register_build_options()
10002{
10003 char *ptr = NULL;
10004 int i;
10005
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010006 memprintf(&ptr, "Built with OpenSSL version : "
10007#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010010008 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010009#else /* OPENSSL_IS_BORINGSSL */
10010 OPENSSL_VERSION_TEXT
10011 "\nRunning on OpenSSL version : %s%s",
Rosen Penev68185952018-12-14 08:47:02 -080010012 OpenSSL_version(OPENSSL_VERSION),
Willy Tarreau1d158ab2019-05-09 13:41:45 +020010013 ((OPENSSL_VERSION_NUMBER ^ OpenSSL_version_num()) >> 8) ? " (VERSIONS DIFFER!)" : "");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010014#endif
10015 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010016#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010017 "no (library version too old)"
10018#elif defined(OPENSSL_NO_TLSEXT)
10019 "no (disabled via OPENSSL_NO_TLSEXT)"
10020#else
10021 "yes"
10022#endif
10023 "", ptr);
10024
10025 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
10026#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
10027 "yes"
10028#else
10029#ifdef OPENSSL_NO_TLSEXT
10030 "no (because of OPENSSL_NO_TLSEXT)"
10031#else
10032 "no (version might be too old, 0.9.8f min needed)"
10033#endif
10034#endif
10035 "", ptr);
10036
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +020010037 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
10038 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
10039 if (methodVersions[i].option)
10040 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010010041
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010042 hap_register_build_opts(ptr, 1);
Willy Tarreau80713382018-11-26 10:19:54 +010010043}
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010044
Willy Tarreau80713382018-11-26 10:19:54 +010010045INITCALL0(STG_REGISTER, ssl_register_build_options);
Remi Gacogne4f902b82015-05-28 16:23:00 +020010046
Emeric Brun46591952012-05-18 15:47:34 +020010047
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010048#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000010049void ssl_free_engines(void) {
10050 struct ssl_engine_list *wl, *wlb;
10051 /* free up engine list */
10052 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
10053 ENGINE_finish(wl->e);
10054 ENGINE_free(wl->e);
10055 LIST_DEL(&wl->list);
10056 free(wl);
10057 }
10058}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010059#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +020010060
Remi Gacogned3a23c32015-05-28 16:39:47 +020010061#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +000010062void ssl_free_dh(void) {
10063 if (local_dh_1024) {
10064 DH_free(local_dh_1024);
10065 local_dh_1024 = NULL;
10066 }
10067 if (local_dh_2048) {
10068 DH_free(local_dh_2048);
10069 local_dh_2048 = NULL;
10070 }
10071 if (local_dh_4096) {
10072 DH_free(local_dh_4096);
10073 local_dh_4096 = NULL;
10074 }
Remi Gacogne47783ef2015-05-29 15:53:22 +020010075 if (global_dh) {
10076 DH_free(global_dh);
10077 global_dh = NULL;
10078 }
Grant Zhang872f9c22017-01-21 01:10:18 +000010079}
10080#endif
10081
10082__attribute__((destructor))
10083static void __ssl_sock_deinit(void)
10084{
10085#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +020010086 if (ssl_ctx_lru_tree) {
10087 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +010010088 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +020010089 }
Remi Gacogned3a23c32015-05-28 16:39:47 +020010090#endif
10091
Willy Tarreau5db847a2019-05-09 14:13:35 +020010092#if (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020010093 ERR_remove_state(0);
10094 ERR_free_strings();
10095
10096 EVP_cleanup();
Rosen Penev68185952018-12-14 08:47:02 -080010097#endif
Remi Gacogned3a23c32015-05-28 16:39:47 +020010098
Willy Tarreau5db847a2019-05-09 14:13:35 +020010099#if (HA_OPENSSL_VERSION_NUMBER >= 0x00907000L) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020010100 CRYPTO_cleanup_all_ex_data();
10101#endif
Olivier Houcharda8955d52019-04-07 22:00:38 +020010102 BIO_meth_free(ha_meth);
Remi Gacogned3a23c32015-05-28 16:39:47 +020010103}
10104
10105
Emeric Brun46591952012-05-18 15:47:34 +020010106/*
10107 * Local variables:
10108 * c-indent-level: 8
10109 * c-basic-offset: 8
10110 * End:
10111 */