blob: 53d313251a63d5a6fe28f765bf34e09adc618165 [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
26#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020027#include <ctype.h>
28#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020029#include <errno.h>
30#include <fcntl.h>
31#include <stdio.h>
32#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020033#include <string.h>
34#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020035
36#include <sys/socket.h>
37#include <sys/stat.h>
38#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020039#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020040#include <netinet/tcp.h>
41
Rosen Penev68185952018-12-14 08:47:02 -080042#include <openssl/bn.h>
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +020043#include <openssl/crypto.h>
Emeric Brun46591952012-05-18 15:47:34 +020044#include <openssl/ssl.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020045#include <openssl/x509.h>
46#include <openssl/x509v3.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020047#include <openssl/err.h>
Thierry Fournier383085f2013-01-24 14:15:43 +010048#include <openssl/rand.h>
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +020049#include <openssl/hmac.h>
Lukas Tribuse4e30f72014-12-09 16:32:51 +010050#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +020051#include <openssl/ocsp.h>
52#endif
Remi Gacogne4f902b82015-05-28 16:23:00 +020053#ifndef OPENSSL_NO_DH
54#include <openssl/dh.h>
55#endif
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020056#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000057#include <openssl/engine.h>
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020058#endif
Emeric Brun46591952012-05-18 15:47:34 +020059
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +020060#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000061#include <openssl/async.h>
62#endif
63
Rosen Penev68185952018-12-14 08:47:02 -080064#ifndef OPENSSL_VERSION
65#define OPENSSL_VERSION SSLEAY_VERSION
66#define OpenSSL_version(x) SSLeay_version(x)
67#define OpenSSL_version_num SSLeay
68#endif
69
70#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || (LIBRESSL_VERSION_NUMBER < 0x20700000L)
71#define X509_getm_notBefore X509_get_notBefore
72#define X509_getm_notAfter X509_get_notAfter
73#endif
74
Emmanuel Hocdet2b4edfb2019-04-01 18:24:38 +020075#if (OPENSSL_VERSION_NUMBER < 0x1010000fL && !defined LIBRESSL_VERSION_NUMBER)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010076#define EVP_CTRL_AEAD_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN
77#define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG
78#endif
79
Christopher Faulet31af49d2015-06-09 17:29:50 +020080#include <import/lru.h>
81#include <import/xxhash.h>
82
Emeric Brun46591952012-05-18 15:47:34 +020083#include <common/buffer.h>
Willy Tarreau843b7cb2018-07-13 10:54:26 +020084#include <common/chunk.h>
Emeric Brun46591952012-05-18 15:47:34 +020085#include <common/compat.h>
86#include <common/config.h>
87#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020088#include <common/errors.h>
Willy Tarreau0108d902018-11-25 19:14:37 +010089#include <common/initcall.h>
Emeric Brun46591952012-05-18 15:47:34 +020090#include <common/standard.h>
91#include <common/ticks.h>
92#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010093#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010094#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020095
Emeric Brunfc0421f2012-09-07 17:30:07 +020096#include <ebsttree.h>
97
William Lallemand32af2032016-10-29 18:09:35 +020098#include <types/applet.h>
99#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +0200100#include <types/global.h>
101#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +0200102#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +0200103
Willy Tarreau7875d092012-09-10 08:20:03 +0200104#include <proto/acl.h>
105#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +0200106#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +0200107#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +0200108#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +0200109#include <proto/fd.h>
110#include <proto/freq_ctr.h>
111#include <proto/frontend.h>
Willy Tarreau61c112a2018-10-02 16:43:32 +0200112#include <proto/http_rules.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +0200113#include <proto/listener.h>
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200114#include <proto/openssl-compat.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +0100115#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +0200116#include <proto/proto_tcp.h>
Olivier Houchardccaa7de2017-10-02 11:51:03 +0200117#include <proto/proto_http.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +0200118#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +0200119#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +0200120#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +0200121#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +0200122#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +0200123#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +0200124#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +0200125#include <proto/task.h>
Nenad Merdanovicc31499d2019-03-23 11:00:32 +0100126#include <proto/vars.h>
Emeric Brun46591952012-05-18 15:47:34 +0200127
Willy Tarreau518cedd2014-02-17 15:43:01 +0100128/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200129#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100130#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100131#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200132#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
133
Emeric Brunf282a812012-09-21 15:27:54 +0200134/* bits 0xFFFF0000 are reserved to store verify errors */
135
136/* Verify errors macros */
137#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
138#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
139#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
140
141#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
142#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
143#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200144
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100145/* Supported hash function for TLS tickets */
146#ifdef OPENSSL_NO_SHA256
147#define HASH_FUNCT EVP_sha1
148#else
149#define HASH_FUNCT EVP_sha256
150#endif /* OPENSSL_NO_SHA256 */
151
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200152/* ssl_methods flags for ssl options */
153#define MC_SSL_O_ALL 0x0000
154#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
155#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
156#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
157#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200158#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200159
160/* ssl_methods versions */
161enum {
162 CONF_TLSV_NONE = 0,
163 CONF_TLSV_MIN = 1,
164 CONF_SSLV3 = 1,
165 CONF_TLSV10 = 2,
166 CONF_TLSV11 = 3,
167 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200168 CONF_TLSV13 = 5,
169 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200170};
171
Emeric Brun850efd52014-01-29 12:24:34 +0100172/* server and bind verify method, it uses a global value as default */
173enum {
174 SSL_SOCK_VERIFY_DEFAULT = 0,
175 SSL_SOCK_VERIFY_REQUIRED = 1,
176 SSL_SOCK_VERIFY_OPTIONAL = 2,
177 SSL_SOCK_VERIFY_NONE = 3,
178};
179
William Lallemand3f85c9a2017-10-09 16:30:50 +0200180
Willy Tarreau71b734c2014-01-28 15:19:44 +0100181int sslconns = 0;
182int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100183static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100184int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200185
Willy Tarreauef934602016-12-22 23:12:01 +0100186static struct {
187 char *crt_base; /* base directory path for certificates */
188 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000189 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100190
191 char *listen_default_ciphers;
192 char *connect_default_ciphers;
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200193#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
194 char *listen_default_ciphersuites;
195 char *connect_default_ciphersuites;
196#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100197 int listen_default_ssloptions;
198 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200199 struct tls_version_filter listen_default_sslmethods;
200 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100201
202 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
203 unsigned int life_time; /* SSL session lifetime in seconds */
204 unsigned int max_record; /* SSL max record size */
205 unsigned int default_dh_param; /* SSL maximum DH parameter size */
206 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100207 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100208} global_ssl = {
209#ifdef LISTEN_DEFAULT_CIPHERS
210 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
211#endif
212#ifdef CONNECT_DEFAULT_CIPHERS
213 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
214#endif
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200215#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
216#ifdef LISTEN_DEFAULT_CIPHERSUITES
217 .listen_default_ciphersuites = LISTEN_DEFAULT_CIPHERSUITES,
218#endif
219#ifdef CONNECT_DEFAULT_CIPHERSUITES
220 .connect_default_ciphersuites = CONNECT_DEFAULT_CIPHERSUITES,
221#endif
222#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100223 .listen_default_ssloptions = BC_SSL_O_NONE,
224 .connect_default_ssloptions = SRV_SSL_O_NONE,
225
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200226 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
227 .listen_default_sslmethods.min = CONF_TLSV_NONE,
228 .listen_default_sslmethods.max = CONF_TLSV_NONE,
229 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
230 .connect_default_sslmethods.min = CONF_TLSV_NONE,
231 .connect_default_sslmethods.max = CONF_TLSV_NONE,
232
Willy Tarreauef934602016-12-22 23:12:01 +0100233#ifdef DEFAULT_SSL_MAX_RECORD
234 .max_record = DEFAULT_SSL_MAX_RECORD,
235#endif
236 .default_dh_param = SSL_DEFAULT_DH_PARAM,
237 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100238 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100239};
240
Rosen Penev68185952018-12-14 08:47:02 -0800241#if defined(USE_THREAD) && ((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER))
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100242
Emeric Brun821bb9b2017-06-15 16:37:39 +0200243static HA_RWLOCK_T *ssl_rwlocks;
244
245
246unsigned long ssl_id_function(void)
247{
248 return (unsigned long)tid;
249}
250
251void ssl_locking_function(int mode, int n, const char * file, int line)
252{
253 if (mode & CRYPTO_LOCK) {
254 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100255 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200256 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100257 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200258 }
259 else {
260 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100261 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200262 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100263 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200264 }
265}
266
267static int ssl_locking_init(void)
268{
269 int i;
270
271 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
272 if (!ssl_rwlocks)
273 return -1;
274
275 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100276 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200277
278 CRYPTO_set_id_callback(ssl_id_function);
279 CRYPTO_set_locking_callback(ssl_locking_function);
280
281 return 0;
282}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100283
Emeric Brun821bb9b2017-06-15 16:37:39 +0200284#endif
285
286
287
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100288/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100289struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100290 unsigned long long int xxh64;
291 unsigned char ciphersuite_len;
292 char ciphersuite[0];
293};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100294struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100295static int ssl_capture_ptr_index = -1;
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200296static int ssl_app_data_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100297
Emmanuel Hocdet96b78342017-10-31 15:46:07 +0100298static int ssl_pkey_info_index = -1;
299
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200300#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
301struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
302#endif
303
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200304#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000305static unsigned int openssl_engines_initialized;
306struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
307struct ssl_engine_list {
308 struct list list;
309 ENGINE *e;
310};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200311#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000312
Remi Gacogne8de54152014-07-15 11:36:40 +0200313#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200314static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200315static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200316static DH *local_dh_1024 = NULL;
317static DH *local_dh_2048 = NULL;
318static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100319static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200320#endif /* OPENSSL_NO_DH */
321
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100322#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200323/* X509V3 Extensions that will be added on generated certificates */
324#define X509V3_EXT_SIZE 5
325static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
326 "basicConstraints",
327 "nsComment",
328 "subjectKeyIdentifier",
329 "authorityKeyIdentifier",
330 "keyUsage",
331};
332static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
333 "CA:FALSE",
334 "\"OpenSSL Generated Certificate\"",
335 "hash",
336 "keyid,issuer:always",
337 "nonRepudiation,digitalSignature,keyEncipherment"
338};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200339/* LRU cache to store generated certificate */
340static struct lru64_head *ssl_ctx_lru_tree = NULL;
341static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200342static unsigned int ssl_ctx_serial;
Willy Tarreau86abe442018-11-25 20:12:18 +0100343__decl_rwlock(ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200344
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200345#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
346
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100347static struct ssl_bind_kw ssl_bind_kws[];
348
yanbzhube2774d2015-12-10 15:07:30 -0500349#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
350/* The order here matters for picking a default context,
351 * keep the most common keytype at the bottom of the list
352 */
353const char *SSL_SOCK_KEYTYPE_NAMES[] = {
354 "dsa",
355 "ecdsa",
356 "rsa"
357};
358#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100359#else
360#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500361#endif
362
William Lallemandc3cd35f2017-11-28 11:04:43 +0100363static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100364static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
365
366#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
367
368#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
369 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
370
371#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
372 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200373
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100374/*
375 * This function gives the detail of the SSL error. It is used only
376 * if the debug mode and the verbose mode are activated. It dump all
377 * the SSL error until the stack was empty.
378 */
379static forceinline void ssl_sock_dump_errors(struct connection *conn)
380{
381 unsigned long ret;
382
383 if (unlikely(global.mode & MODE_DEBUG)) {
384 while(1) {
385 ret = ERR_get_error();
386 if (ret == 0)
387 return;
388 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200389 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100390 ERR_func_error_string(ret), ERR_reason_error_string(ret));
391 }
392 }
393}
394
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200395#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
yanbzhube2774d2015-12-10 15:07:30 -0500396/*
397 * struct alignment works here such that the key.key is the same as key_data
398 * Do not change the placement of key_data
399 */
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200400struct certificate_ocsp {
401 struct ebmb_node key;
402 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
Willy Tarreau83061a82018-07-13 11:56:34 +0200403 struct buffer response;
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200404 long expire;
405};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200406
yanbzhube2774d2015-12-10 15:07:30 -0500407struct ocsp_cbk_arg {
408 int is_single;
409 int single_kt;
410 union {
411 struct certificate_ocsp *s_ocsp;
412 /*
413 * m_ocsp will have multiple entries dependent on key type
414 * Entry 0 - DSA
415 * Entry 1 - ECDSA
416 * Entry 2 - RSA
417 */
418 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
419 };
420};
421
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200422#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000423static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
424{
425 int err_code = ERR_ABORT;
426 ENGINE *engine;
427 struct ssl_engine_list *el;
428
429 /* grab the structural reference to the engine */
430 engine = ENGINE_by_id(engine_id);
431 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100432 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000433 goto fail_get;
434 }
435
436 if (!ENGINE_init(engine)) {
437 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100438 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000439 goto fail_init;
440 }
441
442 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100443 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000444 goto fail_set_method;
445 }
446
447 el = calloc(1, sizeof(*el));
448 el->e = engine;
449 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100450 nb_engines++;
451 if (global_ssl.async)
452 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000453 return 0;
454
455fail_set_method:
456 /* release the functional reference from ENGINE_init() */
457 ENGINE_finish(engine);
458
459fail_init:
460 /* release the structural reference from ENGINE_by_id() */
461 ENGINE_free(engine);
462
463fail_get:
464 return err_code;
465}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200466#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000467
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +0200468#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200469/*
470 * openssl async fd handler
471 */
472static void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000473{
474 struct connection *conn = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000475
Emeric Brun3854e012017-05-17 20:42:48 +0200476 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000477 * to poll this fd until it is requested
478 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000479 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000480 fd_cant_recv(fd);
481
482 /* crypto engine is available, let's notify the associated
483 * connection that it can pursue its processing.
484 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000485 __conn_sock_want_recv(conn);
486 __conn_sock_want_send(conn);
487 conn_update_sock_polling(conn);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000488}
489
Emeric Brun3854e012017-05-17 20:42:48 +0200490/*
491 * openssl async delayed SSL_free handler
492 */
493static void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000494{
495 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200496 OSSL_ASYNC_FD all_fd[32];
497 size_t num_all_fds = 0;
498 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000499
Emeric Brun3854e012017-05-17 20:42:48 +0200500 /* We suppose that the async job for a same SSL *
501 * are serialized. So if we are awake it is
502 * because the running job has just finished
503 * and we can remove all async fds safely
504 */
505 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
506 if (num_all_fds > 32) {
507 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
508 return;
509 }
510
511 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
512 for (i=0 ; i < num_all_fds ; i++)
513 fd_remove(all_fd[i]);
514
515 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000516 SSL_free(ssl);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +0100517 _HA_ATOMIC_SUB(&sslconns, 1);
518 _HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000519}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000520/*
Emeric Brun3854e012017-05-17 20:42:48 +0200521 * function used to manage a returned SSL_ERROR_WANT_ASYNC
522 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000523 */
Emeric Brun3854e012017-05-17 20:42:48 +0200524static void inline ssl_async_process_fds(struct connection *conn, SSL *ssl)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000525{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100526 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200527 OSSL_ASYNC_FD del_fd[32];
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000528 size_t num_add_fds = 0;
529 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200530 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000531
532 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
533 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200534 if (num_add_fds > 32 || num_del_fds > 32) {
535 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000536 return;
537 }
538
Emeric Brun3854e012017-05-17 20:42:48 +0200539 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000540
Emeric Brun3854e012017-05-17 20:42:48 +0200541 /* We remove unused fds from the fdtab */
542 for (i=0 ; i < num_del_fds ; i++)
543 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000544
Emeric Brun3854e012017-05-17 20:42:48 +0200545 /* We add new fds to the fdtab */
546 for (i=0 ; i < num_add_fds ; i++) {
Willy Tarreaua9786b62018-01-25 07:22:13 +0100547 fd_insert(add_fd[i], conn, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000548 }
549
Emeric Brun3854e012017-05-17 20:42:48 +0200550 num_add_fds = 0;
551 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
552 if (num_add_fds > 32) {
553 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
554 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000555 }
Emeric Brun3854e012017-05-17 20:42:48 +0200556
557 /* We activate the polling for all known async fds */
558 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000559 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200560 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000561 /* To ensure that the fd cache won't be used
562 * We'll prefer to catch a real RD event
563 * because handling an EAGAIN on this fd will
564 * result in a context switch and also
565 * some engines uses a fd in blocking mode.
566 */
567 fd_cant_recv(add_fd[i]);
568 }
Emeric Brun3854e012017-05-17 20:42:48 +0200569
570 /* We must also prevent the conn_handler
571 * to be called until a read event was
572 * polled on an async fd
573 */
574 __conn_sock_stop_both(conn);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000575}
576#endif
577
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200578/*
579 * This function returns the number of seconds elapsed
580 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
581 * date presented un ASN1_GENERALIZEDTIME.
582 *
583 * In parsing error case, it returns -1.
584 */
585static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
586{
587 long epoch;
588 char *p, *end;
589 const unsigned short month_offset[12] = {
590 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
591 };
592 int year, month;
593
594 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
595
596 p = (char *)d->data;
597 end = p + d->length;
598
599 if (end - p < 4) return -1;
600 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
601 p += 4;
602 if (end - p < 2) return -1;
603 month = 10 * (p[0] - '0') + p[1] - '0';
604 if (month < 1 || month > 12) return -1;
605 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
606 We consider leap years and the current month (<marsh or not) */
607 epoch = ( ((year - 1970) * 365)
608 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
609 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
610 + month_offset[month-1]
611 ) * 24 * 60 * 60;
612 p += 2;
613 if (end - p < 2) return -1;
614 /* Add the number of seconds of completed days of current month */
615 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
616 p += 2;
617 if (end - p < 2) return -1;
618 /* Add the completed hours of the current day */
619 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
620 p += 2;
621 if (end - p < 2) return -1;
622 /* Add the completed minutes of the current hour */
623 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
624 p += 2;
625 if (p == end) return -1;
626 /* Test if there is available seconds */
627 if (p[0] < '0' || p[0] > '9')
628 goto nosec;
629 if (end - p < 2) return -1;
630 /* Add the seconds of the current minute */
631 epoch += 10 * (p[0] - '0') + p[1] - '0';
632 p += 2;
633 if (p == end) return -1;
634 /* Ignore seconds float part if present */
635 if (p[0] == '.') {
636 do {
637 if (++p == end) return -1;
638 } while (p[0] >= '0' && p[0] <= '9');
639 }
640
641nosec:
642 if (p[0] == 'Z') {
643 if (end - p != 1) return -1;
644 return epoch;
645 }
646 else if (p[0] == '+') {
647 if (end - p != 5) return -1;
648 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700649 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200650 }
651 else if (p[0] == '-') {
652 if (end - p != 5) return -1;
653 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700654 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200655 }
656
657 return -1;
658}
659
Emeric Brun1d3865b2014-06-20 15:37:32 +0200660static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200661
662/* This function starts to check if the OCSP response (in DER format) contained
663 * in chunk 'ocsp_response' is valid (else exits on error).
664 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
665 * contained in the OCSP Response and exits on error if no match.
666 * If it's a valid OCSP Response:
667 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
668 * pointed by 'ocsp'.
669 * If 'ocsp' is NULL, the function looks up into the OCSP response's
670 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
671 * from the response) and exits on error if not found. Finally, If an OCSP response is
672 * already present in the container, it will be overwritten.
673 *
674 * Note: OCSP response containing more than one OCSP Single response is not
675 * considered valid.
676 *
677 * Returns 0 on success, 1 in error case.
678 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200679static int ssl_sock_load_ocsp_response(struct buffer *ocsp_response,
680 struct certificate_ocsp *ocsp,
681 OCSP_CERTID *cid, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200682{
683 OCSP_RESPONSE *resp;
684 OCSP_BASICRESP *bs = NULL;
685 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200686 OCSP_CERTID *id;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200687 unsigned char *p = (unsigned char *) ocsp_response->area;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200688 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200689 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200690 int reason;
691 int ret = 1;
692
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200693 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p,
694 ocsp_response->data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200695 if (!resp) {
696 memprintf(err, "Unable to parse OCSP response");
697 goto out;
698 }
699
700 rc = OCSP_response_status(resp);
701 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
702 memprintf(err, "OCSP response status not successful");
703 goto out;
704 }
705
706 bs = OCSP_response_get1_basic(resp);
707 if (!bs) {
708 memprintf(err, "Failed to get basic response from OCSP Response");
709 goto out;
710 }
711
712 count_sr = OCSP_resp_count(bs);
713 if (count_sr > 1) {
714 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
715 goto out;
716 }
717
718 sr = OCSP_resp_get0(bs, 0);
719 if (!sr) {
720 memprintf(err, "Failed to get OCSP single response");
721 goto out;
722 }
723
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200724 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
725
Emeric Brun4147b2e2014-06-16 18:36:30 +0200726 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200727 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200728 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200729 goto out;
730 }
731
Emeric Brun13a6b482014-06-20 15:44:34 +0200732 if (!nextupd) {
733 memprintf(err, "OCSP single response: missing nextupdate");
734 goto out;
735 }
736
Emeric Brunc8b27b62014-06-19 14:16:17 +0200737 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200738 if (!rc) {
739 memprintf(err, "OCSP single response: no longer valid.");
740 goto out;
741 }
742
743 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200744 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200745 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
746 goto out;
747 }
748 }
749
750 if (!ocsp) {
751 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
752 unsigned char *p;
753
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200754 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200755 if (!rc) {
756 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
757 goto out;
758 }
759
760 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
761 memprintf(err, "OCSP single response: Certificate ID too long");
762 goto out;
763 }
764
765 p = key;
766 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200767 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200768 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
769 if (!ocsp) {
770 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
771 goto out;
772 }
773 }
774
775 /* According to comments on "chunk_dup", the
776 previous chunk buffer will be freed */
777 if (!chunk_dup(&ocsp->response, ocsp_response)) {
778 memprintf(err, "OCSP response: Memory allocation error");
779 goto out;
780 }
781
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200782 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
783
Emeric Brun4147b2e2014-06-16 18:36:30 +0200784 ret = 0;
785out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +0100786 ERR_clear_error();
787
Emeric Brun4147b2e2014-06-16 18:36:30 +0200788 if (bs)
789 OCSP_BASICRESP_free(bs);
790
791 if (resp)
792 OCSP_RESPONSE_free(resp);
793
794 return ret;
795}
796/*
797 * External function use to update the OCSP response in the OCSP response's
798 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
799 * to update in DER format.
800 *
801 * Returns 0 on success, 1 in error case.
802 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200803int ssl_sock_update_ocsp_response(struct buffer *ocsp_response, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200804{
805 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
806}
807
808/*
809 * This function load the OCSP Resonse in DER format contained in file at
810 * path 'ocsp_path' and call 'ssl_sock_load_ocsp_response'
811 *
812 * Returns 0 on success, 1 in error case.
813 */
814static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
815{
816 int fd = -1;
817 int r = 0;
818 int ret = 1;
819
820 fd = open(ocsp_path, O_RDONLY);
821 if (fd == -1) {
822 memprintf(err, "Error opening OCSP response file");
823 goto end;
824 }
825
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200826 trash.data = 0;
827 while (trash.data < trash.size) {
828 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200829 if (r < 0) {
830 if (errno == EINTR)
831 continue;
832
833 memprintf(err, "Error reading OCSP response from file");
834 goto end;
835 }
836 else if (r == 0) {
837 break;
838 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200839 trash.data += r;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200840 }
841
842 close(fd);
843 fd = -1;
844
845 ret = ssl_sock_load_ocsp_response(&trash, ocsp, cid, err);
846end:
847 if (fd != -1)
848 close(fd);
849
850 return ret;
851}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100852#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +0200853
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100854#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
855static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
856{
Christopher Faulet16f45c82018-02-16 11:23:49 +0100857 struct tls_keys_ref *ref;
Emeric Brun9e754772019-01-10 17:51:55 +0100858 union tls_sess_key *keys;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100859 struct connection *conn;
860 int head;
861 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100862 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100863
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200864 conn = SSL_get_ex_data(s, ssl_app_data_index);
Willy Tarreau07d94e42018-09-20 10:57:52 +0200865 ref = __objt_listener(conn->target)->bind_conf->keys_ref;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100866 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
867
868 keys = ref->tlskeys;
869 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100870
871 if (enc) {
872 memcpy(key_name, keys[head].name, 16);
873
874 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100875 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100876
Emeric Brun9e754772019-01-10 17:51:55 +0100877 if (ref->key_size_bits == 128) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100878
Emeric Brun9e754772019-01-10 17:51:55 +0100879 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].key_128.aes_key, iv))
880 goto end;
881
882 HMAC_Init_ex(hctx, keys[head].key_128.hmac_key, 16, HASH_FUNCT(), NULL);
883 ret = 1;
884 }
885 else if (ref->key_size_bits == 256 ) {
886
887 if(!EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[head].key_256.aes_key, iv))
888 goto end;
889
890 HMAC_Init_ex(hctx, keys[head].key_256.hmac_key, 32, HASH_FUNCT(), NULL);
891 ret = 1;
892 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100893 } else {
894 for (i = 0; i < TLS_TICKETS_NO; i++) {
895 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
896 goto found;
897 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100898 ret = 0;
899 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100900
Christopher Faulet16f45c82018-02-16 11:23:49 +0100901 found:
Emeric Brun9e754772019-01-10 17:51:55 +0100902 if (ref->key_size_bits == 128) {
903 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_128.hmac_key, 16, HASH_FUNCT(), NULL);
904 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_128.aes_key, iv))
905 goto end;
906 /* 2 for key renewal, 1 if current key is still valid */
907 ret = i ? 2 : 1;
908 }
909 else if (ref->key_size_bits == 256) {
910 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_256.hmac_key, 32, HASH_FUNCT(), NULL);
911 if(!EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_256.aes_key, iv))
912 goto end;
913 /* 2 for key renewal, 1 if current key is still valid */
914 ret = i ? 2 : 1;
915 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100916 }
Emeric Brun9e754772019-01-10 17:51:55 +0100917
Christopher Faulet16f45c82018-02-16 11:23:49 +0100918 end:
919 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
920 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200921}
922
923struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
924{
925 struct tls_keys_ref *ref;
926
927 list_for_each_entry(ref, &tlskeys_reference, list)
928 if (ref->filename && strcmp(filename, ref->filename) == 0)
929 return ref;
930 return NULL;
931}
932
933struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
934{
935 struct tls_keys_ref *ref;
936
937 list_for_each_entry(ref, &tlskeys_reference, list)
938 if (ref->unique_id == unique_id)
939 return ref;
940 return NULL;
941}
942
Emeric Brun9e754772019-01-10 17:51:55 +0100943/* Update the key into ref: if keysize doesnt
944 * match existing ones, this function returns -1
945 * else it returns 0 on success.
946 */
947int ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref,
Willy Tarreau83061a82018-07-13 11:56:34 +0200948 struct buffer *tlskey)
Christopher Faulet16f45c82018-02-16 11:23:49 +0100949{
Emeric Brun9e754772019-01-10 17:51:55 +0100950 if (ref->key_size_bits == 128) {
951 if (tlskey->data != sizeof(struct tls_sess_key_128))
952 return -1;
953 }
954 else if (ref->key_size_bits == 256) {
955 if (tlskey->data != sizeof(struct tls_sess_key_256))
956 return -1;
957 }
958 else
959 return -1;
960
Christopher Faulet16f45c82018-02-16 11:23:49 +0100961 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200962 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)),
963 tlskey->area, tlskey->data);
Christopher Faulet16f45c82018-02-16 11:23:49 +0100964 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
965 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Emeric Brun9e754772019-01-10 17:51:55 +0100966
967 return 0;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100968}
969
Willy Tarreau83061a82018-07-13 11:56:34 +0200970int ssl_sock_update_tlskey(char *filename, struct buffer *tlskey, char **err)
Christopher Faulet16f45c82018-02-16 11:23:49 +0100971{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200972 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
973
974 if(!ref) {
975 memprintf(err, "Unable to locate the referenced filename: %s", filename);
976 return 1;
977 }
Emeric Brun9e754772019-01-10 17:51:55 +0100978 if (ssl_sock_update_tlskey_ref(ref, tlskey) < 0) {
979 memprintf(err, "Invalid key size");
980 return 1;
981 }
982
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200983 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100984}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200985
986/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +0100987 * automatic ids. It's called just after the basic checks. It returns
988 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200989 */
Willy Tarreaud1c57502016-12-22 22:46:15 +0100990static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200991{
992 int i = 0;
993 struct tls_keys_ref *ref, *ref2, *ref3;
994 struct list tkr = LIST_HEAD_INIT(tkr);
995
996 list_for_each_entry(ref, &tlskeys_reference, list) {
997 if (ref->unique_id == -1) {
998 /* Look for the first free id. */
999 while (1) {
1000 list_for_each_entry(ref2, &tlskeys_reference, list) {
1001 if (ref2->unique_id == i) {
1002 i++;
1003 break;
1004 }
1005 }
1006 if (&ref2->list == &tlskeys_reference)
1007 break;
1008 }
1009
1010 /* Uses the unique id and increment it for the next entry. */
1011 ref->unique_id = i;
1012 i++;
1013 }
1014 }
1015
1016 /* This sort the reference list by id. */
1017 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
1018 LIST_DEL(&ref->list);
1019 list_for_each_entry(ref3, &tkr, list) {
1020 if (ref->unique_id < ref3->unique_id) {
1021 LIST_ADDQ(&ref3->list, &ref->list);
1022 break;
1023 }
1024 }
1025 if (&ref3->list == &tkr)
1026 LIST_ADDQ(&tkr, &ref->list);
1027 }
1028
1029 /* swap root */
1030 LIST_ADD(&tkr, &tlskeys_reference);
1031 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +01001032 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001033}
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001034#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
1035
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001036#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -05001037int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
1038{
1039 switch (evp_keytype) {
1040 case EVP_PKEY_RSA:
1041 return 2;
1042 case EVP_PKEY_DSA:
1043 return 0;
1044 case EVP_PKEY_EC:
1045 return 1;
1046 }
1047
1048 return -1;
1049}
1050
Emeric Brun4147b2e2014-06-16 18:36:30 +02001051/*
1052 * Callback used to set OCSP status extension content in server hello.
1053 */
1054int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
1055{
yanbzhube2774d2015-12-10 15:07:30 -05001056 struct certificate_ocsp *ocsp;
1057 struct ocsp_cbk_arg *ocsp_arg;
1058 char *ssl_buf;
1059 EVP_PKEY *ssl_pkey;
1060 int key_type;
1061 int index;
1062
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001063 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -05001064
1065 ssl_pkey = SSL_get_privatekey(ssl);
1066 if (!ssl_pkey)
1067 return SSL_TLSEXT_ERR_NOACK;
1068
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001069 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001070
1071 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
1072 ocsp = ocsp_arg->s_ocsp;
1073 else {
1074 /* For multiple certs per context, we have to find the correct OCSP response based on
1075 * the certificate type
1076 */
1077 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
1078
1079 if (index < 0)
1080 return SSL_TLSEXT_ERR_NOACK;
1081
1082 ocsp = ocsp_arg->m_ocsp[index];
1083
1084 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001085
1086 if (!ocsp ||
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001087 !ocsp->response.area ||
1088 !ocsp->response.data ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001089 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001090 return SSL_TLSEXT_ERR_NOACK;
1091
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001092 ssl_buf = OPENSSL_malloc(ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001093 if (!ssl_buf)
1094 return SSL_TLSEXT_ERR_NOACK;
1095
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001096 memcpy(ssl_buf, ocsp->response.area, ocsp->response.data);
1097 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001098
1099 return SSL_TLSEXT_ERR_OK;
1100}
1101
1102/*
1103 * This function enables the handling of OCSP status extension on 'ctx' if a
1104 * file name 'cert_path' suffixed using ".ocsp" is present.
1105 * To enable OCSP status extension, the issuer's certificate is mandatory.
1106 * It should be present in the certificate's extra chain builded from file
1107 * 'cert_path'. If not found, the issuer certificate is loaded from a file
1108 * named 'cert_path' suffixed using '.issuer'.
1109 *
1110 * In addition, ".ocsp" file content is loaded as a DER format of an OCSP
1111 * response. If file is empty or content is not a valid OCSP response,
1112 * OCSP status extension is enabled but OCSP response is ignored (a warning
1113 * is displayed).
1114 *
1115 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
Joseph Herlant017b3da2018-11-15 09:07:59 -08001116 * successfully enabled, or -1 in other error case.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001117 */
1118static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
1119{
1120
1121 BIO *in = NULL;
1122 X509 *x, *xi = NULL, *issuer = NULL;
1123 STACK_OF(X509) *chain = NULL;
1124 OCSP_CERTID *cid = NULL;
1125 SSL *ssl;
1126 char ocsp_path[MAXPATHLEN+1];
1127 int i, ret = -1;
1128 struct stat st;
1129 struct certificate_ocsp *ocsp = NULL, *iocsp;
1130 char *warn = NULL;
1131 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001132 pem_password_cb *passwd_cb;
1133 void *passwd_cb_userdata;
1134 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001135
1136 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1137
1138 if (stat(ocsp_path, &st))
1139 return 1;
1140
1141 ssl = SSL_new(ctx);
1142 if (!ssl)
1143 goto out;
1144
1145 x = SSL_get_certificate(ssl);
1146 if (!x)
1147 goto out;
1148
1149 /* Try to lookup for issuer in certificate extra chain */
1150#ifdef SSL_CTRL_GET_EXTRA_CHAIN_CERTS
1151 SSL_CTX_get_extra_chain_certs(ctx, &chain);
1152#else
1153 chain = ctx->extra_certs;
1154#endif
1155 for (i = 0; i < sk_X509_num(chain); i++) {
1156 issuer = sk_X509_value(chain, i);
1157 if (X509_check_issued(issuer, x) == X509_V_OK)
1158 break;
1159 else
1160 issuer = NULL;
1161 }
1162
1163 /* If not found try to load issuer from a suffixed file */
1164 if (!issuer) {
1165 char issuer_path[MAXPATHLEN+1];
1166
1167 in = BIO_new(BIO_s_file());
1168 if (!in)
1169 goto out;
1170
1171 snprintf(issuer_path, MAXPATHLEN+1, "%s.issuer", cert_path);
1172 if (BIO_read_filename(in, issuer_path) <= 0)
1173 goto out;
1174
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001175 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
1176 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
1177
1178 xi = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001179 if (!xi)
1180 goto out;
1181
1182 if (X509_check_issued(xi, x) != X509_V_OK)
1183 goto out;
1184
1185 issuer = xi;
1186 }
1187
1188 cid = OCSP_cert_to_id(0, x, issuer);
1189 if (!cid)
1190 goto out;
1191
1192 i = i2d_OCSP_CERTID(cid, NULL);
1193 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1194 goto out;
1195
Vincent Bernat02779b62016-04-03 13:48:43 +02001196 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001197 if (!ocsp)
1198 goto out;
1199
1200 p = ocsp->key_data;
1201 i2d_OCSP_CERTID(cid, &p);
1202
1203 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1204 if (iocsp == ocsp)
1205 ocsp = NULL;
1206
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001207#ifndef SSL_CTX_get_tlsext_status_cb
1208# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1209 *cb = (void (*) (void))ctx->tlsext_status_cb;
1210#endif
1211 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1212
1213 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001214 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001215 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001216
1217 cb_arg->is_single = 1;
1218 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001219
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001220 pkey = X509_get_pubkey(x);
1221 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1222 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001223
1224 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1225 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1226 } else {
1227 /*
1228 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1229 * Update that cb_arg with the new cert's staple
1230 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001231 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001232 struct certificate_ocsp *tmp_ocsp;
1233 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001234 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001235 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001236
1237#ifdef SSL_CTX_get_tlsext_status_arg
1238 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1239#else
1240 cb_arg = ctx->tlsext_status_arg;
1241#endif
yanbzhube2774d2015-12-10 15:07:30 -05001242
1243 /*
1244 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1245 * the order of operations below matter, take care when changing it
1246 */
1247 tmp_ocsp = cb_arg->s_ocsp;
1248 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1249 cb_arg->s_ocsp = NULL;
1250 cb_arg->m_ocsp[index] = tmp_ocsp;
1251 cb_arg->is_single = 0;
1252 cb_arg->single_kt = 0;
1253
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001254 pkey = X509_get_pubkey(x);
1255 key_type = EVP_PKEY_base_id(pkey);
1256 EVP_PKEY_free(pkey);
1257
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001258 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001259 if (index >= 0 && !cb_arg->m_ocsp[index])
1260 cb_arg->m_ocsp[index] = iocsp;
1261
1262 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001263
1264 ret = 0;
1265
1266 warn = NULL;
1267 if (ssl_sock_load_ocsp_response_from_file(ocsp_path, iocsp, cid, &warn)) {
1268 memprintf(&warn, "Loading '%s': %s. Content will be ignored", ocsp_path, warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001269 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001270 }
1271
1272out:
1273 if (ssl)
1274 SSL_free(ssl);
1275
1276 if (in)
1277 BIO_free(in);
1278
1279 if (xi)
1280 X509_free(xi);
1281
1282 if (cid)
1283 OCSP_CERTID_free(cid);
1284
1285 if (ocsp)
1286 free(ocsp);
1287
1288 if (warn)
1289 free(warn);
1290
1291
1292 return ret;
1293}
1294
1295#endif
1296
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001297#ifdef OPENSSL_IS_BORINGSSL
1298static int ssl_sock_set_ocsp_response_from_file(SSL_CTX *ctx, const char *cert_path)
1299{
1300 char ocsp_path[MAXPATHLEN+1];
1301 struct stat st;
1302 int fd = -1, r = 0;
1303
1304 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1305 if (stat(ocsp_path, &st))
1306 return 0;
1307
1308 fd = open(ocsp_path, O_RDONLY);
1309 if (fd == -1) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01001310 ha_warning("Error opening OCSP response file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001311 return -1;
1312 }
1313
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001314 trash.data = 0;
1315 while (trash.data < trash.size) {
1316 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001317 if (r < 0) {
1318 if (errno == EINTR)
1319 continue;
Christopher Faulet767a84b2017-11-24 16:50:31 +01001320 ha_warning("Error reading OCSP response from file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001321 close(fd);
1322 return -1;
1323 }
1324 else if (r == 0) {
1325 break;
1326 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001327 trash.data += r;
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001328 }
1329 close(fd);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001330 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *) trash.area,
1331 trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001332}
1333#endif
1334
Daniel Jakots54ffb912015-11-06 20:02:41 +01001335#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001336
1337#define CT_EXTENSION_TYPE 18
1338
1339static int sctl_ex_index = -1;
1340
1341/*
1342 * Try to parse Signed Certificate Timestamp List structure. This function
1343 * makes only basic test if the data seems like SCTL. No signature validation
1344 * is performed.
1345 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001346static int ssl_sock_parse_sctl(struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001347{
1348 int ret = 1;
1349 int len, pos, sct_len;
1350 unsigned char *data;
1351
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001352 if (sctl->data < 2)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001353 goto out;
1354
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001355 data = (unsigned char *) sctl->area;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001356 len = (data[0] << 8) | data[1];
1357
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001358 if (len + 2 != sctl->data)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001359 goto out;
1360
1361 data = data + 2;
1362 pos = 0;
1363 while (pos < len) {
1364 if (len - pos < 2)
1365 goto out;
1366
1367 sct_len = (data[pos] << 8) | data[pos + 1];
1368 if (pos + sct_len + 2 > len)
1369 goto out;
1370
1371 pos += sct_len + 2;
1372 }
1373
1374 ret = 0;
1375
1376out:
1377 return ret;
1378}
1379
Willy Tarreau83061a82018-07-13 11:56:34 +02001380static int ssl_sock_load_sctl_from_file(const char *sctl_path,
1381 struct buffer **sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001382{
1383 int fd = -1;
1384 int r = 0;
1385 int ret = 1;
1386
1387 *sctl = NULL;
1388
1389 fd = open(sctl_path, O_RDONLY);
1390 if (fd == -1)
1391 goto end;
1392
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001393 trash.data = 0;
1394 while (trash.data < trash.size) {
1395 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001396 if (r < 0) {
1397 if (errno == EINTR)
1398 continue;
1399
1400 goto end;
1401 }
1402 else if (r == 0) {
1403 break;
1404 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001405 trash.data += r;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001406 }
1407
1408 ret = ssl_sock_parse_sctl(&trash);
1409 if (ret)
1410 goto end;
1411
Vincent Bernat02779b62016-04-03 13:48:43 +02001412 *sctl = calloc(1, sizeof(**sctl));
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001413 if (!chunk_dup(*sctl, &trash)) {
1414 free(*sctl);
1415 *sctl = NULL;
1416 goto end;
1417 }
1418
1419end:
1420 if (fd != -1)
1421 close(fd);
1422
1423 return ret;
1424}
1425
1426int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1427{
Willy Tarreau83061a82018-07-13 11:56:34 +02001428 struct buffer *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001429
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001430 *out = (unsigned char *) sctl->area;
1431 *outlen = sctl->data;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001432
1433 return 1;
1434}
1435
1436int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1437{
1438 return 1;
1439}
1440
1441static int ssl_sock_load_sctl(SSL_CTX *ctx, const char *cert_path)
1442{
1443 char sctl_path[MAXPATHLEN+1];
1444 int ret = -1;
1445 struct stat st;
Willy Tarreau83061a82018-07-13 11:56:34 +02001446 struct buffer *sctl = NULL;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001447
1448 snprintf(sctl_path, MAXPATHLEN+1, "%s.sctl", cert_path);
1449
1450 if (stat(sctl_path, &st))
1451 return 1;
1452
1453 if (ssl_sock_load_sctl_from_file(sctl_path, &sctl))
1454 goto out;
1455
1456 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL)) {
1457 free(sctl);
1458 goto out;
1459 }
1460
1461 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1462
1463 ret = 0;
1464
1465out:
1466 return ret;
1467}
1468
1469#endif
1470
Emeric Brune1f38db2012-09-03 20:36:47 +02001471void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1472{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001473 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brund8b2bb52014-01-28 15:43:53 +01001474 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001475 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001476
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001477#ifndef SSL_OP_NO_RENEGOTIATION
1478 /* Please note that BoringSSL defines this macro to zero so don't
1479 * change this to #if and do not assign a default value to this macro!
1480 */
Emeric Brune1f38db2012-09-03 20:36:47 +02001481 if (where & SSL_CB_HANDSHAKE_START) {
1482 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001483 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001484 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001485 conn->err_code = CO_ER_SSL_RENEG;
1486 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001487 }
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001488#endif
Emeric Brund8b2bb52014-01-28 15:43:53 +01001489
1490 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
1491 if (!(conn->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
1492 /* Long certificate chains optimz
1493 If write and read bios are differents, we
1494 consider that the buffering was activated,
1495 so we rise the output buffer size from 4k
1496 to 16k */
1497 write_bio = SSL_get_wbio(ssl);
1498 if (write_bio != SSL_get_rbio(ssl)) {
1499 BIO_set_write_buffer_size(write_bio, 16384);
1500 conn->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
1501 }
1502 }
1503 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001504}
1505
Emeric Brune64aef12012-09-21 13:15:06 +02001506/* Callback is called for each certificate of the chain during a verify
1507 ok is set to 1 if preverify detect no error on current certificate.
1508 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001509int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001510{
1511 SSL *ssl;
1512 struct connection *conn;
Emeric Brun81c00f02012-09-21 14:31:21 +02001513 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001514
1515 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001516 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001517
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001518 conn->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001519
Emeric Brun81c00f02012-09-21 14:31:21 +02001520 if (ok) /* no errors */
1521 return ok;
1522
1523 depth = X509_STORE_CTX_get_error_depth(x_store);
1524 err = X509_STORE_CTX_get_error(x_store);
1525
1526 /* check if CA error needs to be ignored */
1527 if (depth > 0) {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001528 if (!SSL_SOCK_ST_TO_CA_ERROR(conn->xprt_st)) {
1529 conn->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1530 conn->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001531 }
1532
Willy Tarreau07d94e42018-09-20 10:57:52 +02001533 if (__objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001534 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001535 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001536 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001537 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001538
Willy Tarreau20879a02012-12-03 16:32:10 +01001539 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001540 return 0;
1541 }
1542
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001543 if (!SSL_SOCK_ST_TO_CRTERROR(conn->xprt_st))
1544 conn->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001545
Emeric Brun81c00f02012-09-21 14:31:21 +02001546 /* check if certificate error needs to be ignored */
Willy Tarreau07d94e42018-09-20 10:57:52 +02001547 if (__objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001548 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001549 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001550 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001551 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001552
Willy Tarreau20879a02012-12-03 16:32:10 +01001553 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001554 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001555}
1556
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001557static inline
1558void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001559 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001560{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001561 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001562 unsigned char *msg;
1563 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001564 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001565
1566 /* This function is called for "from client" and "to server"
1567 * connections. The combination of write_p == 0 and content_type == 22
Joseph Herlant017b3da2018-11-15 09:07:59 -08001568 * is only available during "from client" connection.
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001569 */
1570
1571 /* "write_p" is set to 0 is the bytes are received messages,
1572 * otherwise it is set to 1.
1573 */
1574 if (write_p != 0)
1575 return;
1576
1577 /* content_type contains the type of message received or sent
1578 * according with the SSL/TLS protocol spec. This message is
1579 * encoded with one byte. The value 256 (two bytes) is used
1580 * for designing the SSL/TLS record layer. According with the
1581 * rfc6101, the expected message (other than 256) are:
1582 * - change_cipher_spec(20)
1583 * - alert(21)
1584 * - handshake(22)
1585 * - application_data(23)
1586 * - (255)
1587 * We are interessed by the handshake and specially the client
1588 * hello.
1589 */
1590 if (content_type != 22)
1591 return;
1592
1593 /* The message length is at least 4 bytes, containing the
1594 * message type and the message length.
1595 */
1596 if (len < 4)
1597 return;
1598
1599 /* First byte of the handshake message id the type of
1600 * message. The konwn types are:
1601 * - hello_request(0)
1602 * - client_hello(1)
1603 * - server_hello(2)
1604 * - certificate(11)
1605 * - server_key_exchange (12)
1606 * - certificate_request(13)
1607 * - server_hello_done(14)
1608 * We are interested by the client hello.
1609 */
1610 msg = (unsigned char *)buf;
1611 if (msg[0] != 1)
1612 return;
1613
1614 /* Next three bytes are the length of the message. The total length
1615 * must be this decoded length + 4. If the length given as argument
1616 * is not the same, we abort the protocol dissector.
1617 */
1618 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1619 if (len < rec_len + 4)
1620 return;
1621 msg += 4;
1622 end = msg + rec_len;
1623 if (end < msg)
1624 return;
1625
1626 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1627 * for minor, the random, composed by 4 bytes for the unix time and
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001628 * 28 bytes for unix payload. So we jump 1 + 1 + 4 + 28.
1629 */
1630 msg += 1 + 1 + 4 + 28;
1631 if (msg > end)
1632 return;
1633
1634 /* Next, is session id:
1635 * if present, we have to jump by length + 1 for the size information
1636 * if not present, we have to jump by 1 only
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001637 */
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001638 if (msg[0] > 0)
1639 msg += msg[0];
1640 msg += 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001641 if (msg > end)
1642 return;
1643
1644 /* Next two bytes are the ciphersuite length. */
1645 if (msg + 2 > end)
1646 return;
1647 rec_len = (msg[0] << 8) + msg[1];
1648 msg += 2;
1649 if (msg + rec_len > end || msg + rec_len < msg)
1650 return;
1651
Willy Tarreaubafbe012017-11-24 17:34:44 +01001652 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001653 if (!capture)
1654 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001655 /* Compute the xxh64 of the ciphersuite. */
1656 capture->xxh64 = XXH64(msg, rec_len, 0);
1657
1658 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001659 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1660 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001661 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001662
1663 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001664}
1665
Emeric Brun29f037d2014-04-25 19:05:36 +02001666/* Callback is called for ssl protocol analyse */
1667void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1668{
Emeric Brun29f037d2014-04-25 19:05:36 +02001669#ifdef TLS1_RT_HEARTBEAT
1670 /* test heartbeat received (write_p is set to 0
1671 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001672 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001673 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreauf51c6982014-04-25 20:02:39 +02001674 const unsigned char *p = buf;
1675 unsigned int payload;
1676
Emeric Brun29f037d2014-04-25 19:05:36 +02001677 conn->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001678
1679 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1680 if (*p != TLS1_HB_REQUEST)
1681 return;
1682
Willy Tarreauaeed6722014-04-25 23:59:58 +02001683 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001684 goto kill_it;
1685
1686 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001687 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001688 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001689 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001690 /* We have a clear heartbleed attack (CVE-2014-0160), the
1691 * advertised payload is larger than the advertised packet
1692 * length, so we have garbage in the buffer between the
1693 * payload and the end of the buffer (p+len). We can't know
1694 * if the SSL stack is patched, and we don't know if we can
1695 * safely wipe out the area between p+3+len and payload.
1696 * So instead, we prevent the response from being sent by
1697 * setting the max_send_fragment to 0 and we report an SSL
1698 * error, which will kill this connection. It will be reported
1699 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001700 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1701 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001702 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001703 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1704 return;
1705 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001706#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001707 if (global_ssl.capture_cipherlist > 0)
1708 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001709}
1710
Bernard Spil13c53f82018-02-15 13:34:58 +01001711#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchardc7566002018-11-20 23:33:50 +01001712static int ssl_sock_srv_select_protos(SSL *s, unsigned char **out, unsigned char *outlen,
1713 const unsigned char *in, unsigned int inlen,
1714 void *arg)
1715{
1716 struct server *srv = arg;
1717
1718 if (SSL_select_next_proto(out, outlen, in, inlen, (unsigned char *)srv->ssl_ctx.npn_str,
1719 srv->ssl_ctx.npn_len) == OPENSSL_NPN_NEGOTIATED)
1720 return SSL_TLSEXT_ERR_OK;
1721 return SSL_TLSEXT_ERR_NOACK;
1722}
1723#endif
1724
1725#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001726/* This callback is used so that the server advertises the list of
1727 * negociable protocols for NPN.
1728 */
1729static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1730 unsigned int *len, void *arg)
1731{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001732 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001733
1734 *data = (const unsigned char *)conf->npn_str;
1735 *len = conf->npn_len;
1736 return SSL_TLSEXT_ERR_OK;
1737}
1738#endif
1739
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001740#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001741/* This callback is used so that the server advertises the list of
1742 * negociable protocols for ALPN.
1743 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001744static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1745 unsigned char *outlen,
1746 const unsigned char *server,
1747 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001748{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001749 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001750
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001751 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1752 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1753 return SSL_TLSEXT_ERR_NOACK;
1754 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001755 return SSL_TLSEXT_ERR_OK;
1756}
1757#endif
1758
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001759#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001760#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001761
Christopher Faulet30548802015-06-11 13:39:32 +02001762/* Create a X509 certificate with the specified servername and serial. This
1763 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001764static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001765ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001766{
Christopher Faulet7969a332015-10-09 11:15:03 +02001767 X509 *cacert = bind_conf->ca_sign_cert;
1768 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001769 SSL_CTX *ssl_ctx = NULL;
1770 X509 *newcrt = NULL;
1771 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001772 SSL *tmp_ssl = NULL;
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001773 CONF *ctmp = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001774 X509_NAME *name;
1775 const EVP_MD *digest;
1776 X509V3_CTX ctx;
1777 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001778 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001779
Christopher Faulet48a83322017-07-28 16:56:09 +02001780 /* Get the private key of the default certificate and use it */
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001781#if (OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined LIBRESSL_VERSION_NUMBER)
1782 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1783#else
1784 tmp_ssl = SSL_new(bind_conf->default_ctx);
1785 if (tmp_ssl)
1786 pkey = SSL_get_privatekey(tmp_ssl);
1787#endif
1788 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001789 goto mkcert_error;
1790
1791 /* Create the certificate */
1792 if (!(newcrt = X509_new()))
1793 goto mkcert_error;
1794
1795 /* Set version number for the certificate (X509v3) and the serial
1796 * number */
1797 if (X509_set_version(newcrt, 2L) != 1)
1798 goto mkcert_error;
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01001799 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), _HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001800
1801 /* Set duration for the certificate */
Rosen Penev68185952018-12-14 08:47:02 -08001802 if (!X509_gmtime_adj(X509_getm_notBefore(newcrt), (long)-60*60*24) ||
1803 !X509_gmtime_adj(X509_getm_notAfter(newcrt),(long)60*60*24*365))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001804 goto mkcert_error;
1805
1806 /* set public key in the certificate */
1807 if (X509_set_pubkey(newcrt, pkey) != 1)
1808 goto mkcert_error;
1809
1810 /* Set issuer name from the CA */
1811 if (!(name = X509_get_subject_name(cacert)))
1812 goto mkcert_error;
1813 if (X509_set_issuer_name(newcrt, name) != 1)
1814 goto mkcert_error;
1815
1816 /* Set the subject name using the same, but the CN */
1817 name = X509_NAME_dup(name);
1818 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
1819 (const unsigned char *)servername,
1820 -1, -1, 0) != 1) {
1821 X509_NAME_free(name);
1822 goto mkcert_error;
1823 }
1824 if (X509_set_subject_name(newcrt, name) != 1) {
1825 X509_NAME_free(name);
1826 goto mkcert_error;
1827 }
1828 X509_NAME_free(name);
1829
1830 /* Add x509v3 extensions as specified */
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001831 ctmp = NCONF_new(NULL);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001832 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
1833 for (i = 0; i < X509V3_EXT_SIZE; i++) {
1834 X509_EXTENSION *ext;
1835
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001836 if (!(ext = X509V3_EXT_nconf(ctmp, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001837 goto mkcert_error;
1838 if (!X509_add_ext(newcrt, ext, -1)) {
1839 X509_EXTENSION_free(ext);
1840 goto mkcert_error;
1841 }
1842 X509_EXTENSION_free(ext);
1843 }
1844
1845 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001846
1847 key_type = EVP_PKEY_base_id(capkey);
1848
1849 if (key_type == EVP_PKEY_DSA)
1850 digest = EVP_sha1();
1851 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001852 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001853 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02001854 digest = EVP_sha256();
1855 else {
Emmanuel Hocdet747ca612018-10-01 18:45:19 +02001856#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet7969a332015-10-09 11:15:03 +02001857 int nid;
1858
1859 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
1860 goto mkcert_error;
1861 if (!(digest = EVP_get_digestbynid(nid)))
1862 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02001863#else
1864 goto mkcert_error;
1865#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02001866 }
1867
Christopher Faulet31af49d2015-06-09 17:29:50 +02001868 if (!(X509_sign(newcrt, capkey, digest)))
1869 goto mkcert_error;
1870
1871 /* Create and set the new SSL_CTX */
1872 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
1873 goto mkcert_error;
1874 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1875 goto mkcert_error;
1876 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
1877 goto mkcert_error;
1878 if (!SSL_CTX_check_private_key(ssl_ctx))
1879 goto mkcert_error;
1880
1881 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02001882
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001883#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001884 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001885#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001886#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
1887 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001888 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001889 EC_KEY *ecc;
1890 int nid;
1891
1892 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
1893 goto end;
1894 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
1895 goto end;
1896 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
1897 EC_KEY_free(ecc);
1898 }
1899#endif
1900 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02001901 return ssl_ctx;
1902
1903 mkcert_error:
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001904 if (ctmp) NCONF_free(ctmp);
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001905 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001906 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
1907 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001908 return NULL;
1909}
1910
Christopher Faulet7969a332015-10-09 11:15:03 +02001911SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001912ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02001913{
Willy Tarreau07d94e42018-09-20 10:57:52 +02001914 struct bind_conf *bind_conf = __objt_listener(conn->target)->bind_conf;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001915
1916 return ssl_sock_do_create_cert(servername, bind_conf, conn->xprt_ctx);
Christopher Faulet7969a332015-10-09 11:15:03 +02001917}
1918
Christopher Faulet30548802015-06-11 13:39:32 +02001919/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02001920 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02001921SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02001922ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02001923{
1924 struct lru64 *lru = NULL;
1925
1926 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001927 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001928 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001929 if (lru && lru->domain) {
1930 if (ssl)
1931 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001932 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001933 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001934 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001935 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001936 }
1937 return NULL;
1938}
1939
Emeric Brun821bb9b2017-06-15 16:37:39 +02001940/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
1941 * function is not thread-safe, it should only be used to check if a certificate
1942 * exists in the lru cache (with no warranty it will not be removed by another
1943 * thread). It is kept for backward compatibility. */
1944SSL_CTX *
1945ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
1946{
1947 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
1948}
1949
Christopher Fauletd2cab922015-07-28 16:03:47 +02001950/* Set a certificate int the LRU cache used to store generated
1951 * certificate. Return 0 on success, otherwise -1 */
1952int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001953ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02001954{
1955 struct lru64 *lru = NULL;
1956
1957 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001958 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001959 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001960 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001961 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001962 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001963 }
Christopher Faulet30548802015-06-11 13:39:32 +02001964 if (lru->domain && lru->data)
1965 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02001966 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001967 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001968 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02001969 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02001970 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02001971}
1972
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001973/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02001974unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001975ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02001976{
1977 return XXH32(data, len, ssl_ctx_lru_seed);
1978}
1979
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001980/* Generate a cert and immediately assign it to the SSL session so that the cert's
1981 * refcount is maintained regardless of the cert's presence in the LRU cache.
1982 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001983static int
Christopher Faulet7969a332015-10-09 11:15:03 +02001984ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001985{
1986 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001987 SSL_CTX *ssl_ctx = NULL;
1988 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001989 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001990
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001991 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001992 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001993 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001994 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001995 if (lru && lru->domain)
1996 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02001997 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001998 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001999 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002000 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002001 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002002 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002003 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002004 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002005 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002006 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002007 SSL_set_SSL_CTX(ssl, ssl_ctx);
2008 /* No LRU cache, this CTX will be released as soon as the session dies */
2009 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002010 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002011 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002012 return 0;
2013}
2014static int
2015ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
2016{
2017 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002018 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002019
2020 conn_get_to_addr(conn);
2021 if (conn->flags & CO_FL_ADDR_TO_SET) {
2022 key = ssl_sock_generated_cert_key(&conn->addr.to, get_addr_len(&conn->addr.to));
Emeric Brun821bb9b2017-06-15 16:37:39 +02002023 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002024 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002025 }
2026 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002027}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002028#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002029
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002030
2031#ifndef SSL_OP_CIPHER_SERVER_PREFERENCE /* needs OpenSSL >= 0.9.7 */
2032#define SSL_OP_CIPHER_SERVER_PREFERENCE 0
2033#endif
2034
2035#ifndef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION /* needs OpenSSL >= 0.9.7 */
2036#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0
2037#define SSL_renegotiate_pending(arg) 0
2038#endif
2039#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 0.9.8 */
2040#define SSL_OP_SINGLE_ECDH_USE 0
2041#endif
2042#ifndef SSL_OP_NO_TICKET /* needs OpenSSL >= 0.9.8 */
2043#define SSL_OP_NO_TICKET 0
2044#endif
2045#ifndef SSL_OP_NO_COMPRESSION /* needs OpenSSL >= 0.9.9 */
2046#define SSL_OP_NO_COMPRESSION 0
2047#endif
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002048#ifdef OPENSSL_NO_SSL3 /* SSLv3 support removed */
2049#undef SSL_OP_NO_SSLv3
2050#define SSL_OP_NO_SSLv3 0
2051#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002052#ifndef SSL_OP_NO_TLSv1_1 /* needs OpenSSL >= 1.0.1 */
2053#define SSL_OP_NO_TLSv1_1 0
2054#endif
2055#ifndef SSL_OP_NO_TLSv1_2 /* needs OpenSSL >= 1.0.1 */
2056#define SSL_OP_NO_TLSv1_2 0
2057#endif
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002058#ifndef SSL_OP_NO_TLSv1_3 /* needs OpenSSL >= 1.1.1 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002059#define SSL_OP_NO_TLSv1_3 0
2060#endif
2061#ifndef SSL_OP_SINGLE_DH_USE /* needs OpenSSL >= 0.9.6 */
2062#define SSL_OP_SINGLE_DH_USE 0
2063#endif
2064#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 1.0.0 */
2065#define SSL_OP_SINGLE_ECDH_USE 0
2066#endif
2067#ifndef SSL_MODE_RELEASE_BUFFERS /* needs OpenSSL >= 1.0.0 */
2068#define SSL_MODE_RELEASE_BUFFERS 0
2069#endif
2070#ifndef SSL_MODE_SMALL_BUFFERS /* needs small_records.patch */
2071#define SSL_MODE_SMALL_BUFFERS 0
2072#endif
Lukas Tribus926594f2018-05-18 17:55:57 +02002073#ifndef SSL_OP_PRIORITIZE_CHACHA /* needs OpenSSL >= 1.1.1 */
2074#define SSL_OP_PRIORITIZE_CHACHA 0
2075#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002076
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002077#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002078typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
2079
2080static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002081{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002082#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002083 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002084 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
2085#endif
2086}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002087static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2088 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002089 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
2090}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002091static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002092#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002093 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002094 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
2095#endif
2096}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002097static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002098#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002099 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002100 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
2101#endif
2102}
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002103/* TLSv1.2 is the last supported version in this context. */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002104static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
2105/* Unusable in this context. */
2106static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
2107static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
2108static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
2109static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
2110static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002111#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002112typedef enum { SET_MIN, SET_MAX } set_context_func;
2113
2114static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2115 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002116 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2117}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002118static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2119 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2120 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2121}
2122static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2123 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002124 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2125}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002126static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2127 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2128 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2129}
2130static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2131 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002132 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2133}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002134static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2135 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2136 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2137}
2138static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2139 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002140 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2141}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002142static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2143 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2144 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2145}
2146static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002147#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002148 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002149 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2150#endif
2151}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002152static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2153#if SSL_OP_NO_TLSv1_3
2154 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2155 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002156#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002157}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002158#endif
2159static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2160static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002161
2162static struct {
2163 int option;
2164 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002165 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2166 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002167 const char *name;
2168} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002169 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2170 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2171 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2172 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2173 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2174 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002175};
2176
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002177static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2178{
2179 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2180 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2181 SSL_set_SSL_CTX(ssl, ctx);
2182}
2183
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002184#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002185
2186static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2187{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002188 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002189 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002190
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002191 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2192 return SSL_TLSEXT_ERR_OK;
2193 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002194}
2195
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002196#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002197static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2198{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002199 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002200#else
2201static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2202{
2203#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002204 struct connection *conn;
2205 struct bind_conf *s;
2206 const uint8_t *extension_data;
2207 size_t extension_len;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002208 int has_rsa_sig = 0, has_ecdsa_sig = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002209
2210 char *wildp = NULL;
2211 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002212 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002213 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002214 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002215 int i;
2216
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002217 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreaua8825522018-10-15 13:20:07 +02002218 s = __objt_listener(conn->target)->bind_conf;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002219
Olivier Houchard9679ac92017-10-27 14:58:08 +02002220 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002221 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002222#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002223 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2224 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002225#else
2226 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2227#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002228 /*
2229 * The server_name extension was given too much extensibility when it
2230 * was written, so parsing the normal case is a bit complex.
2231 */
2232 size_t len;
2233 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002234 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002235 /* Extract the length of the supplied list of names. */
2236 len = (*extension_data++) << 8;
2237 len |= *extension_data++;
2238 if (len + 2 != extension_len)
2239 goto abort;
2240 /*
2241 * The list in practice only has a single element, so we only consider
2242 * the first one.
2243 */
2244 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2245 goto abort;
2246 extension_len = len - 1;
2247 /* Now we can finally pull out the byte array with the actual hostname. */
2248 if (extension_len <= 2)
2249 goto abort;
2250 len = (*extension_data++) << 8;
2251 len |= *extension_data++;
2252 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2253 || memchr(extension_data, 0, len) != NULL)
2254 goto abort;
2255 servername = extension_data;
2256 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002257 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002258#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2259 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002260 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002261 }
2262#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002263 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002264 if (!s->strict_sni) {
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002265 ssl_sock_switchctx_set(ssl, s->default_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002266 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002267 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002268 goto abort;
2269 }
2270
2271 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002272#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002273 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002274#else
2275 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2276#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002277 uint8_t sign;
2278 size_t len;
2279 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002280 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002281 len = (*extension_data++) << 8;
2282 len |= *extension_data++;
2283 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002284 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002285 if (len % 2 != 0)
2286 goto abort;
2287 for (; len > 0; len -= 2) {
2288 extension_data++; /* hash */
2289 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002290 switch (sign) {
2291 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002292 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002293 break;
2294 case TLSEXT_signature_ecdsa:
2295 has_ecdsa_sig = 1;
2296 break;
2297 default:
2298 continue;
2299 }
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002300 if (has_ecdsa_sig && has_rsa_sig)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002301 break;
2302 }
2303 } else {
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002304 /* without TLSEXT_TYPE_signature_algorithms extension (< TLSv1.2) */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002305 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002306 }
2307 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002308 const SSL_CIPHER *cipher;
2309 size_t len;
2310 const uint8_t *cipher_suites;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002311 has_ecdsa_sig = 0;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002312#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002313 len = ctx->cipher_suites_len;
2314 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002315#else
2316 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2317#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002318 if (len % 2 != 0)
2319 goto abort;
2320 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002321#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002322 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002323 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002324#else
2325 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2326#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002327 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002328 has_ecdsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002329 break;
2330 }
2331 }
2332 }
2333
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002334 for (i = 0; i < trash.size && i < servername_len; i++) {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002335 trash.area[i] = tolower(servername[i]);
2336 if (!wildp && (trash.area[i] == '.'))
2337 wildp = &trash.area[i];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002338 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002339 trash.area[i] = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002340
2341 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002342 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002343
2344 /* lookup a not neg filter */
2345 for (n = node; n; n = ebmb_next_dup(n)) {
2346 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002347 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002348 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002349 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002350 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002351 break;
2352 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002353 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002354 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002355 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002356 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002357 if (!node_anonymous)
2358 node_anonymous = n;
2359 break;
2360 }
2361 }
2362 }
2363 if (wildp) {
2364 /* lookup in wildcards names */
2365 node = ebst_lookup(&s->sni_w_ctx, wildp);
2366 for (n = node; n; n = ebmb_next_dup(n)) {
2367 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002368 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002369 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002370 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002371 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002372 break;
2373 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002374 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002375 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002376 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002377 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002378 if (!node_anonymous)
2379 node_anonymous = n;
2380 break;
2381 }
2382 }
2383 }
2384 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002385 /* select by key_signature priority order */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002386 node = (has_ecdsa_sig && node_ecdsa) ? node_ecdsa
2387 : ((has_rsa_sig && node_rsa) ? node_rsa
2388 : (node_anonymous ? node_anonymous
2389 : (node_ecdsa ? node_ecdsa /* no ecdsa signature case (< TLSv1.2) */
2390 : node_rsa /* no rsa signature case (far far away) */
2391 )));
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002392 if (node) {
2393 /* switch ctx */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02002394 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002395 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002396 if (conf) {
2397 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2398 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2399 if (conf->early_data)
2400 allow_early = 1;
2401 }
2402 goto allow_early;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002403 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002404#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002405 if (s->generate_certs && ssl_sock_generate_certificate(trash.area, s, ssl)) {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002406 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002407 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002408 }
2409#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002410 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002411 /* no certificate match, is the default_ctx */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002412 ssl_sock_switchctx_set(ssl, s->default_ctx);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002413 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002414allow_early:
2415#ifdef OPENSSL_IS_BORINGSSL
2416 if (allow_early)
2417 SSL_set_early_data_enabled(ssl, 1);
2418#else
2419 if (!allow_early)
2420 SSL_set_max_early_data(ssl, 0);
2421#endif
2422 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002423 abort:
2424 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2425 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002426#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002427 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002428#else
2429 *al = SSL_AD_UNRECOGNIZED_NAME;
2430 return 0;
2431#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002432}
2433
2434#else /* OPENSSL_IS_BORINGSSL */
2435
Emeric Brunfc0421f2012-09-07 17:30:07 +02002436/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2437 * warning when no match is found, which implies the default (first) cert
2438 * will keep being used.
2439 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002440static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002441{
2442 const char *servername;
2443 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002444 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002445 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002446 int i;
2447 (void)al; /* shut gcc stupid warning */
2448
2449 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002450 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002451#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002452 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2453 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002454#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002455 if (s->strict_sni)
2456 return SSL_TLSEXT_ERR_ALERT_FATAL;
2457 ssl_sock_switchctx_set(ssl, s->default_ctx);
2458 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002459 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002460
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002461 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002462 if (!servername[i])
2463 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002464 trash.area[i] = tolower(servername[i]);
2465 if (!wildp && (trash.area[i] == '.'))
2466 wildp = &trash.area[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002467 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002468 trash.area[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002469
2470 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002471 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002472
2473 /* lookup a not neg filter */
2474 for (n = node; n; n = ebmb_next_dup(n)) {
2475 if (!container_of(n, struct sni_ctx, name)->neg) {
2476 node = n;
2477 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002478 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002479 }
2480 if (!node && wildp) {
2481 /* lookup in wildcards names */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002482 node = ebst_lookup(&s->sni_w_ctx, wildp);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002483 }
2484 if (!node || container_of(node, struct sni_ctx, name)->neg) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002485#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002486 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2487 /* switch ctx done in ssl_sock_generate_certificate */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002488 return SSL_TLSEXT_ERR_OK;
2489 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002490#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002491 if (s->strict_sni)
2492 return SSL_TLSEXT_ERR_ALERT_FATAL;
2493 ssl_sock_switchctx_set(ssl, s->default_ctx);
2494 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002495 }
2496
2497 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002498 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002499 return SSL_TLSEXT_ERR_OK;
2500}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002501#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002502#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2503
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002504#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002505
2506static DH * ssl_get_dh_1024(void)
2507{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002508 static unsigned char dh1024_p[]={
2509 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2510 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2511 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2512 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2513 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2514 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2515 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2516 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2517 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2518 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2519 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2520 };
2521 static unsigned char dh1024_g[]={
2522 0x02,
2523 };
2524
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002525 BIGNUM *p;
2526 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002527 DH *dh = DH_new();
2528 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002529 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2530 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002531
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002532 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002533 DH_free(dh);
2534 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002535 } else {
2536 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002537 }
2538 }
2539 return dh;
2540}
2541
2542static DH *ssl_get_dh_2048(void)
2543{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002544 static unsigned char dh2048_p[]={
2545 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2546 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2547 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2548 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2549 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2550 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2551 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2552 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2553 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2554 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2555 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2556 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2557 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2558 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2559 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2560 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2561 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2562 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2563 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2564 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2565 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2566 0xB7,0x1F,0x77,0xF3,
2567 };
2568 static unsigned char dh2048_g[]={
2569 0x02,
2570 };
2571
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002572 BIGNUM *p;
2573 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002574 DH *dh = DH_new();
2575 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002576 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2577 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002578
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002579 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002580 DH_free(dh);
2581 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002582 } else {
2583 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002584 }
2585 }
2586 return dh;
2587}
2588
2589static DH *ssl_get_dh_4096(void)
2590{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002591 static unsigned char dh4096_p[]={
2592 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2593 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2594 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2595 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2596 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2597 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2598 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2599 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2600 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2601 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2602 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2603 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2604 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2605 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2606 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2607 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2608 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2609 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2610 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2611 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2612 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2613 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2614 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2615 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2616 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2617 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2618 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2619 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2620 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2621 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2622 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2623 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2624 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2625 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2626 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2627 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2628 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2629 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2630 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2631 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2632 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2633 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2634 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002635 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002636 static unsigned char dh4096_g[]={
2637 0x02,
2638 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002639
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002640 BIGNUM *p;
2641 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002642 DH *dh = DH_new();
2643 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002644 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2645 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002646
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002647 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002648 DH_free(dh);
2649 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002650 } else {
2651 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002652 }
2653 }
2654 return dh;
2655}
2656
2657/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002658 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002659static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2660{
2661 DH *dh = NULL;
2662 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002663 int type;
2664
2665 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002666
2667 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2668 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2669 */
2670 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2671 keylen = EVP_PKEY_bits(pkey);
2672 }
2673
Willy Tarreauef934602016-12-22 23:12:01 +01002674 if (keylen > global_ssl.default_dh_param) {
2675 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002676 }
2677
Remi Gacogned3a341a2015-05-29 16:26:17 +02002678 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002679 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002680 }
2681 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002682 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002683 }
2684 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002685 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002686 }
2687
2688 return dh;
2689}
2690
Remi Gacogne47783ef2015-05-29 15:53:22 +02002691static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002692{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002693 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002694 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002695
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002696 if (in == NULL)
2697 goto end;
2698
Remi Gacogne47783ef2015-05-29 15:53:22 +02002699 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002700 goto end;
2701
Remi Gacogne47783ef2015-05-29 15:53:22 +02002702 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2703
2704end:
2705 if (in)
2706 BIO_free(in);
2707
Emeric Brune1b4ed42018-08-16 15:14:12 +02002708 ERR_clear_error();
2709
Remi Gacogne47783ef2015-05-29 15:53:22 +02002710 return dh;
2711}
2712
2713int ssl_sock_load_global_dh_param_from_file(const char *filename)
2714{
2715 global_dh = ssl_sock_get_dh_from_file(filename);
2716
2717 if (global_dh) {
2718 return 0;
2719 }
2720
2721 return -1;
2722}
2723
2724/* Loads Diffie-Hellman parameter from a file. Returns 1 if loaded, else -1
Joseph Herlant017b3da2018-11-15 09:07:59 -08002725 if an error occurred, and 0 if parameter not found. */
Remi Gacogne47783ef2015-05-29 15:53:22 +02002726int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file)
2727{
2728 int ret = -1;
2729 DH *dh = ssl_sock_get_dh_from_file(file);
2730
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002731 if (dh) {
2732 ret = 1;
2733 SSL_CTX_set_tmp_dh(ctx, dh);
Remi Gacogne4f902b82015-05-28 16:23:00 +02002734
2735 if (ssl_dh_ptr_index >= 0) {
2736 /* store a pointer to the DH params to avoid complaining about
2737 ssl-default-dh-param not being set for this SSL_CTX */
2738 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
2739 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002740 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02002741 else if (global_dh) {
2742 SSL_CTX_set_tmp_dh(ctx, global_dh);
2743 ret = 0; /* DH params not found */
2744 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002745 else {
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002746 /* Clear openssl global errors stack */
2747 ERR_clear_error();
2748
Willy Tarreauef934602016-12-22 23:12:01 +01002749 if (global_ssl.default_dh_param <= 1024) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002750 /* we are limited to DH parameter of 1024 bits anyway */
Remi Gacognec7e12632016-07-02 16:26:10 +02002751 if (local_dh_1024 == NULL)
2752 local_dh_1024 = ssl_get_dh_1024();
2753
Remi Gacogne8de54152014-07-15 11:36:40 +02002754 if (local_dh_1024 == NULL)
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002755 goto end;
Willy Tarreau6e774b42014-04-25 21:35:23 +02002756
Remi Gacogne8de54152014-07-15 11:36:40 +02002757 SSL_CTX_set_tmp_dh(ctx, local_dh_1024);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002758 }
2759 else {
2760 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
2761 }
Willy Tarreau6e774b42014-04-25 21:35:23 +02002762
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002763 ret = 0; /* DH params not found */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002764 }
Emeric Brun644cde02012-12-14 11:21:13 +01002765
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002766end:
2767 if (dh)
2768 DH_free(dh);
2769
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002770 return ret;
2771}
2772#endif
2773
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002774static int ssl_sock_add_cert_sni(SSL_CTX *ctx, struct bind_conf *s, struct ssl_bind_conf *conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002775 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002776{
2777 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002778 int wild = 0, neg = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002779 struct ebmb_node *node;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002780
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002781 if (*name == '!') {
2782 neg = 1;
2783 name++;
2784 }
2785 if (*name == '*') {
2786 wild = 1;
2787 name++;
2788 }
2789 /* !* filter is a nop */
2790 if (neg && wild)
2791 return order;
2792 if (*name) {
2793 int j, len;
2794 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002795 for (j = 0; j < len && j < trash.size; j++)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002796 trash.area[j] = tolower(name[j]);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002797 if (j >= trash.size)
2798 return order;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002799 trash.area[j] = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002800
2801 /* Check for duplicates. */
2802 if (wild)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002803 node = ebst_lookup(&s->sni_w_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002804 else
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002805 node = ebst_lookup(&s->sni_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002806 for (; node; node = ebmb_next_dup(node)) {
2807 sc = ebmb_entry(node, struct sni_ctx, name);
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002808 if (sc->ctx == ctx && sc->conf == conf && sc->neg == neg)
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002809 return order;
2810 }
2811
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002812 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002813 if (!sc)
2814 return order;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002815 memcpy(sc->name.key, trash.area, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002816 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002817 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002818 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002819 sc->order = order++;
2820 sc->neg = neg;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01002821 if (kinfo.sig != TLSEXT_signature_anonymous)
2822 SSL_CTX_set_ex_data(ctx, ssl_pkey_info_index, &sc->kinfo);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002823 if (wild)
2824 ebst_insert(&s->sni_w_ctx, &sc->name);
2825 else
2826 ebst_insert(&s->sni_ctx, &sc->name);
2827 }
2828 return order;
2829}
2830
yanbzhu488a4d22015-12-01 15:16:07 -05002831
2832/* The following code is used for loading multiple crt files into
2833 * SSL_CTX's based on CN/SAN
2834 */
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01002835#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)
yanbzhu488a4d22015-12-01 15:16:07 -05002836/* This is used to preload the certifcate, private key
2837 * and Cert Chain of a file passed in via the crt
2838 * argument
2839 *
2840 * This way, we do not have to read the file multiple times
2841 */
2842struct cert_key_and_chain {
2843 X509 *cert;
2844 EVP_PKEY *key;
2845 unsigned int num_chain_certs;
2846 /* This is an array of X509 pointers */
2847 X509 **chain_certs;
2848};
2849
yanbzhu08ce6ab2015-12-02 13:01:29 -05002850#define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
2851
2852struct key_combo_ctx {
2853 SSL_CTX *ctx;
2854 int order;
2855};
2856
2857/* Map used for processing multiple keypairs for a single purpose
2858 *
2859 * This maps CN/SNI name to certificate type
2860 */
2861struct sni_keytype {
2862 int keytypes; /* BITMASK for keytypes */
2863 struct ebmb_node name; /* node holding the servername value */
2864};
2865
2866
yanbzhu488a4d22015-12-01 15:16:07 -05002867/* Frees the contents of a cert_key_and_chain
2868 */
2869static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
2870{
2871 int i;
2872
2873 if (!ckch)
2874 return;
2875
2876 /* Free the certificate and set pointer to NULL */
2877 if (ckch->cert)
2878 X509_free(ckch->cert);
2879 ckch->cert = NULL;
2880
2881 /* Free the key and set pointer to NULL */
2882 if (ckch->key)
2883 EVP_PKEY_free(ckch->key);
2884 ckch->key = NULL;
2885
2886 /* Free each certificate in the chain */
2887 for (i = 0; i < ckch->num_chain_certs; i++) {
2888 if (ckch->chain_certs[i])
2889 X509_free(ckch->chain_certs[i]);
2890 }
2891
2892 /* Free the chain obj itself and set to NULL */
2893 if (ckch->num_chain_certs > 0) {
2894 free(ckch->chain_certs);
2895 ckch->num_chain_certs = 0;
2896 ckch->chain_certs = NULL;
2897 }
2898
2899}
2900
2901/* checks if a key and cert exists in the ckch
2902 */
2903static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
2904{
2905 return (ckch->cert != NULL && ckch->key != NULL);
2906}
2907
2908
2909/* Loads the contents of a crt file (path) into a cert_key_and_chain
2910 * This allows us to carry the contents of the file without having to
2911 * read the file multiple times.
2912 *
2913 * returns:
2914 * 0 on Success
2915 * 1 on SSL Failure
2916 * 2 on file not found
2917 */
2918static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
2919{
2920
2921 BIO *in;
2922 X509 *ca = NULL;
2923 int ret = 1;
2924
2925 ssl_sock_free_cert_key_and_chain_contents(ckch);
2926
2927 in = BIO_new(BIO_s_file());
2928 if (in == NULL)
2929 goto end;
2930
2931 if (BIO_read_filename(in, path) <= 0)
2932 goto end;
2933
yanbzhu488a4d22015-12-01 15:16:07 -05002934 /* Read Private Key */
2935 ckch->key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
2936 if (ckch->key == NULL) {
2937 memprintf(err, "%sunable to load private key from file '%s'.\n",
2938 err && *err ? *err : "", path);
2939 goto end;
2940 }
2941
Willy Tarreaubb137a82016-04-06 19:02:38 +02002942 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02002943 if (BIO_reset(in) == -1) {
2944 memprintf(err, "%san error occurred while reading the file '%s'.\n",
2945 err && *err ? *err : "", path);
2946 goto end;
2947 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02002948
2949 /* Read Certificate */
2950 ckch->cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
2951 if (ckch->cert == NULL) {
2952 memprintf(err, "%sunable to load certificate from file '%s'.\n",
2953 err && *err ? *err : "", path);
2954 goto end;
2955 }
2956
yanbzhu488a4d22015-12-01 15:16:07 -05002957 /* Read Certificate Chain */
2958 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
2959 /* Grow the chain certs */
2960 ckch->num_chain_certs++;
2961 ckch->chain_certs = realloc(ckch->chain_certs, (ckch->num_chain_certs * sizeof(X509 *)));
2962
2963 /* use - 1 here since we just incremented it above */
2964 ckch->chain_certs[ckch->num_chain_certs - 1] = ca;
2965 }
2966 ret = ERR_get_error();
2967 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
2968 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
2969 err && *err ? *err : "", path);
2970 ret = 1;
2971 goto end;
2972 }
2973
2974 ret = 0;
2975
2976end:
2977
2978 ERR_clear_error();
2979 if (in)
2980 BIO_free(in);
2981
2982 /* Something went wrong in one of the reads */
2983 if (ret != 0)
2984 ssl_sock_free_cert_key_and_chain_contents(ckch);
2985
2986 return ret;
2987}
2988
2989/* Loads the info in ckch into ctx
2990 * Currently, this does not process any information about ocsp, dhparams or
2991 * sctl
2992 * Returns
2993 * 0 on success
2994 * 1 on failure
2995 */
2996static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
2997{
2998 int i = 0;
2999
3000 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
3001 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
3002 err && *err ? *err : "", path);
3003 return 1;
3004 }
3005
3006 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
3007 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
3008 err && *err ? *err : "", path);
3009 return 1;
3010 }
3011
yanbzhu488a4d22015-12-01 15:16:07 -05003012 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
3013 for (i = 0; i < ckch->num_chain_certs; i++) {
3014 if (!SSL_CTX_add1_chain_cert(ctx, ckch->chain_certs[i])) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003015 memprintf(err, "%sunable to load chain certificate #%d into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
3016 err && *err ? *err : "", (i+1), path);
yanbzhu488a4d22015-12-01 15:16:07 -05003017 return 1;
3018 }
3019 }
3020
3021 if (SSL_CTX_check_private_key(ctx) <= 0) {
3022 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3023 err && *err ? *err : "", path);
3024 return 1;
3025 }
3026
3027 return 0;
3028}
3029
yanbzhu08ce6ab2015-12-02 13:01:29 -05003030
3031static void ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
3032{
3033 struct sni_keytype *s_kt = NULL;
3034 struct ebmb_node *node;
3035 int i;
3036
3037 for (i = 0; i < trash.size; i++) {
3038 if (!str[i])
3039 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003040 trash.area[i] = tolower(str[i]);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003041 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003042 trash.area[i] = 0;
3043 node = ebst_lookup(sni_keytypes, trash.area);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003044 if (!node) {
3045 /* CN not found in tree */
3046 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
3047 /* Using memcpy here instead of strncpy.
3048 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
3049 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
3050 */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003051 memcpy(s_kt->name.key, trash.area, i+1);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003052 s_kt->keytypes = 0;
3053 ebst_insert(sni_keytypes, &s_kt->name);
3054 } else {
3055 /* CN found in tree */
3056 s_kt = container_of(node, struct sni_keytype, name);
3057 }
3058
3059 /* Mark that this CN has the keytype of key_index via keytypes mask */
3060 s_kt->keytypes |= 1<<key_index;
3061
3062}
3063
3064
3065/* Given a path that does not exist, try to check for path.rsa, path.dsa and path.ecdsa files.
3066 * If any are found, group these files into a set of SSL_CTX*
3067 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
3068 *
Joseph Herlant017b3da2018-11-15 09:07:59 -08003069 * This will allow the user to explicitly group multiple cert/keys for a single purpose
yanbzhu08ce6ab2015-12-02 13:01:29 -05003070 *
3071 * Returns
3072 * 0 on success
3073 * 1 on failure
3074 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003075static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3076 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003077{
3078 char fp[MAXPATHLEN+1] = {0};
3079 int n = 0;
3080 int i = 0;
3081 struct cert_key_and_chain certs_and_keys[SSL_SOCK_NUM_KEYTYPES] = { {0} };
3082 struct eb_root sni_keytypes_map = { {0} };
3083 struct ebmb_node *node;
3084 struct ebmb_node *next;
3085 /* Array of SSL_CTX pointers corresponding to each possible combo
3086 * of keytypes
3087 */
3088 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
3089 int rv = 0;
3090 X509_NAME *xname = NULL;
3091 char *str = NULL;
3092#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3093 STACK_OF(GENERAL_NAME) *names = NULL;
3094#endif
3095
3096 /* Load all possible certs and keys */
3097 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3098 struct stat buf;
3099
3100 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3101 if (stat(fp, &buf) == 0) {
3102 if (ssl_sock_load_crt_file_into_ckch(fp, &certs_and_keys[n], err) == 1) {
3103 rv = 1;
3104 goto end;
3105 }
3106 }
3107 }
3108
3109 /* Process each ckch and update keytypes for each CN/SAN
3110 * for example, if CN/SAN www.a.com is associated with
3111 * certs with keytype 0 and 2, then at the end of the loop,
3112 * www.a.com will have:
3113 * keyindex = 0 | 1 | 4 = 5
3114 */
3115 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3116
3117 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3118 continue;
3119
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003120 if (fcount) {
Willy Tarreau24b892f2016-06-20 23:01:57 +02003121 for (i = 0; i < fcount; i++)
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003122 ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3123 } else {
3124 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3125 * so the line that contains logic is marked via comments
3126 */
3127 xname = X509_get_subject_name(certs_and_keys[n].cert);
3128 i = -1;
3129 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3130 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003131 ASN1_STRING *value;
3132 value = X509_NAME_ENTRY_get_data(entry);
3133 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003134 /* Important line is here */
3135 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003136
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003137 OPENSSL_free(str);
3138 str = NULL;
3139 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003140 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003141
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003142 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003143#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003144 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3145 if (names) {
3146 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3147 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003148
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003149 if (name->type == GEN_DNS) {
3150 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3151 /* Important line is here */
3152 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003153
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003154 OPENSSL_free(str);
3155 str = NULL;
3156 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003157 }
3158 }
3159 }
3160 }
3161#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3162 }
3163
3164 /* If no files found, return error */
3165 if (eb_is_empty(&sni_keytypes_map)) {
3166 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3167 err && *err ? *err : "", path);
3168 rv = 1;
3169 goto end;
3170 }
3171
3172 /* We now have a map of CN/SAN to keytypes that are loaded in
3173 * Iterate through the map to create the SSL_CTX's (if needed)
3174 * and add each CTX to the SNI tree
3175 *
3176 * Some math here:
Joseph Herlant017b3da2018-11-15 09:07:59 -08003177 * There are 2^n - 1 possible combinations, each unique
yanbzhu08ce6ab2015-12-02 13:01:29 -05003178 * combination is denoted by the key in the map. Each key
3179 * has a value between 1 and 2^n - 1. Conveniently, the array
3180 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3181 * entry in the array to correspond to the unique combo (key)
3182 * associated with i. This unique key combo (i) will be associated
3183 * with combos[i-1]
3184 */
3185
3186 node = ebmb_first(&sni_keytypes_map);
3187 while (node) {
3188 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003189 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003190 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003191
3192 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3193 i = container_of(node, struct sni_keytype, name)->keytypes;
3194 cur_ctx = key_combos[i-1].ctx;
3195
3196 if (cur_ctx == NULL) {
3197 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003198 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003199 if (cur_ctx == NULL) {
3200 memprintf(err, "%sunable to allocate SSL context.\n",
3201 err && *err ? *err : "");
3202 rv = 1;
3203 goto end;
3204 }
3205
yanbzhube2774d2015-12-10 15:07:30 -05003206 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003207 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3208 if (i & (1<<n)) {
3209 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003210 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3211 if (ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err) != 0) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003212 SSL_CTX_free(cur_ctx);
3213 rv = 1;
3214 goto end;
3215 }
yanbzhube2774d2015-12-10 15:07:30 -05003216
3217#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
3218 /* Load OCSP Info into context */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003219 if (ssl_sock_load_ocsp(cur_ctx, cur_file) < 0) {
yanbzhube2774d2015-12-10 15:07:30 -05003220 if (err)
3221 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
Bertrand Jacquin5424ee02016-11-13 16:37:14 +00003222 *err ? *err : "", cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003223 SSL_CTX_free(cur_ctx);
3224 rv = 1;
3225 goto end;
3226 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003227#elif (defined OPENSSL_IS_BORINGSSL)
3228 ssl_sock_set_ocsp_response_from_file(cur_ctx, cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003229#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05003230 }
3231 }
3232
3233 /* Load DH params into the ctx to support DHE keys */
3234#ifndef OPENSSL_NO_DH
3235 if (ssl_dh_ptr_index >= 0)
3236 SSL_CTX_set_ex_data(cur_ctx, ssl_dh_ptr_index, NULL);
3237
3238 rv = ssl_sock_load_dh_params(cur_ctx, NULL);
3239 if (rv < 0) {
3240 if (err)
3241 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3242 *err ? *err : "", path);
3243 rv = 1;
3244 goto end;
3245 }
3246#endif
3247
3248 /* Update key_combos */
3249 key_combos[i-1].ctx = cur_ctx;
3250 }
3251
3252 /* Update SNI Tree */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003253 key_combos[i-1].order = ssl_sock_add_cert_sni(cur_ctx, bind_conf, ssl_conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003254 kinfo, str, key_combos[i-1].order);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003255 node = ebmb_next(node);
3256 }
3257
3258
3259 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3260 if (!bind_conf->default_ctx) {
3261 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3262 if (key_combos[i].ctx) {
3263 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003264 bind_conf->default_ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003265 break;
3266 }
3267 }
3268 }
3269
3270end:
3271
3272 if (names)
3273 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
3274
3275 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
3276 ssl_sock_free_cert_key_and_chain_contents(&certs_and_keys[n]);
3277
3278 node = ebmb_first(&sni_keytypes_map);
3279 while (node) {
3280 next = ebmb_next(node);
3281 ebmb_delete(node);
3282 node = next;
3283 }
3284
3285 return rv;
3286}
3287#else
3288/* This is a dummy, that just logs an error and returns error */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003289static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3290 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003291{
3292 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3293 err && *err ? *err : "", path, strerror(errno));
3294 return 1;
3295}
3296
yanbzhu488a4d22015-12-01 15:16:07 -05003297#endif /* #if OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
3298
Emeric Brunfc0421f2012-09-07 17:30:07 +02003299/* Loads a certificate key and CA chain from a file. Returns 0 on error, -1 if
3300 * an early error happens and the caller must call SSL_CTX_free() by itelf.
3301 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003302static int ssl_sock_load_cert_chain_file(SSL_CTX *ctx, const char *file, struct bind_conf *s,
3303 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003304{
3305 BIO *in;
3306 X509 *x = NULL, *ca;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003307 int i, err;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003308 int ret = -1;
3309 int order = 0;
3310 X509_NAME *xname;
3311 char *str;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003312 pem_password_cb *passwd_cb;
3313 void *passwd_cb_userdata;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003314 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003315 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003316
Emeric Brunfc0421f2012-09-07 17:30:07 +02003317#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3318 STACK_OF(GENERAL_NAME) *names;
3319#endif
3320
3321 in = BIO_new(BIO_s_file());
3322 if (in == NULL)
3323 goto end;
3324
3325 if (BIO_read_filename(in, file) <= 0)
3326 goto end;
3327
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003328
3329 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
3330 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
3331
3332 x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003333 if (x == NULL)
3334 goto end;
3335
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003336 pkey = X509_get_pubkey(x);
3337 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003338 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003339 switch(EVP_PKEY_base_id(pkey)) {
3340 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003341 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003342 break;
3343 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003344 kinfo.sig = TLSEXT_signature_ecdsa;
3345 break;
3346 case EVP_PKEY_DSA:
3347 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003348 break;
3349 }
3350 EVP_PKEY_free(pkey);
3351 }
3352
Emeric Brun50bcecc2013-04-22 13:05:23 +02003353 if (fcount) {
3354 while (fcount--)
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003355 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, sni_filter[fcount], order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003356 }
3357 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003358#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003359 names = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
3360 if (names) {
3361 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3362 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
3363 if (name->type == GEN_DNS) {
3364 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003365 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003366 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003367 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003368 }
3369 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003370 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003371 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003372#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003373 xname = X509_get_subject_name(x);
3374 i = -1;
3375 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3376 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003377 ASN1_STRING *value;
3378
3379 value = X509_NAME_ENTRY_get_data(entry);
3380 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003381 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003382 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003383 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003384 }
3385 }
3386
3387 ret = 0; /* the caller must not free the SSL_CTX argument anymore */
3388 if (!SSL_CTX_use_certificate(ctx, x))
3389 goto end;
3390
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003391#ifdef SSL_CTX_clear_extra_chain_certs
3392 SSL_CTX_clear_extra_chain_certs(ctx);
3393#else
Emeric Brunfc0421f2012-09-07 17:30:07 +02003394 if (ctx->extra_certs != NULL) {
3395 sk_X509_pop_free(ctx->extra_certs, X509_free);
3396 ctx->extra_certs = NULL;
3397 }
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003398#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003399
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003400 while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_cb_userdata))) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003401 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3402 X509_free(ca);
3403 goto end;
3404 }
3405 }
3406
3407 err = ERR_get_error();
3408 if (!err || (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
3409 /* we successfully reached the last cert in the file */
3410 ret = 1;
3411 }
3412 ERR_clear_error();
3413
3414end:
3415 if (x)
3416 X509_free(x);
3417
3418 if (in)
3419 BIO_free(in);
3420
3421 return ret;
3422}
3423
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003424static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3425 char **sni_filter, int fcount, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003426{
3427 int ret;
3428 SSL_CTX *ctx;
3429
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003430 ctx = SSL_CTX_new(SSLv23_server_method());
Emeric Brunfc0421f2012-09-07 17:30:07 +02003431 if (!ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003432 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3433 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003434 return 1;
3435 }
3436
3437 if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003438 memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n",
3439 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003440 SSL_CTX_free(ctx);
3441 return 1;
3442 }
3443
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003444 ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, ssl_conf, sni_filter, fcount);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003445 if (ret <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003446 memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n",
3447 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003448 if (ret < 0) /* serious error, must do that ourselves */
3449 SSL_CTX_free(ctx);
3450 return 1;
3451 }
Emeric Brun61694ab2012-10-26 13:35:33 +02003452
3453 if (SSL_CTX_check_private_key(ctx) <= 0) {
3454 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3455 err && *err ? *err : "", path);
3456 return 1;
3457 }
3458
Emeric Brunfc0421f2012-09-07 17:30:07 +02003459 /* we must not free the SSL_CTX anymore below, since it's already in
3460 * the tree, so it will be discovered and cleaned in time.
3461 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003462#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +02003463 /* store a NULL pointer to indicate we have not yet loaded
3464 a custom DH param file */
3465 if (ssl_dh_ptr_index >= 0) {
3466 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3467 }
3468
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003469 ret = ssl_sock_load_dh_params(ctx, path);
3470 if (ret < 0) {
3471 if (err)
3472 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3473 *err ? *err : "", path);
3474 return 1;
3475 }
3476#endif
3477
Lukas Tribuse4e30f72014-12-09 16:32:51 +01003478#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +02003479 ret = ssl_sock_load_ocsp(ctx, path);
3480 if (ret < 0) {
3481 if (err)
3482 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3483 *err ? *err : "", path);
3484 return 1;
3485 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003486#elif (defined OPENSSL_IS_BORINGSSL)
3487 ssl_sock_set_ocsp_response_from_file(ctx, path);
Emeric Brun4147b2e2014-06-16 18:36:30 +02003488#endif
3489
Daniel Jakots54ffb912015-11-06 20:02:41 +01003490#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01003491 if (sctl_ex_index >= 0) {
3492 ret = ssl_sock_load_sctl(ctx, path);
3493 if (ret < 0) {
3494 if (err)
3495 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3496 *err ? *err : "", path);
3497 return 1;
3498 }
3499 }
3500#endif
3501
Emeric Brunfc0421f2012-09-07 17:30:07 +02003502#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003503 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003504 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
3505 err && *err ? *err : "");
Emeric Brunfc0421f2012-09-07 17:30:07 +02003506 return 1;
3507 }
3508#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003509 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003510 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003511 bind_conf->default_ssl_conf = ssl_conf;
3512 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003513
3514 return 0;
3515}
3516
Willy Tarreau03209342016-12-22 17:08:28 +01003517int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003518{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003519 struct dirent **de_list;
3520 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003521 DIR *dir;
3522 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01003523 char *end;
3524 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02003525 int cfgerr = 0;
yanbzhu63ea8462015-12-09 13:35:14 -05003526#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
3527 int is_bundle;
3528 int j;
3529#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003530
yanbzhu08ce6ab2015-12-02 13:01:29 -05003531 if (stat(path, &buf) == 0) {
3532 dir = opendir(path);
3533 if (!dir)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003534 return ssl_sock_load_cert_file(path, bind_conf, NULL, NULL, 0, err);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003535
yanbzhu08ce6ab2015-12-02 13:01:29 -05003536 /* strip trailing slashes, including first one */
3537 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
3538 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003539
yanbzhu08ce6ab2015-12-02 13:01:29 -05003540 n = scandir(path, &de_list, 0, alphasort);
3541 if (n < 0) {
3542 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
3543 err && *err ? *err : "", path, strerror(errno));
3544 cfgerr++;
3545 }
3546 else {
3547 for (i = 0; i < n; i++) {
3548 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02003549
yanbzhu08ce6ab2015-12-02 13:01:29 -05003550 end = strrchr(de->d_name, '.');
3551 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
3552 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003553
yanbzhu08ce6ab2015-12-02 13:01:29 -05003554 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
3555 if (stat(fp, &buf) != 0) {
3556 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3557 err && *err ? *err : "", fp, strerror(errno));
3558 cfgerr++;
3559 goto ignore_entry;
3560 }
3561 if (!S_ISREG(buf.st_mode))
3562 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05003563
3564#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
3565 is_bundle = 0;
3566 /* Check if current entry in directory is part of a multi-cert bundle */
3567
3568 if (end) {
3569 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
3570 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
3571 is_bundle = 1;
3572 break;
3573 }
3574 }
3575
3576 if (is_bundle) {
3577 char dp[MAXPATHLEN+1] = {0}; /* this will be the filename w/o the keytype */
3578 int dp_len;
3579
3580 dp_len = end - de->d_name;
3581 snprintf(dp, dp_len + 1, "%s", de->d_name);
3582
3583 /* increment i and free de until we get to a non-bundle cert
3584 * Note here that we look at de_list[i + 1] before freeing de
3585 * this is important since ignore_entry will free de
3586 */
3587 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, dp, dp_len)) {
3588 free(de);
3589 i++;
3590 de = de_list[i];
3591 }
3592
3593 snprintf(fp, sizeof(fp), "%s/%s", path, dp);
Emeric Bruneb155b62018-08-16 15:11:12 +02003594 cfgerr += ssl_sock_load_multi_cert(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05003595
3596 /* Successfully processed the bundle */
3597 goto ignore_entry;
3598 }
3599 }
3600
3601#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003602 cfgerr += ssl_sock_load_cert_file(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003603ignore_entry:
3604 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003605 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003606 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003607 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003608 closedir(dir);
3609 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003610 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003611
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003612 cfgerr = ssl_sock_load_multi_cert(path, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003613
Emeric Brunfc0421f2012-09-07 17:30:07 +02003614 return cfgerr;
3615}
3616
Thierry Fournier383085f2013-01-24 14:15:43 +01003617/* Make sure openssl opens /dev/urandom before the chroot. The work is only
3618 * done once. Zero is returned if the operation fails. No error is returned
3619 * if the random is said as not implemented, because we expect that openssl
3620 * will use another method once needed.
3621 */
3622static int ssl_initialize_random()
3623{
3624 unsigned char random;
3625 static int random_initialized = 0;
3626
3627 if (!random_initialized && RAND_bytes(&random, 1) != 0)
3628 random_initialized = 1;
3629
3630 return random_initialized;
3631}
3632
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003633/* release ssl bind conf */
3634void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003635{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003636 if (conf) {
Bernard Spil13c53f82018-02-15 13:34:58 +01003637#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003638 free(conf->npn_str);
3639 conf->npn_str = NULL;
3640#endif
3641#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
3642 free(conf->alpn_str);
3643 conf->alpn_str = NULL;
3644#endif
3645 free(conf->ca_file);
3646 conf->ca_file = NULL;
3647 free(conf->crl_file);
3648 conf->crl_file = NULL;
3649 free(conf->ciphers);
3650 conf->ciphers = NULL;
Dirkjan Bussink415150f2018-09-14 11:14:21 +02003651#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
3652 free(conf->ciphersuites);
3653 conf->ciphersuites = NULL;
3654#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01003655 free(conf->curves);
3656 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003657 free(conf->ecdhe);
3658 conf->ecdhe = NULL;
3659 }
3660}
3661
3662int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
3663{
3664 char thisline[CRT_LINESIZE];
3665 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003666 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05003667 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003668 int linenum = 0;
3669 int cfgerr = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003670
Willy Tarreauad1731d2013-04-02 17:35:58 +02003671 if ((f = fopen(file, "r")) == NULL) {
3672 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003673 return 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003674 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003675
3676 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003677 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003678 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003679 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003680 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003681 char *crt_path;
3682 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003683
3684 linenum++;
3685 end = line + strlen(line);
3686 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
3687 /* Check if we reached the limit and the last char is not \n.
3688 * Watch out for the last line without the terminating '\n'!
3689 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02003690 memprintf(err, "line %d too long in file '%s', limit is %d characters",
3691 linenum, file, (int)sizeof(thisline)-1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003692 cfgerr = 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003693 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003694 }
3695
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003696 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02003697 newarg = 1;
3698 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003699 if (*line == '#' || *line == '\n' || *line == '\r') {
3700 /* end of string, end of loop */
3701 *line = 0;
3702 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003703 } else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02003704 newarg = 1;
3705 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003706 } else if (*line == '[') {
3707 if (ssl_b) {
3708 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
3709 cfgerr = 1;
3710 break;
3711 }
3712 if (!arg) {
3713 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
3714 cfgerr = 1;
3715 break;
3716 }
3717 ssl_b = arg;
3718 newarg = 1;
3719 *line = 0;
3720 } else if (*line == ']') {
3721 if (ssl_e) {
3722 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Emeric Brun50bcecc2013-04-22 13:05:23 +02003723 cfgerr = 1;
3724 break;
3725 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003726 if (!ssl_b) {
3727 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
3728 cfgerr = 1;
3729 break;
3730 }
3731 ssl_e = arg;
3732 newarg = 1;
3733 *line = 0;
3734 } else if (newarg) {
3735 if (arg == MAX_CRT_ARGS) {
3736 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
3737 cfgerr = 1;
3738 break;
3739 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003740 newarg = 0;
3741 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003742 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003743 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003744 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003745 if (cfgerr)
3746 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003747 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003748
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003749 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003750 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003751 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003752
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003753 crt_path = args[0];
3754 if (*crt_path != '/' && global_ssl.crt_base) {
3755 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
3756 memprintf(err, "'%s' : path too long on line %d in file '%s'",
3757 crt_path, linenum, file);
3758 cfgerr = 1;
3759 break;
3760 }
3761 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
3762 crt_path = path;
3763 }
3764
3765 ssl_conf = calloc(1, sizeof *ssl_conf);
3766 cur_arg = ssl_b ? ssl_b : 1;
3767 while (cur_arg < ssl_e) {
3768 newarg = 0;
3769 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
3770 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
3771 newarg = 1;
3772 cfgerr = ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
3773 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
3774 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
3775 args[cur_arg], linenum, file);
3776 cfgerr = 1;
3777 }
3778 cur_arg += 1 + ssl_bind_kws[i].skip;
3779 break;
3780 }
3781 }
3782 if (!cfgerr && !newarg) {
3783 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
3784 args[cur_arg], linenum, file);
3785 cfgerr = 1;
3786 break;
3787 }
3788 }
3789 if (cfgerr) {
3790 ssl_sock_free_ssl_conf(ssl_conf);
3791 free(ssl_conf);
3792 ssl_conf = NULL;
3793 break;
3794 }
3795
3796 if (stat(crt_path, &buf) == 0) {
3797 cfgerr = ssl_sock_load_cert_file(crt_path, bind_conf, ssl_conf,
3798 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003799 } else {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003800 cfgerr = ssl_sock_load_multi_cert(crt_path, bind_conf, ssl_conf,
3801 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003802 }
3803
Willy Tarreauad1731d2013-04-02 17:35:58 +02003804 if (cfgerr) {
3805 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003806 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003807 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003808 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003809 fclose(f);
3810 return cfgerr;
3811}
3812
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003813/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003814static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003815ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003816{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003817 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003818 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003819 SSL_OP_ALL | /* all known workarounds for bugs */
3820 SSL_OP_NO_SSLv2 |
3821 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003822 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02003823 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003824 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02003825 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003826 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003827 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003828 SSL_MODE_ENABLE_PARTIAL_WRITE |
3829 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01003830 SSL_MODE_RELEASE_BUFFERS |
3831 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02003832 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003833 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003834 int flags = MC_SSL_O_ALL;
3835 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003836
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003837 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003838 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003839
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003840 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01003841 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
3842 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3843 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003844 else
3845 flags = conf_ssl_methods->flags;
3846
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003847 min = conf_ssl_methods->min;
3848 max = conf_ssl_methods->max;
3849 /* start with TLSv10 to remove SSLv3 per default */
3850 if (!min && (!max || max >= CONF_TLSV10))
3851 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003852 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003853 if (min)
3854 flags |= (methodVersions[min].flag - 1);
3855 if (max)
3856 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003857 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003858 min = max = CONF_TLSV_NONE;
3859 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003860 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003861 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003862 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003863 if (min) {
3864 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003865 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
3866 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3867 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
3868 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003869 hole = 0;
3870 }
3871 max = i;
3872 }
3873 else {
3874 min = max = i;
3875 }
3876 }
3877 else {
3878 if (min)
3879 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003880 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003881 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003882 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
3883 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003884 cfgerr += 1;
3885 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02003886 /* save real min/max in bind_conf */
3887 conf_ssl_methods->min = min;
3888 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003889
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02003890#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003891 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08003892 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003893 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003894 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003895 else
3896 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
3897 if (flags & methodVersions[i].flag)
3898 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003899#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003900 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003901 methodVersions[min].ctx_set_version(ctx, SET_MIN);
3902 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02003903#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003904
3905 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
3906 options |= SSL_OP_NO_TICKET;
3907 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
3908 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
Dirkjan Bussink526894f2019-01-21 09:35:03 -08003909
3910#ifdef SSL_OP_NO_RENEGOTIATION
3911 options |= SSL_OP_NO_RENEGOTIATION;
3912#endif
3913
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003914 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003915
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02003916#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003917 if (global_ssl.async)
3918 mode |= SSL_MODE_ASYNC;
3919#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003920 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003921 if (global_ssl.life_time)
3922 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003923
3924#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3925#ifdef OPENSSL_IS_BORINGSSL
3926 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
3927 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02003928#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard51088ce2019-01-02 18:46:41 +01003929 if (bind_conf->ssl_conf.early_data) {
3930 SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
3931 SSL_CTX_set_max_early_data(ctx, global.tune.bufsize - global.tune.maxrewrite);
3932 }
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02003933 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
3934 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003935#else
3936 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003937#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02003938 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003939#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003940 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003941}
3942
William Lallemand4f45bb92017-10-30 20:08:51 +01003943
3944static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
3945{
3946 if (first == block) {
3947 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
3948 if (first->len > 0)
3949 sh_ssl_sess_tree_delete(sh_ssl_sess);
3950 }
3951}
3952
3953/* return first block from sh_ssl_sess */
3954static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
3955{
3956 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
3957
3958}
3959
3960/* store a session into the cache
3961 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
3962 * data: asn1 encoded session
3963 * data_len: asn1 encoded session length
3964 * Returns 1 id session was stored (else 0)
3965 */
3966static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
3967{
3968 struct shared_block *first;
3969 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
3970
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02003971 first = shctx_row_reserve_hot(ssl_shctx, NULL, data_len + sizeof(struct sh_ssl_sess_hdr));
William Lallemand4f45bb92017-10-30 20:08:51 +01003972 if (!first) {
3973 /* Could not retrieve enough free blocks to store that session */
3974 return 0;
3975 }
3976
3977 /* STORE the key in the first elem */
3978 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
3979 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
3980 first->len = sizeof(struct sh_ssl_sess_hdr);
3981
3982 /* it returns the already existing node
3983 or current node if none, never returns null */
3984 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
3985 if (oldsh_ssl_sess != sh_ssl_sess) {
3986 /* NOTE: Row couldn't be in use because we lock read & write function */
3987 /* release the reserved row */
3988 shctx_row_dec_hot(ssl_shctx, first);
3989 /* replace the previous session already in the tree */
3990 sh_ssl_sess = oldsh_ssl_sess;
3991 /* ignore the previous session data, only use the header */
3992 first = sh_ssl_sess_first_block(sh_ssl_sess);
3993 shctx_row_inc_hot(ssl_shctx, first);
3994 first->len = sizeof(struct sh_ssl_sess_hdr);
3995 }
3996
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02003997 if (shctx_row_data_append(ssl_shctx, first, NULL, data, data_len) < 0) {
William Lallemand99b90af2018-01-03 19:15:51 +01003998 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01003999 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01004000 }
4001
4002 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004003
4004 return 1;
4005}
William Lallemanded0b5ad2017-10-30 19:36:36 +01004006
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004007/* SSL callback used when a new session is created while connecting to a server */
4008static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
4009{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004010 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004011 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004012
Willy Tarreau07d94e42018-09-20 10:57:52 +02004013 s = __objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004014
Olivier Houcharde6060c52017-11-16 17:42:52 +01004015 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
4016 int len;
4017 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004018
Olivier Houcharde6060c52017-11-16 17:42:52 +01004019 len = i2d_SSL_SESSION(sess, NULL);
4020 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
4021 ptr = s->ssl_ctx.reused_sess[tid].ptr;
4022 } else {
4023 free(s->ssl_ctx.reused_sess[tid].ptr);
4024 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
4025 s->ssl_ctx.reused_sess[tid].allocated_size = len;
4026 }
4027 if (s->ssl_ctx.reused_sess[tid].ptr) {
4028 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
4029 &ptr);
4030 }
4031 } else {
4032 free(s->ssl_ctx.reused_sess[tid].ptr);
4033 s->ssl_ctx.reused_sess[tid].ptr = NULL;
4034 }
4035
4036 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004037}
4038
Olivier Houcharde6060c52017-11-16 17:42:52 +01004039
William Lallemanded0b5ad2017-10-30 19:36:36 +01004040/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01004041int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004042{
4043 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
4044 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
4045 unsigned char *p;
4046 int data_len;
4047 unsigned int sid_length, sid_ctx_length;
4048 const unsigned char *sid_data;
4049 const unsigned char *sid_ctx_data;
4050
4051 /* Session id is already stored in to key and session id is known
4052 * so we dont store it to keep size.
4053 */
4054
4055 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4056 sid_ctx_data = SSL_SESSION_get0_id_context(sess, &sid_ctx_length);
4057 SSL_SESSION_set1_id(sess, sid_data, 0);
4058 SSL_SESSION_set1_id_context(sess, sid_ctx_data, 0);
4059
4060 /* check if buffer is large enough for the ASN1 encoded session */
4061 data_len = i2d_SSL_SESSION(sess, NULL);
4062 if (data_len > SHSESS_MAX_DATA_LEN)
4063 goto err;
4064
4065 p = encsess;
4066
4067 /* process ASN1 session encoding before the lock */
4068 i2d_SSL_SESSION(sess, &p);
4069
4070 memcpy(encid, sid_data, sid_length);
4071 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
4072 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
4073
William Lallemanda3c77cf2017-10-30 23:44:40 +01004074 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004075 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004076 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01004077 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004078err:
4079 /* reset original length values */
4080 SSL_SESSION_set1_id(sess, sid_data, sid_length);
4081 SSL_SESSION_set1_id_context(sess, sid_ctx_data, sid_ctx_length);
4082
4083 return 0; /* do not increment session reference count */
4084}
4085
4086/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004087SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004088{
William Lallemand4f45bb92017-10-30 20:08:51 +01004089 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004090 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
4091 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01004092 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01004093 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004094
4095 global.shctx_lookups++;
4096
4097 /* allow the session to be freed automatically by openssl */
4098 *do_copy = 0;
4099
4100 /* tree key is zeros padded sessionid */
4101 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4102 memcpy(tmpkey, key, key_len);
4103 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
4104 key = tmpkey;
4105 }
4106
4107 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004108 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004109
4110 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004111 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
4112 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004113 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004114 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004115 global.shctx_misses++;
4116 return NULL;
4117 }
4118
William Lallemand4f45bb92017-10-30 20:08:51 +01004119 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
4120 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004121
William Lallemand4f45bb92017-10-30 20:08:51 +01004122 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004123
William Lallemanda3c77cf2017-10-30 23:44:40 +01004124 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004125
4126 /* decode ASN1 session */
4127 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004128 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004129 /* Reset session id and session id contenxt */
4130 if (sess) {
4131 SSL_SESSION_set1_id(sess, key, key_len);
4132 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4133 }
4134
4135 return sess;
4136}
4137
William Lallemand4f45bb92017-10-30 20:08:51 +01004138
William Lallemanded0b5ad2017-10-30 19:36:36 +01004139/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004140void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004141{
William Lallemand4f45bb92017-10-30 20:08:51 +01004142 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004143 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4144 unsigned int sid_length;
4145 const unsigned char *sid_data;
4146 (void)ctx;
4147
4148 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4149 /* tree key is zeros padded sessionid */
4150 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4151 memcpy(tmpkey, sid_data, sid_length);
4152 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4153 sid_data = tmpkey;
4154 }
4155
William Lallemanda3c77cf2017-10-30 23:44:40 +01004156 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004157
4158 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004159 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4160 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004161 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004162 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004163 }
4164
4165 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004166 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004167}
4168
4169/* Set session cache mode to server and disable openssl internal cache.
4170 * Set shared cache callbacks on an ssl context.
4171 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004172void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004173{
4174 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4175
4176 if (!ssl_shctx) {
4177 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4178 return;
4179 }
4180
4181 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4182 SSL_SESS_CACHE_NO_INTERNAL |
4183 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4184
4185 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004186 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4187 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4188 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004189}
4190
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004191int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx)
4192{
4193 struct proxy *curproxy = bind_conf->frontend;
4194 int cfgerr = 0;
4195 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004196 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004197 const char *conf_ciphers;
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004198#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
4199 const char *conf_ciphersuites;
4200#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004201 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004202
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004203 if (ssl_conf) {
4204 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4205 int i, min, max;
4206 int flags = MC_SSL_O_ALL;
4207
4208 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004209 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4210 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004211 if (min)
4212 flags |= (methodVersions[min].flag - 1);
4213 if (max)
4214 flags |= ~((methodVersions[max].flag << 1) - 1);
4215 min = max = CONF_TLSV_NONE;
4216 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4217 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4218 if (min)
4219 max = i;
4220 else
4221 min = max = i;
4222 }
4223 /* save real min/max */
4224 conf_ssl_methods->min = min;
4225 conf_ssl_methods->max = max;
4226 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004227 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4228 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004229 cfgerr += 1;
4230 }
4231 }
4232
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004233 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01004234 case SSL_SOCK_VERIFY_NONE:
4235 verify = SSL_VERIFY_NONE;
4236 break;
4237 case SSL_SOCK_VERIFY_OPTIONAL:
4238 verify = SSL_VERIFY_PEER;
4239 break;
4240 case SSL_SOCK_VERIFY_REQUIRED:
4241 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
4242 break;
4243 }
4244 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
4245 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004246 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
4247 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
4248 if (ca_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004249 /* load CAfile to verify */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004250 if (!SSL_CTX_load_verify_locations(ctx, ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004251 ha_alert("Proxy '%s': unable to load CA file '%s' for bind '%s' at [%s:%d].\n",
4252 curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004253 cfgerr++;
4254 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02004255 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
4256 /* set CA names for client cert request, function returns void */
4257 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(ca_file));
4258 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004259 }
Emeric Brun850efd52014-01-29 12:24:34 +01004260 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004261 ha_alert("Proxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
4262 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun850efd52014-01-29 12:24:34 +01004263 cfgerr++;
4264 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004265#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004266 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004267 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
4268
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004269 if (!store || !X509_STORE_load_locations(store, crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004270 ha_alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
4271 curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004272 cfgerr++;
4273 }
Emeric Brun561e5742012-10-02 15:20:55 +02004274 else {
4275 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4276 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004277 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004278#endif
Emeric Brun644cde02012-12-14 11:21:13 +01004279 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02004280 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004281#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02004282 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004283 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004284 ha_alert("Proxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
4285 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004286 cfgerr++;
4287 }
4288 }
4289#endif
4290
William Lallemand4f45bb92017-10-30 20:08:51 +01004291 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004292 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
4293 if (conf_ciphers &&
4294 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004295 ha_alert("Proxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
4296 curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004297 cfgerr++;
4298 }
4299
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004300#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
4301 conf_ciphersuites = (ssl_conf && ssl_conf->ciphersuites) ? ssl_conf->ciphersuites : bind_conf->ssl_conf.ciphersuites;
4302 if (conf_ciphersuites &&
4303 !SSL_CTX_set_ciphersuites(ctx, conf_ciphersuites)) {
4304 ha_alert("Proxy '%s': unable to set TLS 1.3 cipher suites to '%s' for bind '%s' at [%s:%d].\n",
4305 curproxy->id, conf_ciphersuites, bind_conf->arg, bind_conf->file, bind_conf->line);
4306 cfgerr++;
4307 }
4308#endif
4309
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004310#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02004311 /* If tune.ssl.default-dh-param has not been set,
4312 neither has ssl-default-dh-file and no static DH
4313 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01004314 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02004315 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02004316 (ssl_dh_ptr_index == -1 ||
4317 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004318 STACK_OF(SSL_CIPHER) * ciphers = NULL;
4319 const SSL_CIPHER * cipher = NULL;
4320 char cipher_description[128];
4321 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
4322 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
4323 which is not ephemeral DH. */
4324 const char dhe_description[] = " Kx=DH ";
4325 const char dhe_export_description[] = " Kx=DH(";
4326 int idx = 0;
4327 int dhe_found = 0;
4328 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004329
Remi Gacogne23d5d372014-10-10 17:04:26 +02004330 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004331
Remi Gacogne23d5d372014-10-10 17:04:26 +02004332 if (ssl) {
4333 ciphers = SSL_get_ciphers(ssl);
4334
4335 if (ciphers) {
4336 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
4337 cipher = sk_SSL_CIPHER_value(ciphers, idx);
4338 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
4339 if (strstr(cipher_description, dhe_description) != NULL ||
4340 strstr(cipher_description, dhe_export_description) != NULL) {
4341 dhe_found = 1;
4342 break;
4343 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02004344 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004345 }
4346 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02004347 SSL_free(ssl);
4348 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004349 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004350
Lukas Tribus90132722014-08-18 00:56:33 +02004351 if (dhe_found) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004352 ha_warning("Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n");
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004353 }
4354
Willy Tarreauef934602016-12-22 23:12:01 +01004355 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004356 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004357
Willy Tarreauef934602016-12-22 23:12:01 +01004358 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004359 if (local_dh_1024 == NULL) {
4360 local_dh_1024 = ssl_get_dh_1024();
4361 }
Willy Tarreauef934602016-12-22 23:12:01 +01004362 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004363 if (local_dh_2048 == NULL) {
4364 local_dh_2048 = ssl_get_dh_2048();
4365 }
Willy Tarreauef934602016-12-22 23:12:01 +01004366 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004367 if (local_dh_4096 == NULL) {
4368 local_dh_4096 = ssl_get_dh_4096();
4369 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004370 }
4371 }
4372 }
4373#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004374
Emeric Brunfc0421f2012-09-07 17:30:07 +02004375 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004376#if OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02004377 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004378#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02004379
Bernard Spil13c53f82018-02-15 13:34:58 +01004380#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004381 ssl_conf_cur = NULL;
4382 if (ssl_conf && ssl_conf->npn_str)
4383 ssl_conf_cur = ssl_conf;
4384 else if (bind_conf->ssl_conf.npn_str)
4385 ssl_conf_cur = &bind_conf->ssl_conf;
4386 if (ssl_conf_cur)
4387 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004388#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004389#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004390 ssl_conf_cur = NULL;
4391 if (ssl_conf && ssl_conf->alpn_str)
4392 ssl_conf_cur = ssl_conf;
4393 else if (bind_conf->ssl_conf.alpn_str)
4394 ssl_conf_cur = &bind_conf->ssl_conf;
4395 if (ssl_conf_cur)
4396 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02004397#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004398#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
4399 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
4400 if (conf_curves) {
4401 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004402 ha_alert("Proxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
4403 curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004404 cfgerr++;
4405 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01004406#if defined(SSL_CTX_set_ecdh_auto)
4407 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
4408#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004409 }
4410#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004411#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004412 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02004413 int i;
4414 EC_KEY *ecdh;
Olivier Houchardc2aae742017-09-22 18:26:28 +02004415#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004416 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02004417 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4418 NULL);
4419
4420 if (ecdhe == NULL) {
4421 SSL_CTX_set_dh_auto(ctx, 1);
4422 return cfgerr;
4423 }
4424#else
4425 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
4426 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4427 ECDHE_DEFAULT_CURVE);
4428#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004429
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004430 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02004431 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004432 ha_alert("Proxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
4433 curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun2b58d042012-09-20 17:10:03 +02004434 cfgerr++;
4435 }
4436 else {
4437 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
4438 EC_KEY_free(ecdh);
4439 }
4440 }
4441#endif
4442
Emeric Brunfc0421f2012-09-07 17:30:07 +02004443 return cfgerr;
4444}
4445
Evan Broderbe554312013-06-27 00:05:25 -07004446static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
4447{
4448 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
4449 size_t prefixlen, suffixlen;
4450
4451 /* Trivial case */
4452 if (strcmp(pattern, hostname) == 0)
4453 return 1;
4454
Evan Broderbe554312013-06-27 00:05:25 -07004455 /* The rest of this logic is based on RFC 6125, section 6.4.3
4456 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
4457
Emeric Bruna848dae2013-10-08 11:27:28 +02004458 pattern_wildcard = NULL;
4459 pattern_left_label_end = pattern;
4460 while (*pattern_left_label_end != '.') {
4461 switch (*pattern_left_label_end) {
4462 case 0:
4463 /* End of label not found */
4464 return 0;
4465 case '*':
4466 /* If there is more than one wildcards */
4467 if (pattern_wildcard)
4468 return 0;
4469 pattern_wildcard = pattern_left_label_end;
4470 break;
4471 }
4472 pattern_left_label_end++;
4473 }
4474
4475 /* If it's not trivial and there is no wildcard, it can't
4476 * match */
4477 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07004478 return 0;
4479
4480 /* Make sure all labels match except the leftmost */
4481 hostname_left_label_end = strchr(hostname, '.');
4482 if (!hostname_left_label_end
4483 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
4484 return 0;
4485
4486 /* Make sure the leftmost label of the hostname is long enough
4487 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02004488 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07004489 return 0;
4490
4491 /* Finally compare the string on either side of the
4492 * wildcard */
4493 prefixlen = pattern_wildcard - pattern;
4494 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02004495 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
4496 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07004497 return 0;
4498
4499 return 1;
4500}
4501
4502static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
4503{
4504 SSL *ssl;
4505 struct connection *conn;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004506 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02004507 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07004508
4509 int depth;
4510 X509 *cert;
4511 STACK_OF(GENERAL_NAME) *alt_names;
4512 int i;
4513 X509_NAME *cert_subject;
4514 char *str;
4515
4516 if (ok == 0)
4517 return ok;
4518
4519 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004520 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Evan Broderbe554312013-06-27 00:05:25 -07004521
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004522 /* We're checking if the provided hostnames match the desired one. The
4523 * desired hostname comes from the SNI we presented if any, or if not
4524 * provided then it may have been explicitly stated using a "verifyhost"
4525 * directive. If neither is set, we don't care about the name so the
4526 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02004527 */
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004528 servername = SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02004529 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004530 if (!servername) {
Willy Tarreau07d94e42018-09-20 10:57:52 +02004531 servername = __objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004532 if (!servername)
4533 return ok;
4534 }
Evan Broderbe554312013-06-27 00:05:25 -07004535
4536 /* We only need to verify the CN on the actual server cert,
4537 * not the indirect CAs */
4538 depth = X509_STORE_CTX_get_error_depth(ctx);
4539 if (depth != 0)
4540 return ok;
4541
4542 /* At this point, the cert is *not* OK unless we can find a
4543 * hostname match */
4544 ok = 0;
4545
4546 cert = X509_STORE_CTX_get_current_cert(ctx);
4547 /* It seems like this might happen if verify peer isn't set */
4548 if (!cert)
4549 return ok;
4550
4551 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
4552 if (alt_names) {
4553 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
4554 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
4555 if (name->type == GEN_DNS) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004556#if OPENSSL_VERSION_NUMBER < 0x00907000L
4557 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
4558#else
Evan Broderbe554312013-06-27 00:05:25 -07004559 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004560#endif
Evan Broderbe554312013-06-27 00:05:25 -07004561 ok = ssl_sock_srv_hostcheck(str, servername);
4562 OPENSSL_free(str);
4563 }
4564 }
4565 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02004566 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07004567 }
4568
4569 cert_subject = X509_get_subject_name(cert);
4570 i = -1;
4571 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
4572 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02004573 ASN1_STRING *value;
4574 value = X509_NAME_ENTRY_get_data(entry);
4575 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07004576 ok = ssl_sock_srv_hostcheck(str, servername);
4577 OPENSSL_free(str);
4578 }
4579 }
4580
Willy Tarreau71d058c2017-07-26 20:09:56 +02004581 /* report the mismatch and indicate if SNI was used or not */
4582 if (!ok && !conn->err_code)
4583 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07004584 return ok;
4585}
4586
Emeric Brun94324a42012-10-11 14:00:19 +02004587/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01004588int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02004589{
Willy Tarreau03209342016-12-22 17:08:28 +01004590 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02004591 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004592 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02004593 SSL_OP_ALL | /* all known workarounds for bugs */
4594 SSL_OP_NO_SSLv2 |
4595 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004596 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02004597 SSL_MODE_ENABLE_PARTIAL_WRITE |
4598 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004599 SSL_MODE_RELEASE_BUFFERS |
4600 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01004601 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004602 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004603 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004604 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004605 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02004606
Thierry Fournier383085f2013-01-24 14:15:43 +01004607 /* Make sure openssl opens /dev/urandom before the chroot */
4608 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004609 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01004610 cfgerr++;
4611 }
4612
Willy Tarreaufce03112015-01-15 21:32:40 +01004613 /* Automatic memory computations need to know we use SSL there */
4614 global.ssl_used_backend = 1;
4615
4616 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02004617 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01004618 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004619 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
4620 curproxy->id, srv->id,
4621 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004622 cfgerr++;
4623 return cfgerr;
4624 }
4625 }
Emeric Brun94324a42012-10-11 14:00:19 +02004626 if (srv->use_ssl)
4627 srv->xprt = &ssl_sock;
4628 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01004629 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02004630
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004631 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004632 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004633 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
4634 proxy_type_str(curproxy), curproxy->id,
4635 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02004636 cfgerr++;
4637 return cfgerr;
4638 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004639
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004640 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004641 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
4642 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4643 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004644 else
4645 flags = conf_ssl_methods->flags;
4646
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004647 /* Real min and max should be determinate with configuration and openssl's capabilities */
4648 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004649 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004650 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004651 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004652
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004653 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004654 min = max = CONF_TLSV_NONE;
4655 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004656 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004657 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004658 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004659 if (min) {
4660 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004661 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
4662 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4663 proxy_type_str(curproxy), curproxy->id, srv->id,
4664 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004665 hole = 0;
4666 }
4667 max = i;
4668 }
4669 else {
4670 min = max = i;
4671 }
4672 }
4673 else {
4674 if (min)
4675 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004676 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004677 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004678 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
4679 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004680 cfgerr += 1;
4681 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004682
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02004683#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004684 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08004685 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004686 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004687 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004688 else
4689 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4690 if (flags & methodVersions[i].flag)
4691 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004692#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004693 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004694 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4695 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004696#endif
4697
4698 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
4699 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004700 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004701
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02004702#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004703 if (global_ssl.async)
4704 mode |= SSL_MODE_ASYNC;
4705#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004706 SSL_CTX_set_mode(ctx, mode);
4707 srv->ssl_ctx.ctx = ctx;
4708
Emeric Bruna7aa3092012-10-26 12:58:00 +02004709 if (srv->ssl_ctx.client_crt) {
4710 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004711 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
4712 proxy_type_str(curproxy), curproxy->id,
4713 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004714 cfgerr++;
4715 }
4716 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004717 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
4718 proxy_type_str(curproxy), curproxy->id,
4719 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004720 cfgerr++;
4721 }
4722 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004723 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
4724 proxy_type_str(curproxy), curproxy->id,
4725 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004726 cfgerr++;
4727 }
4728 }
Emeric Brun94324a42012-10-11 14:00:19 +02004729
Emeric Brun850efd52014-01-29 12:24:34 +01004730 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
4731 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01004732 switch (srv->ssl_ctx.verify) {
4733 case SSL_SOCK_VERIFY_NONE:
4734 verify = SSL_VERIFY_NONE;
4735 break;
4736 case SSL_SOCK_VERIFY_REQUIRED:
4737 verify = SSL_VERIFY_PEER;
4738 break;
4739 }
Evan Broderbe554312013-06-27 00:05:25 -07004740 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01004741 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02004742 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01004743 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02004744 if (srv->ssl_ctx.ca_file) {
4745 /* load CAfile to verify */
4746 if (!SSL_CTX_load_verify_locations(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004747 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to load CA file '%s'.\n",
4748 curproxy->id, srv->id,
4749 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004750 cfgerr++;
4751 }
4752 }
Emeric Brun850efd52014-01-29 12:24:34 +01004753 else {
4754 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01004755 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
4756 curproxy->id, srv->id,
4757 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004758 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01004759 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
4760 curproxy->id, srv->id,
4761 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004762 cfgerr++;
4763 }
Emeric Brunef42d922012-10-11 16:11:36 +02004764#ifdef X509_V_FLAG_CRL_CHECK
4765 if (srv->ssl_ctx.crl_file) {
4766 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
4767
4768 if (!store || !X509_STORE_load_locations(store, srv->ssl_ctx.crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004769 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
4770 curproxy->id, srv->id,
4771 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004772 cfgerr++;
4773 }
4774 else {
4775 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4776 }
4777 }
4778#endif
4779 }
4780
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004781 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
4782 SSL_SESS_CACHE_NO_INTERNAL_STORE);
4783 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02004784 if (srv->ssl_ctx.ciphers &&
4785 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004786 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
4787 curproxy->id, srv->id,
4788 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02004789 cfgerr++;
4790 }
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004791
4792#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
4793 if (srv->ssl_ctx.ciphersuites &&
Pierre Cheynierbc34cd12019-03-21 16:15:47 +00004794 !SSL_CTX_set_ciphersuites(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphersuites)) {
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004795 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set TLS 1.3 cipher suites to '%s'.\n",
4796 curproxy->id, srv->id,
4797 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphersuites);
4798 cfgerr++;
4799 }
4800#endif
Olivier Houchardc7566002018-11-20 23:33:50 +01004801#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
4802 if (srv->ssl_ctx.npn_str)
4803 SSL_CTX_set_next_proto_select_cb(ctx, ssl_sock_srv_select_protos, srv);
4804#endif
4805#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4806 if (srv->ssl_ctx.alpn_str)
4807 SSL_CTX_set_alpn_protos(ctx, (unsigned char *)srv->ssl_ctx.alpn_str, srv->ssl_ctx.alpn_len);
4808#endif
4809
Emeric Brun94324a42012-10-11 14:00:19 +02004810
4811 return cfgerr;
4812}
4813
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004814/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004815 * be NULL, in which case nothing is done. Returns the number of errors
4816 * encountered.
4817 */
Willy Tarreau03209342016-12-22 17:08:28 +01004818int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004819{
4820 struct ebmb_node *node;
4821 struct sni_ctx *sni;
4822 int err = 0;
4823
Willy Tarreaufce03112015-01-15 21:32:40 +01004824 /* Automatic memory computations need to know we use SSL there */
4825 global.ssl_used_frontend = 1;
4826
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004827 /* Make sure openssl opens /dev/urandom before the chroot */
4828 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004829 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004830 err++;
4831 }
4832 /* Create initial_ctx used to start the ssl connection before do switchctx */
4833 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004834 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004835 /* It should not be necessary to call this function, but it's
4836 necessary first to check and move all initialisation related
4837 to initial_ctx in ssl_sock_initial_ctx. */
4838 err += ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx);
4839 }
Emeric Brun0bed9942014-10-30 19:25:24 +01004840 if (bind_conf->default_ctx)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004841 err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx);
Emeric Brun0bed9942014-10-30 19:25:24 +01004842
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004843 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004844 while (node) {
4845 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004846 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4847 /* only initialize the CTX on its first occurrence and
4848 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004849 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004850 node = ebmb_next(node);
4851 }
4852
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004853 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004854 while (node) {
4855 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004856 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4857 /* only initialize the CTX on its first occurrence and
4858 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004859 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004860 node = ebmb_next(node);
4861 }
4862 return err;
4863}
4864
Willy Tarreau55d37912016-12-21 23:38:39 +01004865/* Prepares all the contexts for a bind_conf and allocates the shared SSL
4866 * context if needed. Returns < 0 on error, 0 on success. The warnings and
4867 * alerts are directly emitted since the rest of the stack does it below.
4868 */
4869int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
4870{
4871 struct proxy *px = bind_conf->frontend;
4872 int alloc_ctx;
4873 int err;
4874
4875 if (!bind_conf->is_ssl) {
4876 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004877 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
4878 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01004879 }
4880 return 0;
4881 }
4882 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004883 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004884 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
4885 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004886 }
4887 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004888 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
4889 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004890 return -1;
4891 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004892 }
William Lallemandc61c0b32017-12-04 18:46:39 +01004893 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01004894 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
Frédéric Lécailleb7838af2018-10-22 16:21:39 +02004895 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE, -1,
William Lallemandc3cd35f2017-11-28 11:04:43 +01004896 sizeof(*sh_ssl_sess_tree),
4897 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
Frédéric Lécaille4c8aa112018-10-25 20:22:46 +02004898 if (alloc_ctx <= 0) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01004899 if (alloc_ctx == SHCTX_E_INIT_LOCK)
4900 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
4901 else
4902 ha_alert("Unable to allocate SSL session cache.\n");
4903 return -1;
4904 }
4905 /* free block callback */
4906 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
4907 /* init the root tree within the extra space */
4908 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
4909 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01004910 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004911 err = 0;
4912 /* initialize all certificate contexts */
4913 err += ssl_sock_prepare_all_ctx(bind_conf);
4914
4915 /* initialize CA variables if the certificates generation is enabled */
4916 err += ssl_sock_load_ca(bind_conf);
4917
4918 return -err;
4919}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02004920
4921/* release ssl context allocated for servers. */
4922void ssl_sock_free_srv_ctx(struct server *srv)
4923{
Olivier Houchardc7566002018-11-20 23:33:50 +01004924#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4925 if (srv->ssl_ctx.alpn_str)
4926 free(srv->ssl_ctx.alpn_str);
4927#endif
Lukas Tribusda95fd92018-11-25 13:21:27 +01004928#ifdef OPENSSL_NPN_NEGOTIATED
Olivier Houchardc7566002018-11-20 23:33:50 +01004929 if (srv->ssl_ctx.npn_str)
4930 free(srv->ssl_ctx.npn_str);
Lukas Tribus7706b852018-11-26 22:57:17 +01004931#endif
Christopher Faulet77fe80c2015-07-29 13:02:40 +02004932 if (srv->ssl_ctx.ctx)
4933 SSL_CTX_free(srv->ssl_ctx.ctx);
4934}
4935
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004936/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004937 * be NULL, in which case nothing is done. The default_ctx is nullified too.
4938 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004939void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004940{
4941 struct ebmb_node *node, *back;
4942 struct sni_ctx *sni;
4943
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004944 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004945 while (node) {
4946 sni = ebmb_entry(node, struct sni_ctx, name);
4947 back = ebmb_next(node);
4948 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004949 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02004950 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004951 ssl_sock_free_ssl_conf(sni->conf);
4952 free(sni->conf);
4953 sni->conf = NULL;
4954 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004955 free(sni);
4956 node = back;
4957 }
4958
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004959 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004960 while (node) {
4961 sni = ebmb_entry(node, struct sni_ctx, name);
4962 back = ebmb_next(node);
4963 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004964 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02004965 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004966 ssl_sock_free_ssl_conf(sni->conf);
4967 free(sni->conf);
4968 sni->conf = NULL;
4969 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004970 free(sni);
4971 node = back;
4972 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004973 SSL_CTX_free(bind_conf->initial_ctx);
4974 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004975 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004976 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02004977}
4978
Willy Tarreau795cdab2016-12-22 17:30:54 +01004979/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
4980void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
4981{
4982 ssl_sock_free_ca(bind_conf);
4983 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004984 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01004985 free(bind_conf->ca_sign_file);
4986 free(bind_conf->ca_sign_pass);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02004987 if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) {
Willy Tarreau795cdab2016-12-22 17:30:54 +01004988 free(bind_conf->keys_ref->filename);
4989 free(bind_conf->keys_ref->tlskeys);
4990 LIST_DEL(&bind_conf->keys_ref->list);
4991 free(bind_conf->keys_ref);
4992 }
4993 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01004994 bind_conf->ca_sign_pass = NULL;
4995 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01004996}
4997
Christopher Faulet31af49d2015-06-09 17:29:50 +02004998/* Load CA cert file and private key used to generate certificates */
4999int
Willy Tarreau03209342016-12-22 17:08:28 +01005000ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005001{
Willy Tarreau03209342016-12-22 17:08:28 +01005002 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005003 FILE *fp;
5004 X509 *cacert = NULL;
5005 EVP_PKEY *capkey = NULL;
5006 int err = 0;
5007
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02005008 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005009 return err;
5010
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005011#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02005012 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01005013 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005014 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02005015 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005016 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02005017#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02005018
Christopher Faulet31af49d2015-06-09 17:29:50 +02005019 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005020 ha_alert("Proxy '%s': cannot enable certificate generation, "
5021 "no CA certificate File configured at [%s:%d].\n",
5022 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005023 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005024 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005025
5026 /* read in the CA certificate */
5027 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005028 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5029 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005030 goto load_error;
5031 }
5032 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005033 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5034 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005035 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005036 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005037 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005038 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005039 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
5040 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005041 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005042 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005043
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005044 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005045 bind_conf->ca_sign_cert = cacert;
5046 bind_conf->ca_sign_pkey = capkey;
5047 return err;
5048
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005049 read_error:
5050 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005051 if (capkey) EVP_PKEY_free(capkey);
5052 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005053 load_error:
5054 bind_conf->generate_certs = 0;
5055 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005056 return err;
5057}
5058
5059/* Release CA cert and private key used to generate certificated */
5060void
5061ssl_sock_free_ca(struct bind_conf *bind_conf)
5062{
Christopher Faulet31af49d2015-06-09 17:29:50 +02005063 if (bind_conf->ca_sign_pkey)
5064 EVP_PKEY_free(bind_conf->ca_sign_pkey);
5065 if (bind_conf->ca_sign_cert)
5066 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01005067 bind_conf->ca_sign_pkey = NULL;
5068 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005069}
5070
Emeric Brun46591952012-05-18 15:47:34 +02005071/*
5072 * This function is called if SSL * context is not yet allocated. The function
5073 * is designed to be called before any other data-layer operation and sets the
5074 * handshake flag on the connection. It is safe to call it multiple times.
5075 * It returns 0 on success and -1 in error case.
5076 */
5077static int ssl_sock_init(struct connection *conn)
5078{
5079 /* already initialized */
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005080 if (conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005081 return 0;
5082
Willy Tarreau3c728722014-01-23 13:50:42 +01005083 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005084 return 0;
5085
Willy Tarreau20879a02012-12-03 16:32:10 +01005086 if (global.maxsslconn && sslconns >= global.maxsslconn) {
5087 conn->err_code = CO_ER_SSL_TOO_MANY;
Willy Tarreau403edff2012-09-06 11:58:37 +02005088 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01005089 }
Willy Tarreau403edff2012-09-06 11:58:37 +02005090
Emeric Brun46591952012-05-18 15:47:34 +02005091 /* If it is in client mode initiate SSL session
5092 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005093 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005094 int may_retry = 1;
5095
5096 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02005097 /* Alloc a new SSL session ctx */
Willy Tarreau07d94e42018-09-20 10:57:52 +02005098 conn->xprt_ctx = SSL_new(__objt_server(conn->target)->ssl_ctx.ctx);
Willy Tarreau20879a02012-12-03 16:32:10 +01005099 if (!conn->xprt_ctx) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005100 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005101 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005102 goto retry_connect;
5103 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005104 conn->err_code = CO_ER_SSL_NO_MEM;
Emeric Brun46591952012-05-18 15:47:34 +02005105 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01005106 }
Emeric Brun46591952012-05-18 15:47:34 +02005107
Emeric Brun46591952012-05-18 15:47:34 +02005108 /* set fd on SSL session context */
Willy Tarreau585744b2017-08-24 14:31:19 +02005109 if (!SSL_set_fd(conn->xprt_ctx, conn->handle.fd)) {
Emeric Brun55476152014-11-12 17:35:37 +01005110 SSL_free(conn->xprt_ctx);
5111 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005112 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005113 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005114 goto retry_connect;
5115 }
Emeric Brun55476152014-11-12 17:35:37 +01005116 conn->err_code = CO_ER_SSL_NO_MEM;
5117 return -1;
5118 }
Emeric Brun46591952012-05-18 15:47:34 +02005119
Evan Broderbe554312013-06-27 00:05:25 -07005120 /* set connection pointer */
Thierry FOURNIER28962c92018-06-17 21:37:05 +02005121 if (!SSL_set_ex_data(conn->xprt_ctx, ssl_app_data_index, conn)) {
Emeric Brun55476152014-11-12 17:35:37 +01005122 SSL_free(conn->xprt_ctx);
5123 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005124 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005125 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005126 goto retry_connect;
5127 }
Emeric Brun55476152014-11-12 17:35:37 +01005128 conn->err_code = CO_ER_SSL_NO_MEM;
5129 return -1;
5130 }
5131
5132 SSL_set_connect_state(conn->xprt_ctx);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005133 if (__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5134 const unsigned char *ptr = __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
5135 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, __objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
5136 if (sess && !SSL_set_session(conn->xprt_ctx, sess)) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005137 SSL_SESSION_free(sess);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005138 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5139 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Olivier Houcharde6060c52017-11-16 17:42:52 +01005140 } else if (sess) {
5141 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01005142 }
5143 }
Evan Broderbe554312013-06-27 00:05:25 -07005144
Emeric Brun46591952012-05-18 15:47:34 +02005145 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005146 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02005147
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005148 _HA_ATOMIC_ADD(&sslconns, 1);
5149 _HA_ATOMIC_ADD(&totalsslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02005150 return 0;
5151 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005152 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005153 int may_retry = 1;
5154
5155 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02005156 /* Alloc a new SSL session ctx */
Willy Tarreau07d94e42018-09-20 10:57:52 +02005157 conn->xprt_ctx = SSL_new(__objt_listener(conn->target)->bind_conf->initial_ctx);
Willy Tarreau20879a02012-12-03 16:32:10 +01005158 if (!conn->xprt_ctx) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005159 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005160 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005161 goto retry_accept;
5162 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005163 conn->err_code = CO_ER_SSL_NO_MEM;
Emeric Brun46591952012-05-18 15:47:34 +02005164 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01005165 }
Emeric Brun46591952012-05-18 15:47:34 +02005166
Emeric Brun46591952012-05-18 15:47:34 +02005167 /* set fd on SSL session context */
Willy Tarreau585744b2017-08-24 14:31:19 +02005168 if (!SSL_set_fd(conn->xprt_ctx, conn->handle.fd)) {
Emeric Brun55476152014-11-12 17:35:37 +01005169 SSL_free(conn->xprt_ctx);
5170 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005171 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005172 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005173 goto retry_accept;
5174 }
Emeric Brun55476152014-11-12 17:35:37 +01005175 conn->err_code = CO_ER_SSL_NO_MEM;
5176 return -1;
5177 }
Emeric Brun46591952012-05-18 15:47:34 +02005178
Emeric Brune1f38db2012-09-03 20:36:47 +02005179 /* set connection pointer */
Thierry FOURNIER28962c92018-06-17 21:37:05 +02005180 if (!SSL_set_ex_data(conn->xprt_ctx, ssl_app_data_index, conn)) {
Emeric Brun55476152014-11-12 17:35:37 +01005181 SSL_free(conn->xprt_ctx);
5182 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005183 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005184 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005185 goto retry_accept;
5186 }
Emeric Brun55476152014-11-12 17:35:37 +01005187 conn->err_code = CO_ER_SSL_NO_MEM;
5188 return -1;
5189 }
5190
5191 SSL_set_accept_state(conn->xprt_ctx);
Emeric Brune1f38db2012-09-03 20:36:47 +02005192
Emeric Brun46591952012-05-18 15:47:34 +02005193 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005194 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005195#if OPENSSL_VERSION_NUMBER >= 0x10101000L || defined(OPENSSL_IS_BORINGSSL)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005196 conn->flags |= CO_FL_EARLY_SSL_HS;
5197#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02005198
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005199 _HA_ATOMIC_ADD(&sslconns, 1);
5200 _HA_ATOMIC_ADD(&totalsslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02005201 return 0;
5202 }
5203 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01005204 conn->err_code = CO_ER_SSL_NO_TARGET;
Emeric Brun46591952012-05-18 15:47:34 +02005205 return -1;
5206}
5207
5208
5209/* This is the callback which is used when an SSL handshake is pending. It
5210 * updates the FD status if it wants some polling before being called again.
5211 * It returns 0 if it fails in a fatal way or needs to poll to go further,
5212 * otherwise it returns non-zero and removes itself from the connection's
5213 * flags (the bit is provided in <flag> by the caller).
5214 */
5215int ssl_sock_handshake(struct connection *conn, unsigned int flag)
5216{
5217 int ret;
5218
Willy Tarreau3c728722014-01-23 13:50:42 +01005219 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005220 return 0;
5221
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005222 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005223 goto out_error;
5224
Olivier Houchardc2aae742017-09-22 18:26:28 +02005225#if OPENSSL_VERSION_NUMBER >= 0x10101000L
5226 /*
5227 * Check if we have early data. If we do, we have to read them
5228 * before SSL_do_handshake() is called, And there's no way to
5229 * detect early data, except to try to read them
5230 */
5231 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5232 size_t read_data;
5233
5234 ret = SSL_read_early_data(conn->xprt_ctx, &conn->tmp_early_data,
5235 1, &read_data);
5236 if (ret == SSL_READ_EARLY_DATA_ERROR)
5237 goto check_error;
5238 if (ret == SSL_READ_EARLY_DATA_SUCCESS) {
5239 conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
5240 return 1;
5241 } else
5242 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5243 }
5244#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005245 /* If we use SSL_do_handshake to process a reneg initiated by
5246 * the remote peer, it sometimes returns SSL_ERROR_SSL.
5247 * Usually SSL_write and SSL_read are used and process implicitly
5248 * the reneg handshake.
5249 * Here we use SSL_peek as a workaround for reneg.
5250 */
5251 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(conn->xprt_ctx)) {
5252 char c;
5253
5254 ret = SSL_peek(conn->xprt_ctx, &c, 1);
5255 if (ret <= 0) {
5256 /* handshake may have not been completed, let's find why */
5257 ret = SSL_get_error(conn->xprt_ctx, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005258
Emeric Brun674b7432012-11-08 19:21:55 +01005259 if (ret == SSL_ERROR_WANT_WRITE) {
5260 /* SSL handshake needs to write, L4 connection may not be ready */
5261 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005262 __conn_sock_want_send(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005263 fd_cant_send(conn->handle.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01005264 return 0;
5265 }
5266 else if (ret == SSL_ERROR_WANT_READ) {
5267 /* handshake may have been completed but we have
5268 * no more data to read.
5269 */
5270 if (!SSL_renegotiate_pending(conn->xprt_ctx)) {
5271 ret = 1;
5272 goto reneg_ok;
5273 }
5274 /* SSL handshake needs to read, L4 connection is ready */
5275 if (conn->flags & CO_FL_WAIT_L4_CONN)
5276 conn->flags &= ~CO_FL_WAIT_L4_CONN;
5277 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005278 __conn_sock_want_recv(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005279 fd_cant_recv(conn->handle.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01005280 return 0;
5281 }
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005282#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005283 else if (ret == SSL_ERROR_WANT_ASYNC) {
Emeric Brun3854e012017-05-17 20:42:48 +02005284 ssl_async_process_fds(conn, conn->xprt_ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005285 return 0;
5286 }
5287#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005288 else if (ret == SSL_ERROR_SYSCALL) {
5289 /* if errno is null, then connection was successfully established */
5290 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5291 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01005292 if (!conn->err_code) {
Emeric Brun77e89192018-08-16 11:36:40 +02005293#ifdef OPENSSL_IS_BORINGSSL /* BoringSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005294 conn->err_code = CO_ER_SSL_HANDSHAKE;
5295#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005296 int empty_handshake;
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01005297#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005298 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
5299 empty_handshake = state == TLS_ST_BEFORE;
5300#else
5301 empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
5302#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005303 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02005304 if (!errno) {
5305 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5306 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5307 else
5308 conn->err_code = CO_ER_SSL_EMPTY;
5309 }
5310 else {
5311 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5312 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5313 else
5314 conn->err_code = CO_ER_SSL_ABORT;
5315 }
5316 }
5317 else {
5318 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5319 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01005320 else
Emeric Brun29f037d2014-04-25 19:05:36 +02005321 conn->err_code = CO_ER_SSL_HANDSHAKE;
5322 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005323#endif
Willy Tarreau20879a02012-12-03 16:32:10 +01005324 }
Emeric Brun674b7432012-11-08 19:21:55 +01005325 goto out_error;
5326 }
5327 else {
5328 /* Fail on all other handshake errors */
5329 /* Note: OpenSSL may leave unread bytes in the socket's
5330 * buffer, causing an RST to be emitted upon close() on
5331 * TCP sockets. We first try to drain possibly pending
5332 * data to avoid this as much as possible.
5333 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005334 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005335 if (!conn->err_code)
Willy Tarreauf51c6982014-04-25 20:02:39 +02005336 conn->err_code = (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
5337 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01005338 goto out_error;
5339 }
5340 }
5341 /* read some data: consider handshake completed */
5342 goto reneg_ok;
5343 }
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005344 ret = SSL_do_handshake(conn->xprt_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005345check_error:
Emeric Brun46591952012-05-18 15:47:34 +02005346 if (ret != 1) {
5347 /* handshake did not complete, let's find why */
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005348 ret = SSL_get_error(conn->xprt_ctx, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005349
5350 if (ret == SSL_ERROR_WANT_WRITE) {
5351 /* SSL handshake needs to write, L4 connection may not be ready */
5352 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005353 __conn_sock_want_send(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005354 fd_cant_send(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005355 return 0;
5356 }
5357 else if (ret == SSL_ERROR_WANT_READ) {
5358 /* SSL handshake needs to read, L4 connection is ready */
5359 if (conn->flags & CO_FL_WAIT_L4_CONN)
5360 conn->flags &= ~CO_FL_WAIT_L4_CONN;
5361 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005362 __conn_sock_want_recv(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005363 fd_cant_recv(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005364 return 0;
5365 }
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005366#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005367 else if (ret == SSL_ERROR_WANT_ASYNC) {
Emeric Brun3854e012017-05-17 20:42:48 +02005368 ssl_async_process_fds(conn, conn->xprt_ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005369 return 0;
5370 }
5371#endif
Willy Tarreau89230192012-09-28 20:22:13 +02005372 else if (ret == SSL_ERROR_SYSCALL) {
5373 /* if errno is null, then connection was successfully established */
5374 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5375 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005376 if (!conn->err_code) {
Emeric Brun77e89192018-08-16 11:36:40 +02005377#ifdef OPENSSL_IS_BORINGSSL /* BoringSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005378 conn->err_code = CO_ER_SSL_HANDSHAKE;
5379#else
5380 int empty_handshake;
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01005381#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005382 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
5383 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005384#else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005385 empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005386#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005387 if (empty_handshake) {
5388 if (!errno) {
5389 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5390 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5391 else
5392 conn->err_code = CO_ER_SSL_EMPTY;
5393 }
5394 else {
5395 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5396 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5397 else
5398 conn->err_code = CO_ER_SSL_ABORT;
5399 }
Emeric Brun29f037d2014-04-25 19:05:36 +02005400 }
5401 else {
5402 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5403 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5404 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005405 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02005406 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005407#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02005408 }
Willy Tarreau89230192012-09-28 20:22:13 +02005409 goto out_error;
5410 }
Emeric Brun46591952012-05-18 15:47:34 +02005411 else {
5412 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02005413 /* Note: OpenSSL may leave unread bytes in the socket's
5414 * buffer, causing an RST to be emitted upon close() on
5415 * TCP sockets. We first try to drain possibly pending
5416 * data to avoid this as much as possible.
5417 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005418 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005419 if (!conn->err_code)
Willy Tarreauf51c6982014-04-25 20:02:39 +02005420 conn->err_code = (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
5421 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005422 goto out_error;
5423 }
5424 }
Olivier Houchard522eea72017-11-03 16:27:47 +01005425#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5426 else {
5427 /*
5428 * If the server refused the early data, we have to send a
5429 * 425 to the client, as we no longer have the data to sent
5430 * them again.
5431 */
5432 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
5433 if (SSL_get_early_data_status(conn->xprt_ctx) == SSL_EARLY_DATA_REJECTED) {
5434 conn->err_code = CO_ER_SSL_EARLY_FAILED;
5435 goto out_error;
5436 }
5437 }
5438 }
5439#endif
5440
Emeric Brun46591952012-05-18 15:47:34 +02005441
Emeric Brun674b7432012-11-08 19:21:55 +01005442reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00005443
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005444#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005445 /* ASYNC engine API doesn't support moving read/write
5446 * buffers. So we disable ASYNC mode right after
5447 * the handshake to avoid buffer oveflows.
5448 */
5449 if (global_ssl.async)
5450 SSL_clear_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5451#endif
Emeric Brun46591952012-05-18 15:47:34 +02005452 /* Handshake succeeded */
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005453 if (!SSL_session_reused(conn->xprt_ctx)) {
5454 if (objt_server(conn->target)) {
5455 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
5456 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
5457 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02005458 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005459 else {
5460 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
5461 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
5462 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
5463 }
Emeric Brun46591952012-05-18 15:47:34 +02005464 }
5465
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005466#ifdef OPENSSL_IS_BORINGSSL
5467 if ((conn->flags & CO_FL_EARLY_SSL_HS) && !SSL_in_early_data(conn->xprt_ctx))
5468 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5469#endif
Emeric Brun46591952012-05-18 15:47:34 +02005470 /* The connection is now established at both layers, it's time to leave */
5471 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
5472 return 1;
5473
5474 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005475 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005476 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005477 ERR_clear_error();
5478
Emeric Brun9fa89732012-10-04 17:09:56 +02005479 /* free resumed session if exists */
Willy Tarreau07d94e42018-09-20 10:57:52 +02005480 if (objt_server(conn->target) && __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5481 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5482 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02005483 }
5484
Emeric Brun46591952012-05-18 15:47:34 +02005485 /* Fail on all other handshake errors */
5486 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01005487 if (!conn->err_code)
5488 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005489 return 0;
5490}
5491
5492/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01005493 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02005494 * buffer wraps, in which case a second call may be performed. The connection's
5495 * flags are updated with whatever special event is detected (error, read0,
5496 * empty). The caller is responsible for taking care of those events and
5497 * avoiding the call if inappropriate. The function does not call the
5498 * connection's polling update function, so the caller is responsible for this.
5499 */
Willy Tarreau7f3225f2018-06-19 06:15:17 +02005500static size_t ssl_sock_to_buf(struct connection *conn, struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005501{
Willy Tarreaubfc4d772018-07-18 11:22:03 +02005502 ssize_t ret;
5503 size_t try, done = 0;
Emeric Brun46591952012-05-18 15:47:34 +02005504
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005505 conn_refresh_polling_flags(conn);
5506
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005507 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005508 goto out_error;
5509
5510 if (conn->flags & CO_FL_HANDSHAKE)
5511 /* a handshake was requested */
5512 return 0;
5513
Emeric Brun46591952012-05-18 15:47:34 +02005514 /* read the largest possible block. For this, we perform only one call
5515 * to recv() unless the buffer wraps and we exactly fill the first hunk,
5516 * in which case we accept to do it once again. A new attempt is made on
5517 * EINTR too.
5518 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01005519 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005520 int need_out = 0;
5521
Willy Tarreau591d4452018-06-15 17:21:00 +02005522 try = b_contig_space(buf);
5523 if (!try)
5524 break;
5525
Willy Tarreauabf08d92014-01-14 11:31:27 +01005526 if (try > count)
5527 try = count;
Willy Tarreau591d4452018-06-15 17:21:00 +02005528
Olivier Houchardc2aae742017-09-22 18:26:28 +02005529 if (((conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_EARLY_SSL_HS) &&
5530 conn->tmp_early_data != -1) {
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005531 *b_tail(buf) = conn->tmp_early_data;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005532 done++;
5533 try--;
5534 count--;
Olivier Houchardacd14032018-06-28 18:17:23 +02005535 b_add(buf, 1);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005536 conn->tmp_early_data = -1;
5537 continue;
5538 }
Willy Tarreauabf08d92014-01-14 11:31:27 +01005539
Olivier Houchardc2aae742017-09-22 18:26:28 +02005540#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5541 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5542 size_t read_length;
5543
5544 ret = SSL_read_early_data(conn->xprt_ctx,
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005545 b_tail(buf), try, &read_length);
Olivier Houchard522eea72017-11-03 16:27:47 +01005546 if (ret == SSL_READ_EARLY_DATA_SUCCESS &&
5547 read_length > 0)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005548 conn->flags |= CO_FL_EARLY_DATA;
5549 if (ret == SSL_READ_EARLY_DATA_SUCCESS ||
5550 ret == SSL_READ_EARLY_DATA_FINISH) {
5551 if (ret == SSL_READ_EARLY_DATA_FINISH) {
5552 /*
5553 * We're done reading the early data,
5554 * let's make the handshake
5555 */
5556 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5557 conn->flags |= CO_FL_SSL_WAIT_HS;
5558 need_out = 1;
5559 if (read_length == 0)
5560 break;
5561 }
5562 ret = read_length;
5563 }
5564 } else
5565#endif
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005566 ret = SSL_read(conn->xprt_ctx, b_tail(buf), try);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005567#ifdef OPENSSL_IS_BORINGSSL
5568 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5569 if (SSL_in_early_data(conn->xprt_ctx)) {
5570 if (ret > 0)
5571 conn->flags |= CO_FL_EARLY_DATA;
5572 } else {
Emmanuel Hocdetcebd7962017-11-27 16:14:40 +01005573 conn->flags &= ~(CO_FL_EARLY_SSL_HS);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005574 }
5575 }
5576#endif
Emeric Brune1f38db2012-09-03 20:36:47 +02005577 if (conn->flags & CO_FL_ERROR) {
5578 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005579 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005580 }
Emeric Brun46591952012-05-18 15:47:34 +02005581 if (ret > 0) {
Olivier Houchardacd14032018-06-28 18:17:23 +02005582 b_add(buf, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005583 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005584 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005585 }
Emeric Brun46591952012-05-18 15:47:34 +02005586 else {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005587 ret = SSL_get_error(conn->xprt_ctx, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005588 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005589 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02005590 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01005591 __conn_sock_want_send(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005592#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005593 /* Async mode can be re-enabled, because we're leaving data state.*/
5594 if (global_ssl.async)
5595 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5596#endif
Emeric Brun46591952012-05-18 15:47:34 +02005597 break;
5598 }
5599 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005600 if (SSL_renegotiate_pending(conn->xprt_ctx)) {
5601 /* handshake is running, and it may need to re-enable read */
5602 conn->flags |= CO_FL_SSL_WAIT_HS;
5603 __conn_sock_want_recv(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005604#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005605 /* Async mode can be re-enabled, because we're leaving data state.*/
5606 if (global_ssl.async)
5607 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5608#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005609 break;
5610 }
Emeric Brun46591952012-05-18 15:47:34 +02005611 /* we need to poll for retry a read later */
Willy Tarreau585744b2017-08-24 14:31:19 +02005612 fd_cant_recv(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005613 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005614 } else if (ret == SSL_ERROR_ZERO_RETURN)
5615 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005616 /* For SSL_ERROR_SYSCALL, make sure to clear the error
5617 * stack before shutting down the connection for
5618 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005619 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
5620 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02005621 /* otherwise it's a real error */
5622 goto out_error;
5623 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005624 if (need_out)
5625 break;
Emeric Brun46591952012-05-18 15:47:34 +02005626 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005627 leave:
5628 conn_cond_update_sock_polling(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005629 return done;
5630
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005631 clear_ssl_error:
5632 /* Clear openssl global errors stack */
5633 ssl_sock_dump_errors(conn);
5634 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02005635 read0:
5636 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005637 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005638
Emeric Brun46591952012-05-18 15:47:34 +02005639 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005640 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01005641 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005642 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005643 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005644 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005645}
5646
5647
Willy Tarreau787db9a2018-06-14 18:31:46 +02005648/* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s
5649 * socket. <flags> may contain some CO_SFL_* flags to hint the system about
5650 * other pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02005651 * Only one call to send() is performed, unless the buffer wraps, in which case
5652 * a second call may be performed. The connection's flags are updated with
5653 * whatever special event is detected (error, empty). The caller is responsible
5654 * for taking care of those events and avoiding the call if inappropriate. The
5655 * function does not call the connection's polling update function, so the caller
Willy Tarreau787db9a2018-06-14 18:31:46 +02005656 * is responsible for this. The buffer's output is not adjusted, it's up to the
5657 * caller to take care of this. It's up to the caller to update the buffer's
5658 * contents based on the return value.
Emeric Brun46591952012-05-18 15:47:34 +02005659 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02005660static size_t ssl_sock_from_buf(struct connection *conn, const struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005661{
Willy Tarreau787db9a2018-06-14 18:31:46 +02005662 ssize_t ret;
5663 size_t try, done;
Emeric Brun46591952012-05-18 15:47:34 +02005664
5665 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005666 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005667
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005668 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005669 goto out_error;
5670
5671 if (conn->flags & CO_FL_HANDSHAKE)
5672 /* a handshake was requested */
5673 return 0;
5674
5675 /* send the largest possible block. For this we perform only one call
5676 * to send() unless the buffer wraps and we exactly fill the first hunk,
5677 * in which case we accept to do it once again.
5678 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02005679 while (count) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005680#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5681 size_t written_data;
5682#endif
5683
Willy Tarreau787db9a2018-06-14 18:31:46 +02005684 try = b_contig_data(buf, done);
5685 if (try > count)
5686 try = count;
Willy Tarreaubfd59462013-02-21 07:46:09 +01005687
Willy Tarreau7bed9452014-02-02 02:00:24 +01005688 if (!(flags & CO_SFL_STREAMER) &&
Willy Tarreau518cedd2014-02-17 15:43:01 +01005689 !(conn->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01005690 global_ssl.max_record && try > global_ssl.max_record) {
5691 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005692 }
5693 else {
5694 /* we need to keep the information about the fact that
5695 * we're not limiting the upcoming send(), because if it
5696 * fails, we'll have to retry with at least as many data.
5697 */
5698 conn->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
5699 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01005700
Olivier Houchardc2aae742017-09-22 18:26:28 +02005701#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5702 if (!SSL_is_init_finished(conn->xprt_ctx)) {
5703 unsigned int max_early;
5704
Olivier Houchard522eea72017-11-03 16:27:47 +01005705 if (objt_listener(conn->target))
5706 max_early = SSL_get_max_early_data(conn->xprt_ctx);
5707 else {
5708 if (SSL_get0_session(conn->xprt_ctx))
5709 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(conn->xprt_ctx));
5710 else
5711 max_early = 0;
5712 }
5713
Olivier Houchard90084a12017-11-23 18:21:29 +01005714 if (try + conn->sent_early_data > max_early) {
5715 try -= (try + conn->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01005716 if (try <= 0) {
Olivier Houchard90084a12017-11-23 18:21:29 +01005717 if (!(conn->flags & CO_FL_EARLY_SSL_HS))
5718 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005719 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01005720 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005721 }
Willy Tarreau787db9a2018-06-14 18:31:46 +02005722 ret = SSL_write_early_data(conn->xprt_ctx, b_peek(buf, done), try, &written_data);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005723 if (ret == 1) {
5724 ret = written_data;
Olivier Houchard90084a12017-11-23 18:21:29 +01005725 conn->sent_early_data += ret;
Olivier Houchard522eea72017-11-03 16:27:47 +01005726 if (objt_server(conn->target)) {
5727 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5728 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
5729 }
5730
Olivier Houchardc2aae742017-09-22 18:26:28 +02005731 }
5732
5733 } else
5734#endif
Willy Tarreau787db9a2018-06-14 18:31:46 +02005735 ret = SSL_write(conn->xprt_ctx, b_peek(buf, done), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01005736
Emeric Brune1f38db2012-09-03 20:36:47 +02005737 if (conn->flags & CO_FL_ERROR) {
5738 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005739 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005740 }
Emeric Brun46591952012-05-18 15:47:34 +02005741 if (ret > 0) {
Olivier Houchardf24502b2019-01-17 19:09:11 +01005742 /* A send succeeded, so we can consier ourself connected */
5743 conn->flags |= CO_FL_CONNECTED;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005744 conn->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau787db9a2018-06-14 18:31:46 +02005745 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005746 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005747 }
5748 else {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005749 ret = SSL_get_error(conn->xprt_ctx, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005750
Emeric Brun46591952012-05-18 15:47:34 +02005751 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005752 if (SSL_renegotiate_pending(conn->xprt_ctx)) {
5753 /* handshake is running, and it may need to re-enable write */
5754 conn->flags |= CO_FL_SSL_WAIT_HS;
5755 __conn_sock_want_send(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005756#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005757 /* Async mode can be re-enabled, because we're leaving data state.*/
5758 if (global_ssl.async)
5759 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5760#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005761 break;
5762 }
Emeric Brun46591952012-05-18 15:47:34 +02005763 /* we need to poll to retry a write later */
Willy Tarreau585744b2017-08-24 14:31:19 +02005764 fd_cant_send(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005765 break;
5766 }
5767 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005768 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02005769 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01005770 __conn_sock_want_recv(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005771#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005772 /* Async mode can be re-enabled, because we're leaving data state.*/
5773 if (global_ssl.async)
5774 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5775#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005776 break;
5777 }
Emeric Brun46591952012-05-18 15:47:34 +02005778 goto out_error;
5779 }
5780 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005781 leave:
5782 conn_cond_update_sock_polling(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005783 return done;
5784
5785 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005786 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005787 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005788 ERR_clear_error();
5789
Emeric Brun46591952012-05-18 15:47:34 +02005790 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005791 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005792}
5793
Emeric Brun46591952012-05-18 15:47:34 +02005794static void ssl_sock_close(struct connection *conn) {
5795
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005796 if (conn->xprt_ctx) {
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005797#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02005798 if (global_ssl.async) {
5799 OSSL_ASYNC_FD all_fd[32], afd;
5800 size_t num_all_fds = 0;
5801 int i;
5802
5803 SSL_get_all_async_fds(conn->xprt_ctx, NULL, &num_all_fds);
5804 if (num_all_fds > 32) {
5805 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
5806 return;
5807 }
5808
5809 SSL_get_all_async_fds(conn->xprt_ctx, all_fd, &num_all_fds);
5810
5811 /* If an async job is pending, we must try to
5812 to catch the end using polling before calling
5813 SSL_free */
5814 if (num_all_fds && SSL_waiting_for_async(conn->xprt_ctx)) {
5815 for (i=0 ; i < num_all_fds ; i++) {
5816 /* switch on an handler designed to
5817 * handle the SSL_free
5818 */
5819 afd = all_fd[i];
5820 fdtab[afd].iocb = ssl_async_fd_free;
5821 fdtab[afd].owner = conn->xprt_ctx;
5822 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00005823 /* To ensure that the fd cache won't be used
5824 * and we'll catch a real RD event.
5825 */
5826 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02005827 }
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005828 conn->xprt_ctx = NULL;
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005829 _HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005830 return;
5831 }
Emeric Brun3854e012017-05-17 20:42:48 +02005832 /* Else we can remove the fds from the fdtab
5833 * and call SSL_free.
5834 * note: we do a fd_remove and not a delete
5835 * because the fd is owned by the engine.
5836 * the engine is responsible to close
5837 */
5838 for (i=0 ; i < num_all_fds ; i++)
5839 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005840 }
5841#endif
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005842 SSL_free(conn->xprt_ctx);
5843 conn->xprt_ctx = NULL;
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005844 _HA_ATOMIC_SUB(&sslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02005845 }
Emeric Brun46591952012-05-18 15:47:34 +02005846}
5847
5848/* This function tries to perform a clean shutdown on an SSL connection, and in
5849 * any case, flags the connection as reusable if no handshake was in progress.
5850 */
5851static void ssl_sock_shutw(struct connection *conn, int clean)
5852{
5853 if (conn->flags & CO_FL_HANDSHAKE)
5854 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01005855 if (!clean)
5856 /* don't sent notify on SSL_shutdown */
Willy Tarreaue3cc3a32017-02-13 11:12:29 +01005857 SSL_set_quiet_shutdown(conn->xprt_ctx, 1);
Emeric Brun46591952012-05-18 15:47:34 +02005858 /* no handshake was in progress, try a clean ssl shutdown */
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01005859 if (SSL_shutdown(conn->xprt_ctx) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01005860 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005861 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005862 ERR_clear_error();
5863 }
Emeric Brun46591952012-05-18 15:47:34 +02005864}
5865
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01005866/* used for ppv2 pkey alog (can be used for logging) */
Willy Tarreau83061a82018-07-13 11:56:34 +02005867int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01005868{
5869 struct pkey_info *pkinfo;
5870 int bits = 0;
5871 int sig = TLSEXT_signature_anonymous;
5872 int len = -1;
5873
5874 if (!ssl_sock_is_ssl(conn))
5875 return 0;
5876
Emmanuel Hocdet3448c492018-06-18 12:44:19 +02005877 pkinfo = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(conn->xprt_ctx), ssl_pkey_info_index);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01005878 if (pkinfo) {
5879 sig = pkinfo->sig;
5880 bits = pkinfo->bits;
5881 } else {
5882 /* multicert and generated cert have no pkey info */
5883 X509 *crt;
5884 EVP_PKEY *pkey;
5885 crt = SSL_get_certificate(conn->xprt_ctx);
5886 if (!crt)
5887 return 0;
5888 pkey = X509_get_pubkey(crt);
5889 if (pkey) {
5890 bits = EVP_PKEY_bits(pkey);
5891 switch(EVP_PKEY_base_id(pkey)) {
5892 case EVP_PKEY_RSA:
5893 sig = TLSEXT_signature_rsa;
5894 break;
5895 case EVP_PKEY_EC:
5896 sig = TLSEXT_signature_ecdsa;
5897 break;
5898 case EVP_PKEY_DSA:
5899 sig = TLSEXT_signature_dsa;
5900 break;
5901 }
5902 EVP_PKEY_free(pkey);
5903 }
5904 }
5905
5906 switch(sig) {
5907 case TLSEXT_signature_rsa:
5908 len = chunk_printf(out, "RSA%d", bits);
5909 break;
5910 case TLSEXT_signature_ecdsa:
5911 len = chunk_printf(out, "EC%d", bits);
5912 break;
5913 case TLSEXT_signature_dsa:
5914 len = chunk_printf(out, "DSA%d", bits);
5915 break;
5916 default:
5917 return 0;
5918 }
5919 if (len < 0)
5920 return 0;
5921 return 1;
5922}
5923
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01005924/* used for ppv2 cert signature (can be used for logging) */
5925const char *ssl_sock_get_cert_sig(struct connection *conn)
5926{
5927 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
5928 X509 *crt;
5929
5930 if (!ssl_sock_is_ssl(conn))
5931 return NULL;
5932 crt = SSL_get_certificate(conn->xprt_ctx);
5933 if (!crt)
5934 return NULL;
5935 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
5936 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
5937}
5938
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01005939/* used for ppv2 authority */
5940const char *ssl_sock_get_sni(struct connection *conn)
5941{
5942#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
5943 if (!ssl_sock_is_ssl(conn))
5944 return NULL;
5945 return SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
5946#else
5947 return 0;
5948#endif
5949}
5950
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005951/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005952const char *ssl_sock_get_cipher_name(struct connection *conn)
5953{
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005954 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005955 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005956
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005957 return SSL_get_cipher_name(conn->xprt_ctx);
5958}
5959
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005960/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005961const char *ssl_sock_get_proto_version(struct connection *conn)
5962{
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005963 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005964 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005965
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005966 return SSL_get_version(conn->xprt_ctx);
5967}
5968
Willy Tarreau8d598402012-10-22 17:58:39 +02005969/* Extract a serial from a cert, and copy it to a chunk.
5970 * Returns 1 if serial is found and copied, 0 if no serial found and
5971 * -1 if output is not large enough.
5972 */
5973static int
Willy Tarreau83061a82018-07-13 11:56:34 +02005974ssl_sock_get_serial(X509 *crt, struct buffer *out)
Willy Tarreau8d598402012-10-22 17:58:39 +02005975{
5976 ASN1_INTEGER *serial;
5977
5978 serial = X509_get_serialNumber(crt);
5979 if (!serial)
5980 return 0;
5981
5982 if (out->size < serial->length)
5983 return -1;
5984
Willy Tarreau843b7cb2018-07-13 10:54:26 +02005985 memcpy(out->area, serial->data, serial->length);
5986 out->data = serial->length;
Willy Tarreau8d598402012-10-22 17:58:39 +02005987 return 1;
5988}
5989
Emeric Brun43e79582014-10-29 19:03:26 +01005990/* Extract a cert to der, and copy it to a chunk.
Joseph Herlant017b3da2018-11-15 09:07:59 -08005991 * Returns 1 if the cert is found and copied, 0 on der conversion failure
5992 * and -1 if the output is not large enough.
Emeric Brun43e79582014-10-29 19:03:26 +01005993 */
5994static int
Willy Tarreau83061a82018-07-13 11:56:34 +02005995ssl_sock_crt2der(X509 *crt, struct buffer *out)
Emeric Brun43e79582014-10-29 19:03:26 +01005996{
5997 int len;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02005998 unsigned char *p = (unsigned char *) out->area;;
Emeric Brun43e79582014-10-29 19:03:26 +01005999
6000 len =i2d_X509(crt, NULL);
6001 if (len <= 0)
6002 return 1;
6003
6004 if (out->size < len)
6005 return -1;
6006
6007 i2d_X509(crt,&p);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006008 out->data = len;
Emeric Brun43e79582014-10-29 19:03:26 +01006009 return 1;
6010}
6011
Emeric Brunce5ad802012-10-22 14:11:22 +02006012
Willy Tarreau83061a82018-07-13 11:56:34 +02006013/* Copy Date in ASN1_UTCTIME format in struct buffer out.
Emeric Brunce5ad802012-10-22 14:11:22 +02006014 * Returns 1 if serial is found and copied, 0 if no valid time found
6015 * and -1 if output is not large enough.
6016 */
6017static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006018ssl_sock_get_time(ASN1_TIME *tm, struct buffer *out)
Emeric Brunce5ad802012-10-22 14:11:22 +02006019{
6020 if (tm->type == V_ASN1_GENERALIZEDTIME) {
6021 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
6022
6023 if (gentm->length < 12)
6024 return 0;
6025 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
6026 return 0;
6027 if (out->size < gentm->length-2)
6028 return -1;
6029
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006030 memcpy(out->area, gentm->data+2, gentm->length-2);
6031 out->data = gentm->length-2;
Emeric Brunce5ad802012-10-22 14:11:22 +02006032 return 1;
6033 }
6034 else if (tm->type == V_ASN1_UTCTIME) {
6035 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
6036
6037 if (utctm->length < 10)
6038 return 0;
6039 if (utctm->data[0] >= 0x35)
6040 return 0;
6041 if (out->size < utctm->length)
6042 return -1;
6043
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006044 memcpy(out->area, utctm->data, utctm->length);
6045 out->data = utctm->length;
Emeric Brunce5ad802012-10-22 14:11:22 +02006046 return 1;
6047 }
6048
6049 return 0;
6050}
6051
Emeric Brun87855892012-10-17 17:39:35 +02006052/* Extract an entry from a X509_NAME and copy its value to an output chunk.
6053 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
6054 */
6055static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006056ssl_sock_get_dn_entry(X509_NAME *a, const struct buffer *entry, int pos,
6057 struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006058{
6059 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006060 ASN1_OBJECT *obj;
6061 ASN1_STRING *data;
6062 const unsigned char *data_ptr;
6063 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006064 int i, j, n;
6065 int cur = 0;
6066 const char *s;
6067 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006068 int name_count;
6069
6070 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006071
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006072 out->data = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006073 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02006074 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006075 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02006076 else
6077 j = i;
6078
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006079 ne = X509_NAME_get_entry(a, j);
6080 obj = X509_NAME_ENTRY_get_object(ne);
6081 data = X509_NAME_ENTRY_get_data(ne);
6082 data_ptr = ASN1_STRING_get0_data(data);
6083 data_len = ASN1_STRING_length(data);
6084 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006085 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006086 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006087 s = tmp;
6088 }
6089
6090 if (chunk_strcasecmp(entry, s) != 0)
6091 continue;
6092
6093 if (pos < 0)
6094 cur--;
6095 else
6096 cur++;
6097
6098 if (cur != pos)
6099 continue;
6100
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006101 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02006102 return -1;
6103
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006104 memcpy(out->area, data_ptr, data_len);
6105 out->data = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006106 return 1;
6107 }
6108
6109 return 0;
6110
6111}
6112
6113/* Extract and format full DN from a X509_NAME and copy result into a chunk
6114 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
6115 */
6116static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006117ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006118{
6119 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006120 ASN1_OBJECT *obj;
6121 ASN1_STRING *data;
6122 const unsigned char *data_ptr;
6123 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006124 int i, n, ln;
6125 int l = 0;
6126 const char *s;
6127 char *p;
6128 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006129 int name_count;
6130
6131
6132 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006133
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006134 out->data = 0;
6135 p = out->area;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006136 for (i = 0; i < name_count; i++) {
6137 ne = X509_NAME_get_entry(a, i);
6138 obj = X509_NAME_ENTRY_get_object(ne);
6139 data = X509_NAME_ENTRY_get_data(ne);
6140 data_ptr = ASN1_STRING_get0_data(data);
6141 data_len = ASN1_STRING_length(data);
6142 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006143 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006144 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006145 s = tmp;
6146 }
6147 ln = strlen(s);
6148
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006149 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006150 if (l > out->size)
6151 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006152 out->data = l;
Emeric Brun87855892012-10-17 17:39:35 +02006153
6154 *(p++)='/';
6155 memcpy(p, s, ln);
6156 p += ln;
6157 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006158 memcpy(p, data_ptr, data_len);
6159 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006160 }
6161
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006162 if (!out->data)
Emeric Brun87855892012-10-17 17:39:35 +02006163 return 0;
6164
6165 return 1;
6166}
6167
Olivier Houchardab28a322018-12-21 19:45:40 +01006168void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int len)
6169{
6170#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
6171 SSL_set_alpn_protos(conn->xprt_ctx, alpn, len);
6172#endif
6173}
6174
Willy Tarreau119a4082016-12-22 21:58:38 +01006175/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
6176 * to disable SNI.
6177 */
Willy Tarreau63076412015-07-10 11:33:32 +02006178void ssl_sock_set_servername(struct connection *conn, const char *hostname)
6179{
6180#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau119a4082016-12-22 21:58:38 +01006181 char *prev_name;
6182
Willy Tarreau63076412015-07-10 11:33:32 +02006183 if (!ssl_sock_is_ssl(conn))
6184 return;
6185
Willy Tarreau119a4082016-12-22 21:58:38 +01006186 /* if the SNI changes, we must destroy the reusable context so that a
6187 * new connection will present a new SNI. As an optimization we could
6188 * later imagine having a small cache of ssl_ctx to hold a few SNI per
6189 * server.
6190 */
6191 prev_name = (char *)SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
6192 if ((!prev_name && hostname) ||
6193 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
6194 SSL_set_session(conn->xprt_ctx, NULL);
6195
Willy Tarreau63076412015-07-10 11:33:32 +02006196 SSL_set_tlsext_host_name(conn->xprt_ctx, hostname);
6197#endif
6198}
6199
Emeric Brun0abf8362014-06-24 18:26:41 +02006200/* Extract peer certificate's common name into the chunk dest
6201 * Returns
6202 * the len of the extracted common name
6203 * or 0 if no CN found in DN
6204 * or -1 on error case (i.e. no peer certificate)
6205 */
Willy Tarreau83061a82018-07-13 11:56:34 +02006206int ssl_sock_get_remote_common_name(struct connection *conn,
6207 struct buffer *dest)
David Safb76832014-05-08 23:42:08 -04006208{
6209 X509 *crt = NULL;
6210 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04006211 const char find_cn[] = "CN";
Willy Tarreau83061a82018-07-13 11:56:34 +02006212 const struct buffer find_cn_chunk = {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006213 .area = (char *)&find_cn,
6214 .data = sizeof(find_cn)-1
David Safb76832014-05-08 23:42:08 -04006215 };
Emeric Brun0abf8362014-06-24 18:26:41 +02006216 int result = -1;
David Safb76832014-05-08 23:42:08 -04006217
6218 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02006219 goto out;
David Safb76832014-05-08 23:42:08 -04006220
6221 /* SSL_get_peer_certificate, it increase X509 * ref count */
6222 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6223 if (!crt)
6224 goto out;
6225
6226 name = X509_get_subject_name(crt);
6227 if (!name)
6228 goto out;
David Safb76832014-05-08 23:42:08 -04006229
Emeric Brun0abf8362014-06-24 18:26:41 +02006230 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
6231out:
David Safb76832014-05-08 23:42:08 -04006232 if (crt)
6233 X509_free(crt);
6234
6235 return result;
6236}
6237
Dave McCowan328fb582014-07-30 10:39:13 -04006238/* returns 1 if client passed a certificate for this session, 0 if not */
6239int ssl_sock_get_cert_used_sess(struct connection *conn)
6240{
6241 X509 *crt = NULL;
6242
6243 if (!ssl_sock_is_ssl(conn))
6244 return 0;
6245
6246 /* SSL_get_peer_certificate, it increase X509 * ref count */
6247 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6248 if (!crt)
6249 return 0;
6250
6251 X509_free(crt);
6252 return 1;
6253}
6254
6255/* returns 1 if client passed a certificate for this connection, 0 if not */
6256int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04006257{
6258 if (!ssl_sock_is_ssl(conn))
6259 return 0;
6260
6261 return SSL_SOCK_ST_FL_VERIFY_DONE & conn->xprt_st ? 1 : 0;
6262}
6263
6264/* returns result from SSL verify */
6265unsigned int ssl_sock_get_verify_result(struct connection *conn)
6266{
6267 if (!ssl_sock_is_ssl(conn))
6268 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
6269
6270 return (unsigned int)SSL_get_verify_result(conn->xprt_ctx);
6271}
6272
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006273/* Returns the application layer protocol name in <str> and <len> when known.
6274 * Zero is returned if the protocol name was not found, otherwise non-zero is
6275 * returned. The string is allocated in the SSL context and doesn't have to be
6276 * freed by the caller. NPN is also checked if available since older versions
6277 * of openssl (1.0.1) which are more common in field only support this one.
6278 */
6279static int ssl_sock_get_alpn(const struct connection *conn, const char **str, int *len)
6280{
6281 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6282 return 0;
6283
6284 *str = NULL;
6285
6286#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
6287 SSL_get0_alpn_selected(conn->xprt_ctx, (const unsigned char **)str, (unsigned *)len);
6288 if (*str)
6289 return 1;
6290#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01006291#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006292 SSL_get0_next_proto_negotiated(conn->xprt_ctx, (const unsigned char **)str, (unsigned *)len);
6293 if (*str)
6294 return 1;
6295#endif
6296 return 0;
6297}
6298
Willy Tarreau7875d092012-09-10 08:20:03 +02006299/***** Below are some sample fetching functions for ACL/patterns *****/
6300
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006301static int
6302smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
6303{
6304 struct connection *conn;
6305
6306 conn = objt_conn(smp->sess->origin);
6307 if (!conn || conn->xprt != &ssl_sock)
6308 return 0;
6309
6310 smp->flags = 0;
6311 smp->data.type = SMP_T_BOOL;
Olivier Houchard25ae45a2017-11-29 19:51:19 +01006312 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
6313 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_HANDSHAKE))) ? 1 : 0;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006314
6315 return 1;
6316}
6317
Emeric Brune64aef12012-09-21 13:15:06 +02006318/* boolean, returns true if client cert was present */
6319static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006320smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02006321{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006322 struct connection *conn;
6323
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006324 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006325 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02006326 return 0;
6327
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006328 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02006329 smp->flags |= SMP_F_MAY_CHANGE;
6330 return 0;
6331 }
6332
6333 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006334 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006335 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & conn->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02006336
6337 return 1;
6338}
6339
Emeric Brun43e79582014-10-29 19:03:26 +01006340/* binary, returns a certificate in a binary chunk (der/raw).
6341 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6342 * should be use.
6343 */
6344static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006345smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01006346{
6347 int cert_peer = (kw[4] == 'c') ? 1 : 0;
6348 X509 *crt = NULL;
6349 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006350 struct buffer *smp_trash;
Emeric Brun43e79582014-10-29 19:03:26 +01006351 struct connection *conn;
6352
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006353 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01006354 if (!conn || conn->xprt != &ssl_sock)
6355 return 0;
6356
6357 if (!(conn->flags & CO_FL_CONNECTED)) {
6358 smp->flags |= SMP_F_MAY_CHANGE;
6359 return 0;
6360 }
6361
6362 if (cert_peer)
6363 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6364 else
6365 crt = SSL_get_certificate(conn->xprt_ctx);
6366
6367 if (!crt)
6368 goto out;
6369
6370 smp_trash = get_trash_chunk();
6371 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
6372 goto out;
6373
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006374 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006375 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01006376 ret = 1;
6377out:
6378 /* SSL_get_peer_certificate, it increase X509 * ref count */
6379 if (cert_peer && crt)
6380 X509_free(crt);
6381 return ret;
6382}
6383
Emeric Brunba841a12014-04-30 17:05:08 +02006384/* binary, returns serial of certificate in a binary chunk.
6385 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6386 * should be use.
6387 */
Willy Tarreau8d598402012-10-22 17:58:39 +02006388static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006389smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02006390{
Emeric Brunba841a12014-04-30 17:05:08 +02006391 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02006392 X509 *crt = NULL;
6393 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006394 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006395 struct connection *conn;
6396
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006397 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006398 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02006399 return 0;
6400
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006401 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02006402 smp->flags |= SMP_F_MAY_CHANGE;
6403 return 0;
6404 }
6405
Emeric Brunba841a12014-04-30 17:05:08 +02006406 if (cert_peer)
6407 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6408 else
6409 crt = SSL_get_certificate(conn->xprt_ctx);
6410
Willy Tarreau8d598402012-10-22 17:58:39 +02006411 if (!crt)
6412 goto out;
6413
Willy Tarreau47ca5452012-12-23 20:22:19 +01006414 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02006415 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
6416 goto out;
6417
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006418 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006419 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02006420 ret = 1;
6421out:
Emeric Brunba841a12014-04-30 17:05:08 +02006422 /* SSL_get_peer_certificate, it increase X509 * ref count */
6423 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02006424 X509_free(crt);
6425 return ret;
6426}
Emeric Brune64aef12012-09-21 13:15:06 +02006427
Emeric Brunba841a12014-04-30 17:05:08 +02006428/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
6429 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6430 * should be use.
6431 */
James Votha051b4a2013-05-14 20:37:59 +02006432static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006433smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02006434{
Emeric Brunba841a12014-04-30 17:05:08 +02006435 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02006436 X509 *crt = NULL;
6437 const EVP_MD *digest;
6438 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006439 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006440 struct connection *conn;
James Votha051b4a2013-05-14 20:37:59 +02006441
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006442 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006443 if (!conn || conn->xprt != &ssl_sock)
6444 return 0;
6445
6446 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02006447 smp->flags |= SMP_F_MAY_CHANGE;
6448 return 0;
6449 }
6450
Emeric Brunba841a12014-04-30 17:05:08 +02006451 if (cert_peer)
6452 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6453 else
6454 crt = SSL_get_certificate(conn->xprt_ctx);
James Votha051b4a2013-05-14 20:37:59 +02006455 if (!crt)
6456 goto out;
6457
6458 smp_trash = get_trash_chunk();
6459 digest = EVP_sha1();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006460 X509_digest(crt, digest, (unsigned char *) smp_trash->area,
6461 (unsigned int *)&smp_trash->data);
James Votha051b4a2013-05-14 20:37:59 +02006462
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006463 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006464 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02006465 ret = 1;
6466out:
Emeric Brunba841a12014-04-30 17:05:08 +02006467 /* SSL_get_peer_certificate, it increase X509 * ref count */
6468 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02006469 X509_free(crt);
6470 return ret;
6471}
6472
Emeric Brunba841a12014-04-30 17:05:08 +02006473/* string, returns certificate's notafter date in ASN1_UTCTIME format.
6474 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6475 * should be use.
6476 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006477static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006478smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006479{
Emeric Brunba841a12014-04-30 17:05:08 +02006480 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006481 X509 *crt = NULL;
6482 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006483 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006484 struct connection *conn;
Emeric Brunce5ad802012-10-22 14:11:22 +02006485
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006486 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006487 if (!conn || conn->xprt != &ssl_sock)
6488 return 0;
6489
6490 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006491 smp->flags |= SMP_F_MAY_CHANGE;
6492 return 0;
6493 }
6494
Emeric Brunba841a12014-04-30 17:05:08 +02006495 if (cert_peer)
6496 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6497 else
6498 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brunce5ad802012-10-22 14:11:22 +02006499 if (!crt)
6500 goto out;
6501
Willy Tarreau47ca5452012-12-23 20:22:19 +01006502 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08006503 if (ssl_sock_get_time(X509_getm_notAfter(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02006504 goto out;
6505
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006506 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006507 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006508 ret = 1;
6509out:
Emeric Brunba841a12014-04-30 17:05:08 +02006510 /* SSL_get_peer_certificate, it increase X509 * ref count */
6511 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006512 X509_free(crt);
6513 return ret;
6514}
6515
Emeric Brunba841a12014-04-30 17:05:08 +02006516/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
6517 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6518 * should be use.
6519 */
Emeric Brun87855892012-10-17 17:39:35 +02006520static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006521smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006522{
Emeric Brunba841a12014-04-30 17:05:08 +02006523 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006524 X509 *crt = NULL;
6525 X509_NAME *name;
6526 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006527 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006528 struct connection *conn;
Emeric Brun87855892012-10-17 17:39:35 +02006529
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006530 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006531 if (!conn || conn->xprt != &ssl_sock)
6532 return 0;
6533
6534 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006535 smp->flags |= SMP_F_MAY_CHANGE;
6536 return 0;
6537 }
6538
Emeric Brunba841a12014-04-30 17:05:08 +02006539 if (cert_peer)
6540 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6541 else
6542 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun87855892012-10-17 17:39:35 +02006543 if (!crt)
6544 goto out;
6545
6546 name = X509_get_issuer_name(crt);
6547 if (!name)
6548 goto out;
6549
Willy Tarreau47ca5452012-12-23 20:22:19 +01006550 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006551 if (args && args[0].type == ARGT_STR) {
6552 int pos = 1;
6553
6554 if (args[1].type == ARGT_SINT)
6555 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006556
6557 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6558 goto out;
6559 }
6560 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6561 goto out;
6562
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006563 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006564 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006565 ret = 1;
6566out:
Emeric Brunba841a12014-04-30 17:05:08 +02006567 /* SSL_get_peer_certificate, it increase X509 * ref count */
6568 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006569 X509_free(crt);
6570 return ret;
6571}
6572
Emeric Brunba841a12014-04-30 17:05:08 +02006573/* string, returns notbefore date in ASN1_UTCTIME format.
6574 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6575 * should be use.
6576 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006577static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006578smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006579{
Emeric Brunba841a12014-04-30 17:05:08 +02006580 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006581 X509 *crt = NULL;
6582 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006583 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006584 struct connection *conn;
6585
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006586 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006587 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02006588 return 0;
6589
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006590 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006591 smp->flags |= SMP_F_MAY_CHANGE;
6592 return 0;
6593 }
6594
Emeric Brunba841a12014-04-30 17:05:08 +02006595 if (cert_peer)
6596 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6597 else
6598 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brunce5ad802012-10-22 14:11:22 +02006599 if (!crt)
6600 goto out;
6601
Willy Tarreau47ca5452012-12-23 20:22:19 +01006602 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08006603 if (ssl_sock_get_time(X509_getm_notBefore(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02006604 goto out;
6605
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006606 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006607 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006608 ret = 1;
6609out:
Emeric Brunba841a12014-04-30 17:05:08 +02006610 /* SSL_get_peer_certificate, it increase X509 * ref count */
6611 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006612 X509_free(crt);
6613 return ret;
6614}
6615
Emeric Brunba841a12014-04-30 17:05:08 +02006616/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
6617 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6618 * should be use.
6619 */
Emeric Brun87855892012-10-17 17:39:35 +02006620static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006621smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006622{
Emeric Brunba841a12014-04-30 17:05:08 +02006623 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006624 X509 *crt = NULL;
6625 X509_NAME *name;
6626 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006627 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006628 struct connection *conn;
Emeric Brun87855892012-10-17 17:39:35 +02006629
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006630 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006631 if (!conn || conn->xprt != &ssl_sock)
6632 return 0;
6633
6634 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006635 smp->flags |= SMP_F_MAY_CHANGE;
6636 return 0;
6637 }
6638
Emeric Brunba841a12014-04-30 17:05:08 +02006639 if (cert_peer)
6640 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6641 else
6642 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun87855892012-10-17 17:39:35 +02006643 if (!crt)
6644 goto out;
6645
6646 name = X509_get_subject_name(crt);
6647 if (!name)
6648 goto out;
6649
Willy Tarreau47ca5452012-12-23 20:22:19 +01006650 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006651 if (args && args[0].type == ARGT_STR) {
6652 int pos = 1;
6653
6654 if (args[1].type == ARGT_SINT)
6655 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006656
6657 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6658 goto out;
6659 }
6660 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6661 goto out;
6662
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006663 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006664 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006665 ret = 1;
6666out:
Emeric Brunba841a12014-04-30 17:05:08 +02006667 /* SSL_get_peer_certificate, it increase X509 * ref count */
6668 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006669 X509_free(crt);
6670 return ret;
6671}
Emeric Brun9143d372012-12-20 15:44:16 +01006672
6673/* integer, returns true if current session use a client certificate */
6674static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006675smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01006676{
6677 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006678 struct connection *conn;
Emeric Brun9143d372012-12-20 15:44:16 +01006679
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006680 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006681 if (!conn || conn->xprt != &ssl_sock)
6682 return 0;
6683
6684 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01006685 smp->flags |= SMP_F_MAY_CHANGE;
6686 return 0;
6687 }
6688
6689 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006690 crt = SSL_get_peer_certificate(conn->xprt_ctx);
Emeric Brun9143d372012-12-20 15:44:16 +01006691 if (crt) {
6692 X509_free(crt);
6693 }
6694
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006695 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006696 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01006697 return 1;
6698}
6699
Emeric Brunba841a12014-04-30 17:05:08 +02006700/* integer, returns the certificate version
6701 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6702 * should be use.
6703 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02006704static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006705smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006706{
Emeric Brunba841a12014-04-30 17:05:08 +02006707 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006708 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006709 struct connection *conn;
6710
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006711 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006712 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006713 return 0;
6714
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006715 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02006716 smp->flags |= SMP_F_MAY_CHANGE;
6717 return 0;
6718 }
6719
Emeric Brunba841a12014-04-30 17:05:08 +02006720 if (cert_peer)
6721 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6722 else
6723 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Bruna7359fd2012-10-17 15:03:11 +02006724 if (!crt)
6725 return 0;
6726
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006727 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02006728 /* SSL_get_peer_certificate increase X509 * ref count */
6729 if (cert_peer)
6730 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006731 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006732
6733 return 1;
6734}
6735
Emeric Brunba841a12014-04-30 17:05:08 +02006736/* string, returns the certificate's signature algorithm.
6737 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6738 * should be use.
6739 */
Emeric Brun7f56e742012-10-19 18:15:40 +02006740static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006741smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02006742{
Emeric Brunba841a12014-04-30 17:05:08 +02006743 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02006744 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006745 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02006746 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006747 struct connection *conn;
Emeric Brun7f56e742012-10-19 18:15:40 +02006748
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006749 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006750 if (!conn || conn->xprt != &ssl_sock)
6751 return 0;
6752
6753 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02006754 smp->flags |= SMP_F_MAY_CHANGE;
6755 return 0;
6756 }
6757
Emeric Brunba841a12014-04-30 17:05:08 +02006758 if (cert_peer)
6759 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6760 else
6761 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun7f56e742012-10-19 18:15:40 +02006762 if (!crt)
6763 return 0;
6764
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006765 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6766 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02006767
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006768 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
6769 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02006770 /* SSL_get_peer_certificate increase X509 * ref count */
6771 if (cert_peer)
6772 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02006773 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02006774 }
Emeric Brun7f56e742012-10-19 18:15:40 +02006775
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006776 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006777 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006778 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02006779 /* SSL_get_peer_certificate increase X509 * ref count */
6780 if (cert_peer)
6781 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02006782
6783 return 1;
6784}
6785
Emeric Brunba841a12014-04-30 17:05:08 +02006786/* string, returns the certificate's key algorithm.
6787 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6788 * should be use.
6789 */
Emeric Brun521a0112012-10-22 12:22:55 +02006790static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006791smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02006792{
Emeric Brunba841a12014-04-30 17:05:08 +02006793 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02006794 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006795 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02006796 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006797 struct connection *conn;
Emeric Brun521a0112012-10-22 12:22:55 +02006798
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006799 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006800 if (!conn || conn->xprt != &ssl_sock)
6801 return 0;
6802
6803 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02006804 smp->flags |= SMP_F_MAY_CHANGE;
6805 return 0;
6806 }
6807
Emeric Brunba841a12014-04-30 17:05:08 +02006808 if (cert_peer)
6809 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6810 else
6811 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun521a0112012-10-22 12:22:55 +02006812 if (!crt)
6813 return 0;
6814
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006815 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
6816 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02006817
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006818 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
6819 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02006820 /* SSL_get_peer_certificate increase X509 * ref count */
6821 if (cert_peer)
6822 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02006823 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02006824 }
Emeric Brun521a0112012-10-22 12:22:55 +02006825
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006826 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006827 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006828 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02006829 if (cert_peer)
6830 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02006831
6832 return 1;
6833}
6834
Emeric Brun645ae792014-04-30 14:21:06 +02006835/* boolean, returns true if front conn. transport layer is SSL.
6836 * This function is also usable on backend conn if the fetch keyword 5th
6837 * char is 'b'.
6838 */
Willy Tarreau7875d092012-09-10 08:20:03 +02006839static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006840smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006841{
Emeric Bruneb8def92018-02-19 15:59:48 +01006842 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6843 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006844
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006845 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006846 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02006847 return 1;
6848}
6849
Emeric Brun2525b6b2012-10-18 15:59:43 +02006850/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02006851static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006852smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006853{
6854#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006855 struct connection *conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006856
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006857 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006858 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006859 conn->xprt_ctx &&
6860 SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02006861 return 1;
6862#else
6863 return 0;
6864#endif
6865}
6866
Emeric Brun74f7ffa2018-02-19 16:14:12 +01006867/* boolean, returns true if client session has been resumed.
6868 * This function is also usable on backend conn if the fetch keyword 5th
6869 * char is 'b'.
6870 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006871static int
6872smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
6873{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01006874 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6875 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
6876
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006877
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006878 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006879 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006880 conn->xprt_ctx &&
6881 SSL_session_reused(conn->xprt_ctx);
6882 return 1;
6883}
6884
Emeric Brun645ae792014-04-30 14:21:06 +02006885/* string, returns the used cipher if front conn. transport layer is SSL.
6886 * This function is also usable on backend conn if the fetch keyword 5th
6887 * char is 'b'.
6888 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006889static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006890smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006891{
Emeric Bruneb8def92018-02-19 15:59:48 +01006892 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6893 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Emeric Brun589fcad2012-10-16 14:13:26 +02006894
Willy Tarreaube508f12016-03-10 11:47:01 +01006895 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006896 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02006897 return 0;
6898
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006899 smp->data.u.str.area = (char *)SSL_get_cipher_name(conn->xprt_ctx);
6900 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02006901 return 0;
6902
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006903 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006904 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006905 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02006906
6907 return 1;
6908}
6909
Emeric Brun645ae792014-04-30 14:21:06 +02006910/* integer, returns the algoritm's keysize if front conn. transport layer
6911 * is SSL.
6912 * This function is also usable on backend conn if the fetch keyword 5th
6913 * char is 'b'.
6914 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006915static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006916smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006917{
Emeric Bruneb8def92018-02-19 15:59:48 +01006918 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6919 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01006920 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01006921
Emeric Brun589fcad2012-10-16 14:13:26 +02006922 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006923 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02006924 return 0;
6925
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02006926 if (!SSL_get_cipher_bits(conn->xprt_ctx, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006927 return 0;
6928
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006929 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006930 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02006931
6932 return 1;
6933}
6934
Emeric Brun645ae792014-04-30 14:21:06 +02006935/* integer, returns the used keysize if front conn. transport layer is SSL.
6936 * This function is also usable on backend conn if the fetch keyword 5th
6937 * char is 'b'.
6938 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006939static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006940smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006941{
Emeric Bruneb8def92018-02-19 15:59:48 +01006942 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6943 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaube508f12016-03-10 11:47:01 +01006944
Emeric Brun589fcad2012-10-16 14:13:26 +02006945 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006946 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6947 return 0;
6948
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006949 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(conn->xprt_ctx, NULL);
6950 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02006951 return 0;
6952
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006953 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02006954
6955 return 1;
6956}
6957
Bernard Spil13c53f82018-02-15 13:34:58 +01006958#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau7875d092012-09-10 08:20:03 +02006959static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006960smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02006961{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006962 struct connection *conn;
6963
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006964 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006965 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02006966
Olivier Houchard6b77f492018-11-22 18:18:29 +01006967 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
6968 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006969 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6970 return 0;
6971
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006972 smp->data.u.str.area = NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006973 SSL_get0_next_proto_negotiated(conn->xprt_ctx,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006974 (const unsigned char **)&smp->data.u.str.area,
6975 (unsigned *)&smp->data.u.str.data);
Willy Tarreaua33c6542012-10-15 13:19:06 +02006976
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006977 if (!smp->data.u.str.area)
Willy Tarreaua33c6542012-10-15 13:19:06 +02006978 return 0;
6979
6980 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02006981}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02006982#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02006983
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01006984#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02006985static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006986smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02006987{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006988 struct connection *conn;
6989
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006990 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006991 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02006992
Olivier Houchard6b77f492018-11-22 18:18:29 +01006993 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
6994 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
6995
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006996 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02006997 return 0;
6998
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006999 smp->data.u.str.area = NULL;
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01007000 SSL_get0_alpn_selected(conn->xprt_ctx,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007001 (const unsigned char **)&smp->data.u.str.area,
7002 (unsigned *)&smp->data.u.str.data);
Willy Tarreauab861d32013-04-02 02:30:41 +02007003
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007004 if (!smp->data.u.str.area)
Willy Tarreauab861d32013-04-02 02:30:41 +02007005 return 0;
7006
7007 return 1;
7008}
7009#endif
7010
Emeric Brun645ae792014-04-30 14:21:06 +02007011/* string, returns the used protocol if front conn. transport layer is SSL.
7012 * This function is also usable on backend conn if the fetch keyword 5th
7013 * char is 'b'.
7014 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02007015static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007016smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007017{
Emeric Bruneb8def92018-02-19 15:59:48 +01007018 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7019 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaube508f12016-03-10 11:47:01 +01007020
Emeric Brun589fcad2012-10-16 14:13:26 +02007021 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007022 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7023 return 0;
7024
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007025 smp->data.u.str.area = (char *)SSL_get_version(conn->xprt_ctx);
7026 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007027 return 0;
7028
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007029 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007030 smp->flags = SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007031 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007032
7033 return 1;
7034}
7035
Willy Tarreau87b09662015-04-03 00:22:06 +02007036/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02007037 * This function is also usable on backend conn if the fetch keyword 5th
7038 * char is 'b'.
7039 */
Patrick Hemmer41966772018-04-28 19:15:48 -04007040#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun589fcad2012-10-16 14:13:26 +02007041static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007042smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02007043{
Emeric Bruneb8def92018-02-19 15:59:48 +01007044 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7045 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007046 SSL_SESSION *ssl_sess;
Willy Tarreaube508f12016-03-10 11:47:01 +01007047
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007048 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007049 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02007050
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007051 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7052 return 0;
7053
Willy Tarreau192252e2015-04-04 01:47:55 +02007054 ssl_sess = SSL_get_session(conn->xprt_ctx);
7055 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02007056 return 0;
7057
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007058 smp->data.u.str.area = (char *)SSL_SESSION_get_id(ssl_sess,
7059 (unsigned int *)&smp->data.u.str.data);
7060 if (!smp->data.u.str.area || !smp->data.u.str.data)
Emeric Brunfe68f682012-10-16 14:59:28 +02007061 return 0;
7062
7063 return 1;
Emeric Brunfe68f682012-10-16 14:59:28 +02007064}
Patrick Hemmer41966772018-04-28 19:15:48 -04007065#endif
7066
Emeric Brunfe68f682012-10-16 14:59:28 +02007067
Patrick Hemmere0275472018-04-28 19:15:51 -04007068#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
7069static int
7070smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
7071{
7072 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7073 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7074 SSL_SESSION *ssl_sess;
Willy Tarreau83061a82018-07-13 11:56:34 +02007075 struct buffer *data;
Patrick Hemmere0275472018-04-28 19:15:51 -04007076
7077 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7078 return 0;
7079
7080 ssl_sess = SSL_get_session(conn->xprt_ctx);
7081 if (!ssl_sess)
7082 return 0;
7083
7084 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007085 data->data = SSL_SESSION_get_master_key(ssl_sess,
7086 (unsigned char *) data->area,
7087 data->size);
7088 if (!data->data)
Patrick Hemmere0275472018-04-28 19:15:51 -04007089 return 0;
7090
7091 smp->flags = 0;
7092 smp->data.type = SMP_T_BIN;
7093 smp->data.u.str = *data;
7094
7095 return 1;
7096}
7097#endif
7098
Patrick Hemmer41966772018-04-28 19:15:48 -04007099#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emeric Brunfe68f682012-10-16 14:59:28 +02007100static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007101smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007102{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007103 struct connection *conn;
7104
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007105 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007106 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02007107
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007108 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007109 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7110 return 0;
7111
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007112 smp->data.u.str.area = (char *)SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
7113 if (!smp->data.u.str.area)
Willy Tarreau3e394c92012-09-14 23:56:58 +02007114 return 0;
7115
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007116 smp->data.u.str.data = strlen(smp->data.u.str.area);
Willy Tarreau7875d092012-09-10 08:20:03 +02007117 return 1;
Willy Tarreau7875d092012-09-10 08:20:03 +02007118}
Patrick Hemmer41966772018-04-28 19:15:48 -04007119#endif
Willy Tarreau7875d092012-09-10 08:20:03 +02007120
David Sc1ad52e2014-04-08 18:48:47 -04007121static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007122smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
7123{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007124 struct connection *conn;
7125 struct ssl_capture *capture;
7126
7127 conn = objt_conn(smp->sess->origin);
7128 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7129 return 0;
7130
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01007131 capture = SSL_get_ex_data(conn->xprt_ctx, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007132 if (!capture)
7133 return 0;
7134
7135 smp->flags = SMP_F_CONST;
7136 smp->data.type = SMP_T_BIN;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007137 smp->data.u.str.area = capture->ciphersuite;
7138 smp->data.u.str.data = capture->ciphersuite_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007139 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007140}
7141
7142static int
7143smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
7144{
Willy Tarreau83061a82018-07-13 11:56:34 +02007145 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007146
7147 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7148 return 0;
7149
7150 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007151 dump_binary(data, smp->data.u.str.area, smp->data.u.str.data);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007152 smp->data.type = SMP_T_BIN;
7153 smp->data.u.str = *data;
7154 return 1;
7155}
7156
7157static int
7158smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
7159{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007160 struct connection *conn;
7161 struct ssl_capture *capture;
7162
7163 conn = objt_conn(smp->sess->origin);
7164 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7165 return 0;
7166
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01007167 capture = SSL_get_ex_data(conn->xprt_ctx, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007168 if (!capture)
7169 return 0;
7170
7171 smp->data.type = SMP_T_SINT;
7172 smp->data.u.sint = capture->xxh64;
7173 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007174}
7175
7176static int
7177smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
7178{
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007179#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && !defined(LIBRESSL_VERSION_NUMBER)
Willy Tarreau83061a82018-07-13 11:56:34 +02007180 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007181 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007182
7183 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7184 return 0;
7185
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007186 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007187 for (i = 0; i + 1 < smp->data.u.str.data; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007188 const char *str;
7189 const SSL_CIPHER *cipher;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007190 const unsigned char *bin = (const unsigned char *) smp->data.u.str.area + i;
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007191 uint16_t id = (bin[0] << 8) | bin[1];
7192#if defined(OPENSSL_IS_BORINGSSL)
7193 cipher = SSL_get_cipher_by_value(id);
7194#else
Willy Tarreaub7290772018-10-15 11:01:59 +02007195 struct connection *conn = __objt_conn(smp->sess->origin);
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007196 cipher = SSL_CIPHER_find(conn->xprt_ctx, bin);
7197#endif
7198 str = SSL_CIPHER_get_name(cipher);
7199 if (!str || strcmp(str, "(NONE)") == 0)
7200 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007201 else
7202 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
7203 }
7204 smp->data.type = SMP_T_STR;
7205 smp->data.u.str = *data;
7206 return 1;
7207#else
7208 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
7209#endif
7210}
7211
Patrick Hemmer41966772018-04-28 19:15:48 -04007212#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007213static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007214smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04007215{
Emeric Bruneb8def92018-02-19 15:59:48 +01007216 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7217 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04007218 int finished_len;
Willy Tarreau83061a82018-07-13 11:56:34 +02007219 struct buffer *finished_trash;
David Sc1ad52e2014-04-08 18:48:47 -04007220
7221 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04007222 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7223 return 0;
7224
7225 if (!(conn->flags & CO_FL_CONNECTED)) {
7226 smp->flags |= SMP_F_MAY_CHANGE;
7227 return 0;
7228 }
7229
7230 finished_trash = get_trash_chunk();
7231 if (!SSL_session_reused(conn->xprt_ctx))
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007232 finished_len = SSL_get_peer_finished(conn->xprt_ctx,
7233 finished_trash->area,
7234 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007235 else
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007236 finished_len = SSL_get_finished(conn->xprt_ctx,
7237 finished_trash->area,
7238 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007239
7240 if (!finished_len)
7241 return 0;
7242
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007243 finished_trash->data = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007244 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007245 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04007246
7247 return 1;
David Sc1ad52e2014-04-08 18:48:47 -04007248}
Patrick Hemmer41966772018-04-28 19:15:48 -04007249#endif
David Sc1ad52e2014-04-08 18:48:47 -04007250
Emeric Brun2525b6b2012-10-18 15:59:43 +02007251/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007252static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007253smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007254{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007255 struct connection *conn;
7256
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007257 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007258 if (!conn || conn->xprt != &ssl_sock)
7259 return 0;
7260
7261 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007262 smp->flags = SMP_F_MAY_CHANGE;
7263 return 0;
7264 }
7265
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007266 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007267 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007268 smp->flags = 0;
7269
7270 return 1;
7271}
7272
Emeric Brun2525b6b2012-10-18 15:59:43 +02007273/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007274static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007275smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007276{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007277 struct connection *conn;
7278
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007279 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007280 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02007281 return 0;
7282
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007283 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007284 smp->flags = SMP_F_MAY_CHANGE;
7285 return 0;
7286 }
7287
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007288 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007289 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007290 smp->flags = 0;
7291
7292 return 1;
7293}
7294
Emeric Brun2525b6b2012-10-18 15:59:43 +02007295/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02007296static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007297smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007298{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007299 struct connection *conn;
7300
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007301 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007302 if (!conn || conn->xprt != &ssl_sock)
7303 return 0;
7304
7305 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007306 smp->flags = SMP_F_MAY_CHANGE;
7307 return 0;
7308 }
7309
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007310 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007311 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007312 smp->flags = 0;
7313
7314 return 1;
7315}
7316
Emeric Brun2525b6b2012-10-18 15:59:43 +02007317/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007318static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007319smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007320{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007321 struct connection *conn;
7322
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007323 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007324 if (!conn || conn->xprt != &ssl_sock)
7325 return 0;
7326
7327 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007328 smp->flags = SMP_F_MAY_CHANGE;
7329 return 0;
7330 }
7331
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007332 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007333 return 0;
7334
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007335 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007336 smp->data.u.sint = (long long int)SSL_get_verify_result(conn->xprt_ctx);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007337 smp->flags = 0;
7338
7339 return 1;
7340}
7341
Emeric Brunfb510ea2012-10-05 12:00:26 +02007342/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007343static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007344{
7345 if (!*args[cur_arg + 1]) {
7346 if (err)
7347 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7348 return ERR_ALERT | ERR_FATAL;
7349 }
7350
Willy Tarreauef934602016-12-22 23:12:01 +01007351 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7352 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007353 else
7354 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007355
Emeric Brund94b3fe2012-09-20 18:23:56 +02007356 return 0;
7357}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007358static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7359{
7360 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
7361}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007362
Christopher Faulet31af49d2015-06-09 17:29:50 +02007363/* parse the "ca-sign-file" bind keyword */
7364static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7365{
7366 if (!*args[cur_arg + 1]) {
7367 if (err)
7368 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7369 return ERR_ALERT | ERR_FATAL;
7370 }
7371
Willy Tarreauef934602016-12-22 23:12:01 +01007372 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7373 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02007374 else
7375 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
7376
7377 return 0;
7378}
7379
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007380/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02007381static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7382{
7383 if (!*args[cur_arg + 1]) {
7384 if (err)
7385 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
7386 return ERR_ALERT | ERR_FATAL;
7387 }
7388 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
7389 return 0;
7390}
7391
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007392/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007393static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007394{
7395 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007396 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007397 return ERR_ALERT | ERR_FATAL;
7398 }
7399
Emeric Brun76d88952012-10-05 15:47:31 +02007400 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02007401 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007402 return 0;
7403}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007404static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7405{
7406 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
7407}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02007408
7409#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
7410/* parse the "ciphersuites" bind keyword */
7411static int ssl_bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7412{
7413 if (!*args[cur_arg + 1]) {
7414 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
7415 return ERR_ALERT | ERR_FATAL;
7416 }
7417
7418 free(conf->ciphersuites);
7419 conf->ciphersuites = strdup(args[cur_arg + 1]);
7420 return 0;
7421}
7422static int bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7423{
7424 return ssl_bind_parse_ciphersuites(args, cur_arg, px, &conf->ssl_conf, err);
7425}
7426#endif
7427
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007428/* parse the "crt" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007429static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007430{
Willy Tarreau38011032013-08-13 16:59:39 +02007431 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02007432
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007433 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007434 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007435 return ERR_ALERT | ERR_FATAL;
7436 }
7437
Willy Tarreauef934602016-12-22 23:12:01 +01007438 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
7439 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02007440 memprintf(err, "'%s' : path too long", args[cur_arg]);
7441 return ERR_ALERT | ERR_FATAL;
7442 }
Willy Tarreauef934602016-12-22 23:12:01 +01007443 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreau03209342016-12-22 17:08:28 +01007444 if (ssl_sock_load_cert(path, conf, err) > 0)
Emeric Brunc8e8d122012-10-02 18:42:10 +02007445 return ERR_ALERT | ERR_FATAL;
7446
7447 return 0;
7448 }
7449
Willy Tarreau03209342016-12-22 17:08:28 +01007450 if (ssl_sock_load_cert(args[cur_arg + 1], conf, err) > 0)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007451 return ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007452
7453 return 0;
7454}
7455
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007456/* parse the "crt-list" bind keyword */
7457static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7458{
7459 if (!*args[cur_arg + 1]) {
7460 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
7461 return ERR_ALERT | ERR_FATAL;
7462 }
7463
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007464 if (ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err) > 0) {
Willy Tarreauad1731d2013-04-02 17:35:58 +02007465 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007466 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02007467 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007468
7469 return 0;
7470}
7471
Emeric Brunfb510ea2012-10-05 12:00:26 +02007472/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007473static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007474{
Emeric Brun051cdab2012-10-02 19:25:50 +02007475#ifndef X509_V_FLAG_CRL_CHECK
7476 if (err)
7477 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
7478 return ERR_ALERT | ERR_FATAL;
7479#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02007480 if (!*args[cur_arg + 1]) {
7481 if (err)
7482 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
7483 return ERR_ALERT | ERR_FATAL;
7484 }
Emeric Brun2b58d042012-09-20 17:10:03 +02007485
Willy Tarreauef934602016-12-22 23:12:01 +01007486 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7487 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007488 else
7489 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007490
Emeric Brun2b58d042012-09-20 17:10:03 +02007491 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02007492#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02007493}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007494static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7495{
7496 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
7497}
Emeric Brun2b58d042012-09-20 17:10:03 +02007498
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007499/* parse the "curves" bind keyword keyword */
7500static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7501{
7502#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
7503 if (!*args[cur_arg + 1]) {
7504 if (err)
7505 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
7506 return ERR_ALERT | ERR_FATAL;
7507 }
7508 conf->curves = strdup(args[cur_arg + 1]);
7509 return 0;
7510#else
7511 if (err)
7512 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
7513 return ERR_ALERT | ERR_FATAL;
7514#endif
7515}
7516static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7517{
7518 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
7519}
7520
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007521/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007522static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02007523{
7524#if OPENSSL_VERSION_NUMBER < 0x0090800fL
7525 if (err)
7526 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
7527 return ERR_ALERT | ERR_FATAL;
7528#elif defined(OPENSSL_NO_ECDH)
7529 if (err)
7530 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
7531 return ERR_ALERT | ERR_FATAL;
7532#else
7533 if (!*args[cur_arg + 1]) {
7534 if (err)
7535 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
7536 return ERR_ALERT | ERR_FATAL;
7537 }
7538
7539 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007540
7541 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02007542#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007543}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007544static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7545{
7546 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
7547}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007548
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007549/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02007550static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7551{
7552 int code;
7553 char *p = args[cur_arg + 1];
7554 unsigned long long *ignerr = &conf->crt_ignerr;
7555
7556 if (!*p) {
7557 if (err)
7558 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
7559 return ERR_ALERT | ERR_FATAL;
7560 }
7561
7562 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
7563 ignerr = &conf->ca_ignerr;
7564
7565 if (strcmp(p, "all") == 0) {
7566 *ignerr = ~0ULL;
7567 return 0;
7568 }
7569
7570 while (p) {
7571 code = atoi(p);
7572 if ((code <= 0) || (code > 63)) {
7573 if (err)
7574 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
7575 args[cur_arg], code, args[cur_arg + 1]);
7576 return ERR_ALERT | ERR_FATAL;
7577 }
7578 *ignerr |= 1ULL << code;
7579 p = strchr(p, ',');
7580 if (p)
7581 p++;
7582 }
7583
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007584 return 0;
7585}
7586
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007587/* parse tls_method_options "no-xxx" and "force-xxx" */
7588static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007589{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007590 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007591 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007592 p = strchr(arg, '-');
7593 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007594 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007595 p++;
7596 if (!strcmp(p, "sslv3"))
7597 v = CONF_SSLV3;
7598 else if (!strcmp(p, "tlsv10"))
7599 v = CONF_TLSV10;
7600 else if (!strcmp(p, "tlsv11"))
7601 v = CONF_TLSV11;
7602 else if (!strcmp(p, "tlsv12"))
7603 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02007604 else if (!strcmp(p, "tlsv13"))
7605 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007606 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007607 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007608 if (!strncmp(arg, "no-", 3))
7609 methods->flags |= methodVersions[v].flag;
7610 else if (!strncmp(arg, "force-", 6))
7611 methods->min = methods->max = v;
7612 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007613 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007614 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007615 fail:
7616 if (err)
7617 memprintf(err, "'%s' : option not implemented", arg);
7618 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007619}
7620
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007621static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007622{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007623 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007624}
7625
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007626static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007627{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007628 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
7629}
7630
7631/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
7632static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
7633{
7634 uint16_t i, v = 0;
7635 char *argv = args[cur_arg + 1];
7636 if (!*argv) {
7637 if (err)
7638 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
7639 return ERR_ALERT | ERR_FATAL;
7640 }
7641 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
7642 if (!strcmp(argv, methodVersions[i].name))
7643 v = i;
7644 if (!v) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007645 if (err)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007646 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007647 return ERR_ALERT | ERR_FATAL;
7648 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007649 if (!strcmp("ssl-min-ver", args[cur_arg]))
7650 methods->min = v;
7651 else if (!strcmp("ssl-max-ver", args[cur_arg]))
7652 methods->max = v;
7653 else {
7654 if (err)
7655 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
7656 return ERR_ALERT | ERR_FATAL;
7657 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007658 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007659}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007660
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02007661static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7662{
Lukas Tribus1aabc932019-03-05 23:14:32 +01007663#if (OPENSSL_VERSION_NUMBER < 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01007664 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02007665#endif
7666 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
7667}
7668
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007669static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7670{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007671 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007672}
7673
7674static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7675{
7676 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
7677}
7678
Emeric Brun2d0c4822012-10-02 13:45:20 +02007679/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01007680static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02007681{
Emeric Brun89675492012-10-05 13:48:26 +02007682 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02007683 return 0;
7684}
Emeric Brun2d0c4822012-10-02 13:45:20 +02007685
Olivier Houchardc2aae742017-09-22 18:26:28 +02007686/* parse the "allow-0rtt" bind keyword */
7687static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7688{
7689 conf->early_data = 1;
7690 return 0;
7691}
7692
7693static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7694{
Olivier Houchard9679ac92017-10-27 14:58:08 +02007695 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02007696 return 0;
7697}
7698
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007699/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007700static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007701{
Bernard Spil13c53f82018-02-15 13:34:58 +01007702#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007703 char *p1, *p2;
7704
7705 if (!*args[cur_arg + 1]) {
7706 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
7707 return ERR_ALERT | ERR_FATAL;
7708 }
7709
7710 free(conf->npn_str);
7711
Willy Tarreau3724da12016-02-12 17:11:12 +01007712 /* the NPN string is built as a suite of (<len> <name>)*,
7713 * so we reuse each comma to store the next <len> and need
7714 * one more for the end of the string.
7715 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007716 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01007717 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007718 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
7719
7720 /* replace commas with the name length */
7721 p1 = conf->npn_str;
7722 p2 = p1 + 1;
7723 while (1) {
7724 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
7725 if (!p2)
7726 p2 = p1 + 1 + strlen(p1 + 1);
7727
7728 if (p2 - (p1 + 1) > 255) {
7729 *p2 = '\0';
7730 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
7731 return ERR_ALERT | ERR_FATAL;
7732 }
7733
7734 *p1 = p2 - (p1 + 1);
7735 p1 = p2;
7736
7737 if (!*p2)
7738 break;
7739
7740 *(p2++) = '\0';
7741 }
7742 return 0;
7743#else
7744 if (err)
7745 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
7746 return ERR_ALERT | ERR_FATAL;
7747#endif
7748}
7749
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007750static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7751{
7752 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
7753}
7754
Willy Tarreauab861d32013-04-02 02:30:41 +02007755/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007756static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02007757{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01007758#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02007759 char *p1, *p2;
7760
7761 if (!*args[cur_arg + 1]) {
7762 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
7763 return ERR_ALERT | ERR_FATAL;
7764 }
7765
7766 free(conf->alpn_str);
7767
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01007768 /* the ALPN string is built as a suite of (<len> <name>)*,
7769 * so we reuse each comma to store the next <len> and need
7770 * one more for the end of the string.
7771 */
Willy Tarreauab861d32013-04-02 02:30:41 +02007772 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01007773 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02007774 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
7775
7776 /* replace commas with the name length */
7777 p1 = conf->alpn_str;
7778 p2 = p1 + 1;
7779 while (1) {
7780 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
7781 if (!p2)
7782 p2 = p1 + 1 + strlen(p1 + 1);
7783
7784 if (p2 - (p1 + 1) > 255) {
7785 *p2 = '\0';
7786 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
7787 return ERR_ALERT | ERR_FATAL;
7788 }
7789
7790 *p1 = p2 - (p1 + 1);
7791 p1 = p2;
7792
7793 if (!*p2)
7794 break;
7795
7796 *(p2++) = '\0';
7797 }
7798 return 0;
7799#else
7800 if (err)
7801 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
7802 return ERR_ALERT | ERR_FATAL;
7803#endif
7804}
7805
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007806static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7807{
7808 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
7809}
7810
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007811/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007812static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007813{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01007814 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02007815 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02007816
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007817 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
7818 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Dirkjan Bussink415150f2018-09-14 11:14:21 +02007819#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
7820 if (global_ssl.listen_default_ciphersuites && !conf->ssl_conf.ciphersuites)
7821 conf->ssl_conf.ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
7822#endif
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01007823 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007824 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
7825 if (!conf->ssl_conf.ssl_methods.min)
7826 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
7827 if (!conf->ssl_conf.ssl_methods.max)
7828 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02007829
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007830 return 0;
7831}
7832
Lukas Tribus53ae85c2017-05-04 15:45:40 +00007833/* parse the "prefer-client-ciphers" bind keyword */
7834static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7835{
7836 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
7837 return 0;
7838}
7839
Christopher Faulet31af49d2015-06-09 17:29:50 +02007840/* parse the "generate-certificates" bind keyword */
7841static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7842{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01007843#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02007844 conf->generate_certs = 1;
7845#else
7846 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
7847 err && *err ? *err : "");
7848#endif
7849 return 0;
7850}
7851
Emmanuel Hocdet65623372013-01-24 17:17:15 +01007852/* parse the "strict-sni" bind keyword */
7853static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7854{
7855 conf->strict_sni = 1;
7856 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007857}
7858
7859/* parse the "tls-ticket-keys" bind keyword */
7860static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7861{
7862#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
7863 FILE *f;
7864 int i = 0;
7865 char thisline[LINESIZE];
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007866 struct tls_keys_ref *keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007867
7868 if (!*args[cur_arg + 1]) {
7869 if (err)
7870 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
7871 return ERR_ALERT | ERR_FATAL;
7872 }
7873
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007874 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02007875 if (keys_ref) {
7876 keys_ref->refcount++;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007877 conf->keys_ref = keys_ref;
7878 return 0;
7879 }
7880
Vincent Bernat02779b62016-04-03 13:48:43 +02007881 keys_ref = malloc(sizeof(*keys_ref));
Emeric Brun09852f72019-01-10 10:51:13 +01007882 if (!keys_ref) {
7883 if (err)
7884 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
7885 return ERR_ALERT | ERR_FATAL;
7886 }
7887
Emeric Brun9e754772019-01-10 17:51:55 +01007888 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(union tls_sess_key));
Emeric Brun09852f72019-01-10 10:51:13 +01007889 if (!keys_ref->tlskeys) {
7890 free(keys_ref);
7891 if (err)
7892 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
7893 return ERR_ALERT | ERR_FATAL;
7894 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007895
7896 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
Emeric Brun09852f72019-01-10 10:51:13 +01007897 free(keys_ref->tlskeys);
7898 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007899 if (err)
7900 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
7901 return ERR_ALERT | ERR_FATAL;
7902 }
7903
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007904 keys_ref->filename = strdup(args[cur_arg + 1]);
Emeric Brun09852f72019-01-10 10:51:13 +01007905 if (!keys_ref->filename) {
7906 free(keys_ref->tlskeys);
7907 free(keys_ref);
7908 if (err)
7909 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
7910 return ERR_ALERT | ERR_FATAL;
7911 }
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007912
Emeric Brun9e754772019-01-10 17:51:55 +01007913 keys_ref->key_size_bits = 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007914 while (fgets(thisline, sizeof(thisline), f) != NULL) {
7915 int len = strlen(thisline);
Emeric Brun9e754772019-01-10 17:51:55 +01007916 int dec_size;
7917
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007918 /* Strip newline characters from the end */
7919 if(thisline[len - 1] == '\n')
7920 thisline[--len] = 0;
7921
7922 if(thisline[len - 1] == '\r')
7923 thisline[--len] = 0;
7924
Emeric Brun9e754772019-01-10 17:51:55 +01007925 dec_size = base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(union tls_sess_key));
7926 if (dec_size < 0) {
Emeric Brun09852f72019-01-10 10:51:13 +01007927 free(keys_ref->filename);
7928 free(keys_ref->tlskeys);
7929 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007930 if (err)
7931 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
mildis16aa0152016-06-22 17:46:29 +02007932 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007933 return ERR_ALERT | ERR_FATAL;
7934 }
Emeric Brun9e754772019-01-10 17:51:55 +01007935 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_128))) {
7936 keys_ref->key_size_bits = 128;
7937 }
7938 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_256))) {
7939 keys_ref->key_size_bits = 256;
7940 }
7941 else if (((dec_size != sizeof(struct tls_sess_key_128)) && (dec_size != sizeof(struct tls_sess_key_256)))
7942 || ((dec_size == sizeof(struct tls_sess_key_128) && (keys_ref->key_size_bits != 128)))
7943 || ((dec_size == sizeof(struct tls_sess_key_256) && (keys_ref->key_size_bits != 256)))) {
7944 free(keys_ref->filename);
7945 free(keys_ref->tlskeys);
7946 free(keys_ref);
7947 if (err)
7948 memprintf(err, "'%s' : wrong sized key on line %d", args[cur_arg+1], i + 1);
7949 fclose(f);
7950 return ERR_ALERT | ERR_FATAL;
7951 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007952 i++;
7953 }
7954
7955 if (i < TLS_TICKETS_NO) {
Emeric Brun09852f72019-01-10 10:51:13 +01007956 free(keys_ref->filename);
7957 free(keys_ref->tlskeys);
7958 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007959 if (err)
7960 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
mildis16aa0152016-06-22 17:46:29 +02007961 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007962 return ERR_ALERT | ERR_FATAL;
7963 }
7964
7965 fclose(f);
7966
7967 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01007968 i -= 2;
7969 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007970 keys_ref->unique_id = -1;
Willy Tarreau17b4aa12018-07-17 10:05:32 +02007971 keys_ref->refcount = 1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01007972 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007973 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007974
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007975 LIST_ADD(&tlskeys_reference, &keys_ref->list);
7976
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007977 return 0;
7978#else
7979 if (err)
7980 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
7981 return ERR_ALERT | ERR_FATAL;
7982#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01007983}
7984
Emeric Brund94b3fe2012-09-20 18:23:56 +02007985/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007986static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007987{
7988 if (!*args[cur_arg + 1]) {
7989 if (err)
7990 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
7991 return ERR_ALERT | ERR_FATAL;
7992 }
7993
7994 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007995 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007996 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007997 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007998 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007999 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008000 else {
8001 if (err)
8002 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
8003 args[cur_arg], args[cur_arg + 1]);
8004 return ERR_ALERT | ERR_FATAL;
8005 }
8006
8007 return 0;
8008}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008009static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8010{
8011 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
8012}
Emeric Brund94b3fe2012-09-20 18:23:56 +02008013
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008014/* parse the "no-ca-names" bind keyword */
8015static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8016{
8017 conf->no_ca_names = 1;
8018 return 0;
8019}
8020static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8021{
8022 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
8023}
8024
Willy Tarreau92faadf2012-10-10 23:04:25 +02008025/************** "server" keywords ****************/
8026
Olivier Houchardc7566002018-11-20 23:33:50 +01008027/* parse the "npn" bind keyword */
8028static int srv_parse_npn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8029{
8030#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
8031 char *p1, *p2;
8032
8033 if (!*args[*cur_arg + 1]) {
8034 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[*cur_arg]);
8035 return ERR_ALERT | ERR_FATAL;
8036 }
8037
8038 free(newsrv->ssl_ctx.npn_str);
8039
8040 /* the NPN string is built as a suite of (<len> <name>)*,
8041 * so we reuse each comma to store the next <len> and need
8042 * one more for the end of the string.
8043 */
8044 newsrv->ssl_ctx.npn_len = strlen(args[*cur_arg + 1]) + 1;
8045 newsrv->ssl_ctx.npn_str = calloc(1, newsrv->ssl_ctx.npn_len + 1);
8046 memcpy(newsrv->ssl_ctx.npn_str + 1, args[*cur_arg + 1],
8047 newsrv->ssl_ctx.npn_len);
8048
8049 /* replace commas with the name length */
8050 p1 = newsrv->ssl_ctx.npn_str;
8051 p2 = p1 + 1;
8052 while (1) {
8053 p2 = memchr(p1 + 1, ',', newsrv->ssl_ctx.npn_str +
8054 newsrv->ssl_ctx.npn_len - (p1 + 1));
8055 if (!p2)
8056 p2 = p1 + 1 + strlen(p1 + 1);
8057
8058 if (p2 - (p1 + 1) > 255) {
8059 *p2 = '\0';
8060 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8061 return ERR_ALERT | ERR_FATAL;
8062 }
8063
8064 *p1 = p2 - (p1 + 1);
8065 p1 = p2;
8066
8067 if (!*p2)
8068 break;
8069
8070 *(p2++) = '\0';
8071 }
8072 return 0;
8073#else
8074 if (err)
8075 memprintf(err, "'%s' : library does not support TLS NPN extension", args[*cur_arg]);
8076 return ERR_ALERT | ERR_FATAL;
8077#endif
8078}
8079
Olivier Houchard92150142018-12-21 19:47:01 +01008080/* parse the "alpn" or the "check-alpn" server keyword */
Olivier Houchardc7566002018-11-20 23:33:50 +01008081static int srv_parse_alpn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8082{
8083#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
8084 char *p1, *p2;
Olivier Houchard92150142018-12-21 19:47:01 +01008085 char **alpn_str;
8086 int *alpn_len;
Olivier Houchardc7566002018-11-20 23:33:50 +01008087
Olivier Houchard92150142018-12-21 19:47:01 +01008088 if (*args[*cur_arg] == 'c') {
8089 alpn_str = &newsrv->check.alpn_str;
8090 alpn_len = &newsrv->check.alpn_len;
8091 } else {
8092 alpn_str = &newsrv->ssl_ctx.alpn_str;
8093 alpn_len = &newsrv->ssl_ctx.alpn_len;
8094
8095 }
Olivier Houchardc7566002018-11-20 23:33:50 +01008096 if (!*args[*cur_arg + 1]) {
8097 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[*cur_arg]);
8098 return ERR_ALERT | ERR_FATAL;
8099 }
8100
Olivier Houchard92150142018-12-21 19:47:01 +01008101 free(*alpn_str);
Olivier Houchardc7566002018-11-20 23:33:50 +01008102
8103 /* the ALPN string is built as a suite of (<len> <name>)*,
8104 * so we reuse each comma to store the next <len> and need
8105 * one more for the end of the string.
8106 */
Olivier Houchard92150142018-12-21 19:47:01 +01008107 *alpn_len = strlen(args[*cur_arg + 1]) + 1;
8108 *alpn_str = calloc(1, *alpn_len + 1);
8109 memcpy(*alpn_str + 1, args[*cur_arg + 1], *alpn_len);
Olivier Houchardc7566002018-11-20 23:33:50 +01008110
8111 /* replace commas with the name length */
Olivier Houchard92150142018-12-21 19:47:01 +01008112 p1 = *alpn_str;
Olivier Houchardc7566002018-11-20 23:33:50 +01008113 p2 = p1 + 1;
8114 while (1) {
Olivier Houchard92150142018-12-21 19:47:01 +01008115 p2 = memchr(p1 + 1, ',', *alpn_str + *alpn_len - (p1 + 1));
Olivier Houchardc7566002018-11-20 23:33:50 +01008116 if (!p2)
8117 p2 = p1 + 1 + strlen(p1 + 1);
8118
8119 if (p2 - (p1 + 1) > 255) {
8120 *p2 = '\0';
8121 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8122 return ERR_ALERT | ERR_FATAL;
8123 }
8124
8125 *p1 = p2 - (p1 + 1);
8126 p1 = p2;
8127
8128 if (!*p2)
8129 break;
8130
8131 *(p2++) = '\0';
8132 }
8133 return 0;
8134#else
8135 if (err)
8136 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[*cur_arg]);
8137 return ERR_ALERT | ERR_FATAL;
8138#endif
8139}
8140
Emeric Brunef42d922012-10-11 16:11:36 +02008141/* parse the "ca-file" server keyword */
8142static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8143{
8144 if (!*args[*cur_arg + 1]) {
8145 if (err)
8146 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
8147 return ERR_ALERT | ERR_FATAL;
8148 }
8149
Willy Tarreauef934602016-12-22 23:12:01 +01008150 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8151 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008152 else
8153 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
8154
8155 return 0;
8156}
8157
Olivier Houchard9130a962017-10-17 17:33:43 +02008158/* parse the "check-sni" server keyword */
8159static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8160{
8161 if (!*args[*cur_arg + 1]) {
8162 if (err)
8163 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
8164 return ERR_ALERT | ERR_FATAL;
8165 }
8166
8167 newsrv->check.sni = strdup(args[*cur_arg + 1]);
8168 if (!newsrv->check.sni) {
8169 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
8170 return ERR_ALERT | ERR_FATAL;
8171 }
8172 return 0;
8173
8174}
8175
Willy Tarreau92faadf2012-10-10 23:04:25 +02008176/* parse the "check-ssl" server keyword */
8177static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8178{
8179 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008180 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8181 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008182#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
8183 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8184 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8185#endif
Willy Tarreauef934602016-12-22 23:12:01 +01008186 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008187 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
8188 if (!newsrv->ssl_ctx.methods.min)
8189 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
8190 if (!newsrv->ssl_ctx.methods.max)
8191 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
8192
Willy Tarreau92faadf2012-10-10 23:04:25 +02008193 return 0;
8194}
8195
8196/* parse the "ciphers" server keyword */
8197static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8198{
8199 if (!*args[*cur_arg + 1]) {
8200 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8201 return ERR_ALERT | ERR_FATAL;
8202 }
8203
8204 free(newsrv->ssl_ctx.ciphers);
8205 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
8206 return 0;
8207}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008208
8209#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
8210/* parse the "ciphersuites" server keyword */
8211static int srv_parse_ciphersuites(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8212{
8213 if (!*args[*cur_arg + 1]) {
8214 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8215 return ERR_ALERT | ERR_FATAL;
8216 }
8217
8218 free(newsrv->ssl_ctx.ciphersuites);
8219 newsrv->ssl_ctx.ciphersuites = strdup(args[*cur_arg + 1]);
8220 return 0;
8221}
8222#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02008223
Emeric Brunef42d922012-10-11 16:11:36 +02008224/* parse the "crl-file" server keyword */
8225static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8226{
8227#ifndef X509_V_FLAG_CRL_CHECK
8228 if (err)
8229 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
8230 return ERR_ALERT | ERR_FATAL;
8231#else
8232 if (!*args[*cur_arg + 1]) {
8233 if (err)
8234 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
8235 return ERR_ALERT | ERR_FATAL;
8236 }
8237
Willy Tarreauef934602016-12-22 23:12:01 +01008238 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8239 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008240 else
8241 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
8242
8243 return 0;
8244#endif
8245}
8246
Emeric Bruna7aa3092012-10-26 12:58:00 +02008247/* parse the "crt" server keyword */
8248static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8249{
8250 if (!*args[*cur_arg + 1]) {
8251 if (err)
8252 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
8253 return ERR_ALERT | ERR_FATAL;
8254 }
8255
Willy Tarreauef934602016-12-22 23:12:01 +01008256 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01008257 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02008258 else
8259 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
8260
8261 return 0;
8262}
Emeric Brunef42d922012-10-11 16:11:36 +02008263
Frédéric Lécaille340ae602017-03-13 10:38:04 +01008264/* parse the "no-check-ssl" server keyword */
8265static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8266{
8267 newsrv->check.use_ssl = 0;
8268 free(newsrv->ssl_ctx.ciphers);
8269 newsrv->ssl_ctx.ciphers = NULL;
8270 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
8271 return 0;
8272}
8273
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01008274/* parse the "no-send-proxy-v2-ssl" server keyword */
8275static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8276{
8277 newsrv->pp_opts &= ~SRV_PP_V2;
8278 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8279 return 0;
8280}
8281
8282/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
8283static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8284{
8285 newsrv->pp_opts &= ~SRV_PP_V2;
8286 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8287 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
8288 return 0;
8289}
8290
Frédéric Lécaillee381d762017-03-13 11:54:17 +01008291/* parse the "no-ssl" server keyword */
8292static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8293{
8294 newsrv->use_ssl = 0;
8295 free(newsrv->ssl_ctx.ciphers);
8296 newsrv->ssl_ctx.ciphers = NULL;
8297 return 0;
8298}
8299
Olivier Houchard522eea72017-11-03 16:27:47 +01008300/* parse the "allow-0rtt" server keyword */
8301static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8302{
8303 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
8304 return 0;
8305}
8306
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01008307/* parse the "no-ssl-reuse" server keyword */
8308static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8309{
8310 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
8311 return 0;
8312}
8313
Emeric Brunf9c5c472012-10-11 15:28:34 +02008314/* parse the "no-tls-tickets" server keyword */
8315static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8316{
8317 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
8318 return 0;
8319}
David Safb76832014-05-08 23:42:08 -04008320/* parse the "send-proxy-v2-ssl" server keyword */
8321static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8322{
8323 newsrv->pp_opts |= SRV_PP_V2;
8324 newsrv->pp_opts |= SRV_PP_V2_SSL;
8325 return 0;
8326}
8327
8328/* parse the "send-proxy-v2-ssl-cn" server keyword */
8329static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8330{
8331 newsrv->pp_opts |= SRV_PP_V2;
8332 newsrv->pp_opts |= SRV_PP_V2_SSL;
8333 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
8334 return 0;
8335}
Emeric Brunf9c5c472012-10-11 15:28:34 +02008336
Willy Tarreau732eac42015-07-09 11:40:25 +02008337/* parse the "sni" server keyword */
8338static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8339{
8340#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
8341 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
8342 return ERR_ALERT | ERR_FATAL;
8343#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008344 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02008345
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008346 arg = args[*cur_arg + 1];
8347 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02008348 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
8349 return ERR_ALERT | ERR_FATAL;
8350 }
8351
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008352 free(newsrv->sni_expr);
8353 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02008354
Willy Tarreau732eac42015-07-09 11:40:25 +02008355 return 0;
8356#endif
8357}
8358
Willy Tarreau92faadf2012-10-10 23:04:25 +02008359/* parse the "ssl" server keyword */
8360static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8361{
8362 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008363 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8364 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008365#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
8366 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8367 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8368#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02008369 return 0;
8370}
8371
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008372/* parse the "ssl-reuse" server keyword */
8373static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8374{
8375 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
8376 return 0;
8377}
8378
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008379/* parse the "tls-tickets" server keyword */
8380static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8381{
8382 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
8383 return 0;
8384}
8385
Emeric Brunef42d922012-10-11 16:11:36 +02008386/* parse the "verify" server keyword */
8387static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8388{
8389 if (!*args[*cur_arg + 1]) {
8390 if (err)
8391 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
8392 return ERR_ALERT | ERR_FATAL;
8393 }
8394
8395 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008396 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02008397 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008398 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02008399 else {
8400 if (err)
8401 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
8402 args[*cur_arg], args[*cur_arg + 1]);
8403 return ERR_ALERT | ERR_FATAL;
8404 }
8405
Evan Broderbe554312013-06-27 00:05:25 -07008406 return 0;
8407}
8408
8409/* parse the "verifyhost" server keyword */
8410static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8411{
8412 if (!*args[*cur_arg + 1]) {
8413 if (err)
8414 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
8415 return ERR_ALERT | ERR_FATAL;
8416 }
8417
Frédéric Lécaille273f3212017-03-13 15:52:01 +01008418 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07008419 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
8420
Emeric Brunef42d922012-10-11 16:11:36 +02008421 return 0;
8422}
8423
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008424/* parse the "ssl-default-bind-options" keyword in global section */
8425static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
8426 struct proxy *defpx, const char *file, int line,
8427 char **err) {
8428 int i = 1;
8429
8430 if (*(args[i]) == 0) {
8431 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8432 return -1;
8433 }
8434 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008435 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008436 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008437 else if (!strcmp(args[i], "prefer-client-ciphers"))
8438 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008439 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8440 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
8441 i++;
8442 else {
8443 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8444 return -1;
8445 }
8446 }
8447 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008448 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8449 return -1;
8450 }
8451 i++;
8452 }
8453 return 0;
8454}
8455
8456/* parse the "ssl-default-server-options" keyword in global section */
8457static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
8458 struct proxy *defpx, const char *file, int line,
8459 char **err) {
8460 int i = 1;
8461
8462 if (*(args[i]) == 0) {
8463 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8464 return -1;
8465 }
8466 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008467 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008468 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008469 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8470 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
8471 i++;
8472 else {
8473 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8474 return -1;
8475 }
8476 }
8477 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008478 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8479 return -1;
8480 }
8481 i++;
8482 }
8483 return 0;
8484}
8485
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008486/* parse the "ca-base" / "crt-base" keywords in global section.
8487 * Returns <0 on alert, >0 on warning, 0 on success.
8488 */
8489static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
8490 struct proxy *defpx, const char *file, int line,
8491 char **err)
8492{
8493 char **target;
8494
Willy Tarreauef934602016-12-22 23:12:01 +01008495 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008496
8497 if (too_many_args(1, args, err, NULL))
8498 return -1;
8499
8500 if (*target) {
8501 memprintf(err, "'%s' already specified.", args[0]);
8502 return -1;
8503 }
8504
8505 if (*(args[1]) == 0) {
8506 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
8507 return -1;
8508 }
8509 *target = strdup(args[1]);
8510 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008511}
8512
8513/* parse the "ssl-mode-async" keyword in global section.
8514 * Returns <0 on alert, >0 on warning, 0 on success.
8515 */
8516static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
8517 struct proxy *defpx, const char *file, int line,
8518 char **err)
8519{
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02008520#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008521 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01008522 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008523 return 0;
8524#else
8525 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
8526 return -1;
8527#endif
8528}
8529
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008530#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008531static int ssl_check_async_engine_count(void) {
8532 int err_code = 0;
8533
Emeric Brun3854e012017-05-17 20:42:48 +02008534 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01008535 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008536 err_code = ERR_ABORT;
8537 }
8538 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008539}
8540
Grant Zhang872f9c22017-01-21 01:10:18 +00008541/* parse the "ssl-engine" keyword in global section.
8542 * Returns <0 on alert, >0 on warning, 0 on success.
8543 */
8544static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
8545 struct proxy *defpx, const char *file, int line,
8546 char **err)
8547{
8548 char *algo;
8549 int ret = -1;
8550
8551 if (*(args[1]) == 0) {
8552 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
8553 return ret;
8554 }
8555
8556 if (*(args[2]) == 0) {
8557 /* if no list of algorithms is given, it defaults to ALL */
8558 algo = strdup("ALL");
8559 goto add_engine;
8560 }
8561
8562 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
8563 if (strcmp(args[2], "algo") != 0) {
8564 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
8565 return ret;
8566 }
8567
8568 if (*(args[3]) == 0) {
8569 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
8570 return ret;
8571 }
8572 algo = strdup(args[3]);
8573
8574add_engine:
8575 if (ssl_init_single_engine(args[1], algo)==0) {
8576 openssl_engines_initialized++;
8577 ret = 0;
8578 }
8579 free(algo);
8580 return ret;
8581}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008582#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00008583
Willy Tarreauf22e9682016-12-21 23:23:19 +01008584/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
8585 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
8586 */
8587static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
8588 struct proxy *defpx, const char *file, int line,
8589 char **err)
8590{
8591 char **target;
8592
Willy Tarreauef934602016-12-22 23:12:01 +01008593 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01008594
8595 if (too_many_args(1, args, err, NULL))
8596 return -1;
8597
8598 if (*(args[1]) == 0) {
8599 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
8600 return -1;
8601 }
8602
8603 free(*target);
8604 *target = strdup(args[1]);
8605 return 0;
8606}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008607
8608#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
8609/* parse the "ssl-default-bind-ciphersuites" / "ssl-default-server-ciphersuites" keywords
8610 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
8611 */
8612static int ssl_parse_global_ciphersuites(char **args, int section_type, struct proxy *curpx,
8613 struct proxy *defpx, const char *file, int line,
8614 char **err)
8615{
8616 char **target;
8617
8618 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphersuites : &global_ssl.connect_default_ciphersuites;
8619
8620 if (too_many_args(1, args, err, NULL))
8621 return -1;
8622
8623 if (*(args[1]) == 0) {
8624 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
8625 return -1;
8626 }
8627
8628 free(*target);
8629 *target = strdup(args[1]);
8630 return 0;
8631}
8632#endif
Willy Tarreauf22e9682016-12-21 23:23:19 +01008633
Willy Tarreau9ceda382016-12-21 23:13:03 +01008634/* parse various global tune.ssl settings consisting in positive integers.
8635 * Returns <0 on alert, >0 on warning, 0 on success.
8636 */
8637static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
8638 struct proxy *defpx, const char *file, int line,
8639 char **err)
8640{
8641 int *target;
8642
8643 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
8644 target = &global.tune.sslcachesize;
8645 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01008646 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008647 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01008648 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01008649 else if (strcmp(args[0], "maxsslconn") == 0)
8650 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008651 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
8652 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008653 else {
8654 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
8655 return -1;
8656 }
8657
8658 if (too_many_args(1, args, err, NULL))
8659 return -1;
8660
8661 if (*(args[1]) == 0) {
8662 memprintf(err, "'%s' expects an integer argument.", args[0]);
8663 return -1;
8664 }
8665
8666 *target = atoi(args[1]);
8667 if (*target < 0) {
8668 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
8669 return -1;
8670 }
8671 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008672}
8673
8674static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
8675 struct proxy *defpx, const char *file, int line,
8676 char **err)
8677{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008678 int ret;
8679
8680 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
8681 if (ret != 0)
8682 return ret;
8683
Willy Tarreaubafbe012017-11-24 17:34:44 +01008684 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008685 memprintf(err, "'%s' is already configured.", args[0]);
8686 return -1;
8687 }
8688
Willy Tarreaubafbe012017-11-24 17:34:44 +01008689 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
8690 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008691 memprintf(err, "Out of memory error.");
8692 return -1;
8693 }
8694 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008695}
8696
8697/* parse "ssl.force-private-cache".
8698 * Returns <0 on alert, >0 on warning, 0 on success.
8699 */
8700static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
8701 struct proxy *defpx, const char *file, int line,
8702 char **err)
8703{
8704 if (too_many_args(0, args, err, NULL))
8705 return -1;
8706
Willy Tarreauef934602016-12-22 23:12:01 +01008707 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008708 return 0;
8709}
8710
8711/* parse "ssl.lifetime".
8712 * Returns <0 on alert, >0 on warning, 0 on success.
8713 */
8714static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
8715 struct proxy *defpx, const char *file, int line,
8716 char **err)
8717{
8718 const char *res;
8719
8720 if (too_many_args(1, args, err, NULL))
8721 return -1;
8722
8723 if (*(args[1]) == 0) {
8724 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
8725 return -1;
8726 }
8727
Willy Tarreauef934602016-12-22 23:12:01 +01008728 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9ceda382016-12-21 23:13:03 +01008729 if (res) {
8730 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
8731 return -1;
8732 }
8733 return 0;
8734}
8735
8736#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01008737/* parse "ssl-dh-param-file".
8738 * Returns <0 on alert, >0 on warning, 0 on success.
8739 */
8740static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
8741 struct proxy *defpx, const char *file, int line,
8742 char **err)
8743{
8744 if (too_many_args(1, args, err, NULL))
8745 return -1;
8746
8747 if (*(args[1]) == 0) {
8748 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
8749 return -1;
8750 }
8751
8752 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
8753 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
8754 return -1;
8755 }
8756 return 0;
8757}
8758
Willy Tarreau9ceda382016-12-21 23:13:03 +01008759/* parse "ssl.default-dh-param".
8760 * Returns <0 on alert, >0 on warning, 0 on success.
8761 */
8762static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
8763 struct proxy *defpx, const char *file, int line,
8764 char **err)
8765{
8766 if (too_many_args(1, args, err, NULL))
8767 return -1;
8768
8769 if (*(args[1]) == 0) {
8770 memprintf(err, "'%s' expects an integer argument.", args[0]);
8771 return -1;
8772 }
8773
Willy Tarreauef934602016-12-22 23:12:01 +01008774 global_ssl.default_dh_param = atoi(args[1]);
8775 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01008776 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
8777 return -1;
8778 }
8779 return 0;
8780}
8781#endif
8782
8783
William Lallemand32af2032016-10-29 18:09:35 +02008784/* This function is used with TLS ticket keys management. It permits to browse
8785 * each reference. The variable <getnext> must contain the current node,
8786 * <end> point to the root node.
8787 */
8788#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8789static inline
8790struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
8791{
8792 struct tls_keys_ref *ref = getnext;
8793
8794 while (1) {
8795
8796 /* Get next list entry. */
8797 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
8798
8799 /* If the entry is the last of the list, return NULL. */
8800 if (&ref->list == end)
8801 return NULL;
8802
8803 return ref;
8804 }
8805}
8806
8807static inline
8808struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
8809{
8810 int id;
8811 char *error;
8812
8813 /* If the reference starts by a '#', this is numeric id. */
8814 if (reference[0] == '#') {
8815 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
8816 id = strtol(reference + 1, &error, 10);
8817 if (*error != '\0')
8818 return NULL;
8819
8820 /* Perform the unique id lookup. */
8821 return tlskeys_ref_lookupid(id);
8822 }
8823
8824 /* Perform the string lookup. */
8825 return tlskeys_ref_lookup(reference);
8826}
8827#endif
8828
8829
8830#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8831
8832static int cli_io_handler_tlskeys_files(struct appctx *appctx);
8833
8834static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
8835 return cli_io_handler_tlskeys_files(appctx);
8836}
8837
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008838/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
8839 * (next index to be dumped), and cli.p0 (next key reference).
8840 */
William Lallemand32af2032016-10-29 18:09:35 +02008841static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
8842
8843 struct stream_interface *si = appctx->owner;
8844
8845 switch (appctx->st2) {
8846 case STAT_ST_INIT:
8847 /* Display the column headers. If the message cannot be sent,
Joseph Herlant017b3da2018-11-15 09:07:59 -08008848 * quit the function with returning 0. The function is called
William Lallemand32af2032016-10-29 18:09:35 +02008849 * later and restart at the state "STAT_ST_INIT".
8850 */
8851 chunk_reset(&trash);
8852
8853 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
8854 chunk_appendf(&trash, "# id secret\n");
8855 else
8856 chunk_appendf(&trash, "# id (file)\n");
8857
Willy Tarreau06d80a92017-10-19 14:32:15 +02008858 if (ci_putchk(si_ic(si), &trash) == -1) {
Willy Tarreaudb398432018-11-15 11:08:52 +01008859 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02008860 return 0;
8861 }
8862
William Lallemand32af2032016-10-29 18:09:35 +02008863 /* Now, we start the browsing of the references lists.
8864 * Note that the following call to LIST_ELEM return bad pointer. The only
8865 * available field of this pointer is <list>. It is used with the function
8866 * tlskeys_list_get_next() for retruning the first available entry
8867 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008868 if (appctx->ctx.cli.p0 == NULL) {
8869 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
8870 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02008871 }
8872
8873 appctx->st2 = STAT_ST_LIST;
8874 /* fall through */
8875
8876 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008877 while (appctx->ctx.cli.p0) {
8878 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +02008879
8880 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008881 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +02008882 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008883
8884 if (appctx->ctx.cli.i1 == 0)
8885 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
8886
William Lallemand32af2032016-10-29 18:09:35 +02008887 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +01008888 int head;
8889
8890 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
8891 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008892 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
Willy Tarreau83061a82018-07-13 11:56:34 +02008893 struct buffer *t2 = get_trash_chunk();
William Lallemand32af2032016-10-29 18:09:35 +02008894
8895 chunk_reset(t2);
8896 /* should never fail here because we dump only a key in the t2 buffer */
Emeric Brun9e754772019-01-10 17:51:55 +01008897 if (ref->key_size_bits == 128) {
8898 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
8899 sizeof(struct tls_sess_key_128),
8900 t2->area, t2->size);
8901 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
8902 t2->area);
8903 }
8904 else if (ref->key_size_bits == 256) {
8905 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
8906 sizeof(struct tls_sess_key_256),
8907 t2->area, t2->size);
8908 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
8909 t2->area);
8910 }
8911 else {
8912 /* This case should never happen */
8913 chunk_appendf(&trash, "%d.%d <unknown>\n", ref->unique_id, appctx->ctx.cli.i1);
8914 }
William Lallemand32af2032016-10-29 18:09:35 +02008915
Willy Tarreau06d80a92017-10-19 14:32:15 +02008916 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008917 /* let's try again later from this stream. We add ourselves into
8918 * this stream's users so that it can remove us upon termination.
8919 */
Christopher Faulet16f45c82018-02-16 11:23:49 +01008920 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreaudb398432018-11-15 11:08:52 +01008921 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02008922 return 0;
8923 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008924 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +02008925 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01008926 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008927 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +02008928 }
Willy Tarreau06d80a92017-10-19 14:32:15 +02008929 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008930 /* let's try again later from this stream. We add ourselves into
8931 * this stream's users so that it can remove us upon termination.
8932 */
Willy Tarreaudb398432018-11-15 11:08:52 +01008933 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02008934 return 0;
8935 }
8936
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008937 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +02008938 break;
8939
8940 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008941 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02008942 }
8943
8944 appctx->st2 = STAT_ST_FIN;
8945 /* fall through */
8946
8947 default:
8948 appctx->st2 = STAT_ST_FIN;
8949 return 1;
8950 }
8951 return 0;
8952}
8953
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008954/* sets cli.i0 to non-zero if only file lists should be dumped */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02008955static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02008956{
William Lallemand32af2032016-10-29 18:09:35 +02008957 /* no parameter, shows only file list */
8958 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008959 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02008960 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01008961 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02008962 }
8963
8964 if (args[2][0] == '*') {
8965 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008966 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02008967 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008968 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
8969 if (!appctx->ctx.cli.p0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008970 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008971 appctx->ctx.cli.msg = "'show tls-keys' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008972 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008973 return 1;
8974 }
8975 }
William Lallemand32af2032016-10-29 18:09:35 +02008976 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01008977 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02008978}
8979
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02008980static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02008981{
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008982 struct tls_keys_ref *ref;
Willy Tarreau1c913e42018-08-22 05:26:57 +02008983 int ret;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008984
William Lallemand32af2032016-10-29 18:09:35 +02008985 /* Expect two parameters: the filename and the new new TLS key in encoding */
8986 if (!*args[3] || !*args[4]) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008987 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008988 appctx->ctx.cli.msg = "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008989 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008990 return 1;
8991 }
8992
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008993 ref = tlskeys_ref_lookup_ref(args[3]);
8994 if (!ref) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008995 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008996 appctx->ctx.cli.msg = "'set ssl tls-key' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008997 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008998 return 1;
8999 }
9000
Willy Tarreau1c913e42018-08-22 05:26:57 +02009001 ret = base64dec(args[4], strlen(args[4]), trash.area, trash.size);
Emeric Brun9e754772019-01-10 17:51:55 +01009002 if (ret < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009003 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009004 appctx->ctx.cli.msg = "'set ssl tls-key' received invalid base64 encoded TLS key.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009005 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009006 return 1;
9007 }
Emeric Brun9e754772019-01-10 17:51:55 +01009008
Willy Tarreau1c913e42018-08-22 05:26:57 +02009009 trash.data = ret;
Emeric Brun9e754772019-01-10 17:51:55 +01009010 if (ssl_sock_update_tlskey_ref(ref, &trash) < 0) {
9011 appctx->ctx.cli.severity = LOG_ERR;
9012 appctx->ctx.cli.msg = "'set ssl tls-key' received a key of wrong size.\n";
9013 appctx->st0 = CLI_ST_PRINT;
9014 return 1;
9015 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009016 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01009017 appctx->ctx.cli.msg = "TLS ticket key updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009018 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009019 return 1;
9020
9021}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009022#endif
William Lallemand32af2032016-10-29 18:09:35 +02009023
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009024static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009025{
9026#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
9027 char *err = NULL;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009028 int i, j, ret;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009029
9030 if (!payload)
9031 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +02009032
9033 /* Expect one parameter: the new response in base64 encoding */
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009034 if (!*payload) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009035 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009036 appctx->ctx.cli.msg = "'set ssl ocsp-response' expects response in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009037 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009038 return 1;
9039 }
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009040
9041 /* remove \r and \n from the payload */
9042 for (i = 0, j = 0; payload[i]; i++) {
9043 if (payload[i] == '\r' || payload[i] == '\n')
9044 continue;
9045 payload[j++] = payload[i];
9046 }
9047 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009048
Willy Tarreau1c913e42018-08-22 05:26:57 +02009049 ret = base64dec(payload, j, trash.area, trash.size);
9050 if (ret < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009051 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009052 appctx->ctx.cli.msg = "'set ssl ocsp-response' received invalid base64 encoded response.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009053 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009054 return 1;
9055 }
9056
Willy Tarreau1c913e42018-08-22 05:26:57 +02009057 trash.data = ret;
William Lallemand32af2032016-10-29 18:09:35 +02009058 if (ssl_sock_update_ocsp_response(&trash, &err)) {
9059 if (err) {
9060 memprintf(&err, "%s.\n", err);
9061 appctx->ctx.cli.err = err;
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009062 appctx->st0 = CLI_ST_PRINT_FREE;
William Lallemand32af2032016-10-29 18:09:35 +02009063 }
Aurélien Nephtali9a4da682018-04-16 19:02:42 +02009064 else {
9065 appctx->ctx.cli.severity = LOG_ERR;
9066 appctx->ctx.cli.msg = "Failed to update OCSP response.\n";
9067 appctx->st0 = CLI_ST_PRINT;
9068 }
William Lallemand32af2032016-10-29 18:09:35 +02009069 return 1;
9070 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009071 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01009072 appctx->ctx.cli.msg = "OCSP Response updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009073 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009074 return 1;
9075#else
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009076 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009077 appctx->ctx.cli.msg = "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009078 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009079 return 1;
9080#endif
9081
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009082}
9083
Emmanuel Hocdet2b4edfb2019-04-01 18:24:38 +02009084#if (OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined LIBRESSL_VERSION_NUMBER)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009085static inline int sample_conv_var2smp_str(const struct arg *arg, struct sample *smp)
9086{
9087 switch (arg->type) {
9088 case ARGT_STR:
9089 smp->data.type = SMP_T_STR;
9090 smp->data.u.str = arg->data.str;
9091 return 1;
9092 case ARGT_VAR:
9093 if (!vars_get_by_desc(&arg->data.var, smp))
9094 return 0;
9095 if (!sample_casts[smp->data.type][SMP_T_STR])
9096 return 0;
9097 if (!sample_casts[smp->data.type][SMP_T_STR](smp))
9098 return 0;
9099 return 1;
9100 default:
9101 return 0;
9102 }
9103}
9104
9105static int check_aes_gcm(struct arg *args, struct sample_conv *conv,
9106 const char *file, int line, char **err)
9107{
9108 switch(args[0].data.sint) {
9109 case 128:
9110 case 192:
9111 case 256:
9112 break;
9113 default:
9114 memprintf(err, "key size must be 128, 192 or 256 (bits).");
9115 return 0;
9116 }
9117 /* Try to decode a variable. */
9118 vars_check_arg(&args[1], NULL);
9119 vars_check_arg(&args[2], NULL);
9120 vars_check_arg(&args[3], NULL);
9121 return 1;
9122}
9123
9124/* Arguements: AES size in bits, nonce, key, tag. The last three arguments are base64 encoded */
9125static int sample_conv_aes_gcm_dec(const struct arg *arg_p, struct sample *smp, void *private)
9126{
9127 struct sample nonce, key, aead_tag;
9128 struct buffer *smp_trash, *smp_trash_alloc;
9129 EVP_CIPHER_CTX *ctx;
9130 int dec_size, ret;
9131
9132 smp_set_owner(&nonce, smp->px, smp->sess, smp->strm, smp->opt);
9133 if (!sample_conv_var2smp_str(&arg_p[1], &nonce))
9134 return 0;
9135
9136 smp_set_owner(&key, smp->px, smp->sess, smp->strm, smp->opt);
9137 if (!sample_conv_var2smp_str(&arg_p[2], &key))
9138 return 0;
9139
9140 smp_set_owner(&aead_tag, smp->px, smp->sess, smp->strm, smp->opt);
9141 if (!sample_conv_var2smp_str(&arg_p[3], &aead_tag))
9142 return 0;
9143
9144 smp_trash = get_trash_chunk();
9145 smp_trash_alloc = alloc_trash_chunk();
9146 if (!smp_trash_alloc)
9147 return 0;
9148
9149 ctx = EVP_CIPHER_CTX_new();
9150
9151 if (!ctx)
9152 goto err;
9153
9154 dec_size = base64dec(nonce.data.u.str.area, nonce.data.u.str.data, smp_trash->area, smp_trash->size);
9155 if (dec_size < 0)
9156 goto err;
9157 smp_trash->data = dec_size;
9158
9159 /* Set cipher type and mode */
9160 switch(arg_p[0].data.sint) {
9161 case 128:
9162 EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
9163 break;
9164 case 192:
9165 EVP_DecryptInit_ex(ctx, EVP_aes_192_gcm(), NULL, NULL, NULL);
9166 break;
9167 case 256:
9168 EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
9169 break;
9170 }
9171
9172 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, smp_trash->data, NULL);
9173
9174 /* Initialise IV */
9175 if(!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, (unsigned char *) smp_trash->area))
9176 goto err;
9177
9178 dec_size = base64dec(key.data.u.str.area, key.data.u.str.data, smp_trash->area, smp_trash->size);
9179 if (dec_size < 0)
9180 goto err;
9181 smp_trash->data = dec_size;
9182
9183 /* Initialise key */
9184 if (!EVP_DecryptInit_ex(ctx, NULL, NULL, (unsigned char *) smp_trash->area, NULL))
9185 goto err;
9186
9187 if (!EVP_DecryptUpdate(ctx, (unsigned char *) smp_trash->area, (int *) &smp_trash->data,
9188 (unsigned char *) smp->data.u.str.area, (int) smp->data.u.str.data))
9189 goto err;
9190
9191 dec_size = base64dec(aead_tag.data.u.str.area, aead_tag.data.u.str.data, smp_trash_alloc->area, smp_trash_alloc->size);
9192 if (dec_size < 0)
9193 goto err;
9194 smp_trash_alloc->data = dec_size;
9195 dec_size = smp_trash->data;
9196
9197 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, smp_trash_alloc->data, (void *) smp_trash_alloc->area);
9198 ret = EVP_DecryptFinal_ex(ctx, (unsigned char *) smp_trash->area + smp_trash->data, (int *) &smp_trash->data);
9199
9200 if (ret <= 0)
9201 goto err;
9202
9203 smp->data.u.str.data = dec_size + smp_trash->data;
9204 smp->data.u.str.area = smp_trash->area;
9205 smp->data.type = SMP_T_BIN;
9206 smp->flags &= ~SMP_F_CONST;
9207 free_trash_chunk(smp_trash_alloc);
9208 return 1;
9209
9210err:
9211 free_trash_chunk(smp_trash_alloc);
9212 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009213}
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009214# endif
William Lallemand32af2032016-10-29 18:09:35 +02009215
9216/* register cli keywords */
9217static struct cli_kw_list cli_kws = {{ },{
9218#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9219 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +02009220 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009221#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009222 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009223 { { NULL }, NULL, NULL, NULL }
9224}};
9225
Willy Tarreau0108d902018-11-25 19:14:37 +01009226INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);
William Lallemand32af2032016-10-29 18:09:35 +02009227
Willy Tarreau7875d092012-09-10 08:20:03 +02009228/* Note: must not be declared <const> as its list will be overwritten.
9229 * Please take care of keeping this list alphabetically sorted.
9230 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009231static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +02009232 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009233 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009234#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Jérôme Magnine064a802018-12-03 22:21:04 +01009235 { "ssl_bc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009236#endif
Emeric Brun645ae792014-04-30 14:21:06 +02009237 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009238#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
9239 { "ssl_bc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
9240#endif
Emeric Brun74f7ffa2018-02-19 16:14:12 +01009241 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02009242 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +02009243 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009244 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04009245#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +02009246 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04009247#endif
Patrick Hemmere0275472018-04-28 19:15:51 -04009248#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
9249 { "ssl_bc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
9250#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009251 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9252 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009253 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009254 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009255 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9256 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9257 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9258 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9259 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9260 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9261 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9262 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009263 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009264 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9265 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009266 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009267 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9268 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9269 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9270 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9271 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9272 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9273 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +02009274 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009275 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009276 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009277 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009278 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009279 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009280 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009281 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02009282 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Bernard Spil13c53f82018-02-15 13:34:58 +01009283#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009284 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +02009285#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01009286#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009287 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +02009288#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009289 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009290#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brunb73a9b02014-04-30 18:49:19 +02009291 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009292#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009293 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009294#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009295 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009296#endif
Patrick Hemmere0275472018-04-28 19:15:51 -04009297#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
9298 { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9299#endif
Patrick Hemmer41966772018-04-28 19:15:48 -04009300#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009301 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009302#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009303 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9304 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9305 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9306 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +02009307 { NULL, NULL, 0, 0, 0 },
9308}};
9309
Willy Tarreau0108d902018-11-25 19:14:37 +01009310INITCALL1(STG_REGISTER, sample_register_fetches, &sample_fetch_keywords);
9311
Willy Tarreau7875d092012-09-10 08:20:03 +02009312/* Note: must not be declared <const> as its list will be overwritten.
9313 * Please take care of keeping this list alphabetically sorted.
9314 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009315static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +01009316 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
9317 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +01009318 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +02009319}};
9320
Willy Tarreau0108d902018-11-25 19:14:37 +01009321INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
9322
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009323/* Note: must not be declared <const> as its list will be overwritten.
9324 * Please take care of keeping this list alphabetically sorted, doing so helps
9325 * all code contributors.
9326 * Optional keywords are also declared with a NULL ->parse() function so that
9327 * the config parser can report an appropriate error when a known keyword was
9328 * not enabled.
9329 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009330static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009331 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009332 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9333 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9334 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009335#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
9336 { "ciphersuites", ssl_bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9337#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009338 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01009339 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009340 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009341 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009342 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02009343 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
9344 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009345 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
9346 { NULL, NULL, 0 },
9347};
9348
Willy Tarreau0108d902018-11-25 19:14:37 +01009349/* no initcall for ssl_bind_kws, these ones are parsed in the parser loop */
9350
Willy Tarreau51fb7652012-09-18 18:24:39 +02009351static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009352 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009353 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9354 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9355 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
9356 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
9357 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
9358 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009359#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
9360 { "ciphersuites", bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9361#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009362 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
9363 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
9364 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
9365 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
9366 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
9367 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
9368 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
9369 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
9370 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
9371 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009372 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009373 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009374 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009375 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
9376 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
9377 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
9378 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009379 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009380 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
9381 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009382 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
9383 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009384 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
9385 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
9386 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
9387 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
9388 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009389 { NULL, NULL, 0 },
9390}};
Emeric Brun46591952012-05-18 15:47:34 +02009391
Willy Tarreau0108d902018-11-25 19:14:37 +01009392INITCALL1(STG_REGISTER, bind_register_keywords, &bind_kws);
9393
Willy Tarreau92faadf2012-10-10 23:04:25 +02009394/* Note: must not be declared <const> as its list will be overwritten.
9395 * Please take care of keeping this list alphabetically sorted, doing so helps
9396 * all code contributors.
9397 * Optional keywords are also declared with a NULL ->parse() function so that
9398 * the config parser can report an appropriate error when a known keyword was
9399 * not enabled.
9400 */
9401static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +01009402 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Olivier Houchardc7566002018-11-20 23:33:50 +01009403 { "alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009404 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard92150142018-12-21 19:47:01 +01009405 { "check-alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN used for checks */
Olivier Houchard9130a962017-10-17 17:33:43 +02009406 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009407 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
9408 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009409#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
9410 { "ciphersuites", srv_parse_ciphersuites, 1, 1 }, /* select the cipher suite */
9411#endif
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009412 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
9413 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
9414 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
9415 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
9416 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
9417 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
9418 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
9419 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
9420 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
9421 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
9422 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
9423 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
9424 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
9425 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
9426 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
9427 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
9428 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
9429 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
Olivier Houchardc7566002018-11-20 23:33:50 +01009430 { "npn", srv_parse_npn, 1, 1 }, /* Set NPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009431 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
9432 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
9433 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
9434 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
9435 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
9436 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
9437 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
9438 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
9439 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
9440 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +02009441 { NULL, NULL, 0, 0 },
9442}};
9443
Willy Tarreau0108d902018-11-25 19:14:37 +01009444INITCALL1(STG_REGISTER, srv_register_keywords, &srv_kws);
9445
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009446static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009447 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
9448 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009449 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009450 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
9451 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +01009452#ifndef OPENSSL_NO_DH
9453 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
9454#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009455 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009456#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009457 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009458#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +01009459 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
9460#ifndef OPENSSL_NO_DH
9461 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
9462#endif
9463 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
9464 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
9465 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
9466 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009467 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +01009468 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
9469 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009470#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
9471 { CFG_GLOBAL, "ssl-default-bind-ciphersuites", ssl_parse_global_ciphersuites },
9472 { CFG_GLOBAL, "ssl-default-server-ciphersuites", ssl_parse_global_ciphersuites },
9473#endif
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009474 { 0, NULL, NULL },
9475}};
9476
Willy Tarreau0108d902018-11-25 19:14:37 +01009477INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws);
9478
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009479/* Note: must not be declared <const> as its list will be overwritten */
9480static struct sample_conv_kw_list conv_kws = {ILH, {
Emmanuel Hocdet2b4edfb2019-04-01 18:24:38 +02009481#if (OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined LIBRESSL_VERSION_NUMBER)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009482 { "aes_gcm_dec", sample_conv_aes_gcm_dec, ARG4(4,SINT,STR,STR,STR), check_aes_gcm, SMP_T_BIN, SMP_T_BIN },
9483#endif
9484 { NULL, NULL, 0, 0, 0 },
9485}};
9486
9487INITCALL1(STG_REGISTER, sample_register_convs, &conv_kws);
9488
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02009489/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +01009490static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +02009491 .snd_buf = ssl_sock_from_buf,
9492 .rcv_buf = ssl_sock_to_buf,
Olivier Houchard6ff20392018-07-17 18:46:31 +02009493 .subscribe = conn_subscribe,
Olivier Houchard83a0cd82018-09-28 17:57:58 +02009494 .unsubscribe = conn_unsubscribe,
Emeric Brun46591952012-05-18 15:47:34 +02009495 .rcv_pipe = NULL,
9496 .snd_pipe = NULL,
9497 .shutr = NULL,
9498 .shutw = ssl_sock_shutw,
9499 .close = ssl_sock_close,
9500 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +01009501 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +01009502 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +01009503 .prepare_srv = ssl_sock_prepare_srv_ctx,
9504 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +01009505 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +01009506 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +02009507};
9508
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009509enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
9510 struct session *sess, struct stream *s, int flags)
9511{
9512 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009513 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009514
9515 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009516 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009517
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009518 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009519 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009520 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009521 s->req.flags |= CF_READ_NULL;
9522 return ACT_RET_YIELD;
9523 }
9524 }
9525 return (ACT_RET_CONT);
9526}
9527
9528static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
9529{
9530 rule->action_ptr = ssl_action_wait_for_hs;
9531
9532 return ACT_RET_PRS_OK;
9533}
9534
9535static struct action_kw_list http_req_actions = {ILH, {
9536 { "wait-for-handshake", ssl_parse_wait_for_hs },
9537 { /* END */ }
9538}};
9539
Willy Tarreau0108d902018-11-25 19:14:37 +01009540INITCALL1(STG_REGISTER, http_req_keywords_register, &http_req_actions);
9541
Daniel Jakots54ffb912015-11-06 20:02:41 +01009542#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009543
9544static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
9545{
9546 if (ptr) {
9547 chunk_destroy(ptr);
9548 free(ptr);
9549 }
9550}
9551
9552#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01009553static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
9554{
Willy Tarreaubafbe012017-11-24 17:34:44 +01009555 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01009556}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009557
Emeric Brun46591952012-05-18 15:47:34 +02009558__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +02009559static void __ssl_sock_init(void)
9560{
Emeric Brun46591952012-05-18 15:47:34 +02009561 STACK_OF(SSL_COMP)* cm;
9562
Willy Tarreauef934602016-12-22 23:12:01 +01009563 if (global_ssl.listen_default_ciphers)
9564 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
9565 if (global_ssl.connect_default_ciphers)
9566 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009567#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
9568 if (global_ssl.listen_default_ciphersuites)
9569 global_ssl.listen_default_ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
9570 if (global_ssl.connect_default_ciphersuites)
9571 global_ssl.connect_default_ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
9572#endif
Willy Tarreau610f04b2014-02-13 11:36:41 +01009573
Willy Tarreau13e14102016-12-22 20:25:26 +01009574 xprt_register(XPRT_SSL, &ssl_sock);
Rosen Penev68185952018-12-14 08:47:02 -08009575#if OPENSSL_VERSION_NUMBER < 0x10100000L
Emeric Brun46591952012-05-18 15:47:34 +02009576 SSL_library_init();
Rosen Penev68185952018-12-14 08:47:02 -08009577#endif
Emeric Brun46591952012-05-18 15:47:34 +02009578 cm = SSL_COMP_get_compression_methods();
9579 sk_SSL_COMP_zero(cm);
Rosen Penev68185952018-12-14 08:47:02 -08009580#if defined(USE_THREAD) && ((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER))
Emeric Brun821bb9b2017-06-15 16:37:39 +02009581 ssl_locking_init();
9582#endif
Daniel Jakots54ffb912015-11-06 20:02:41 +01009583#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009584 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
9585#endif
Thierry FOURNIER28962c92018-06-17 21:37:05 +02009586 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +02009587 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01009588 ssl_pkey_info_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009589#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009590 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009591 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009592#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +01009593#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9594 hap_register_post_check(tlskeys_finalize_config);
9595#endif
Willy Tarreau80713382018-11-26 10:19:54 +01009596
9597 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
9598 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
9599
9600#ifndef OPENSSL_NO_DH
9601 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
9602 hap_register_post_deinit(ssl_free_dh);
9603#endif
9604#ifndef OPENSSL_NO_ENGINE
9605 hap_register_post_deinit(ssl_free_engines);
9606#endif
9607 /* Load SSL string for the verbose & debug mode. */
9608 ERR_load_SSL_strings();
9609}
Willy Tarreaud92aa5c2015-01-15 21:34:39 +01009610
Willy Tarreau80713382018-11-26 10:19:54 +01009611/* Compute and register the version string */
9612static void ssl_register_build_options()
9613{
9614 char *ptr = NULL;
9615 int i;
9616
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009617 memprintf(&ptr, "Built with OpenSSL version : "
9618#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01009619 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009620#else /* OPENSSL_IS_BORINGSSL */
9621 OPENSSL_VERSION_TEXT
9622 "\nRunning on OpenSSL version : %s%s",
Rosen Penev68185952018-12-14 08:47:02 -08009623 OpenSSL_version(OPENSSL_VERSION),
9624 ((OPENSSL_VERSION_NUMBER ^ OpenSSL_version_num()) >> 8) ? " (VERSIONS DIFFER!)" : "");
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009625#endif
9626 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
9627#if OPENSSL_VERSION_NUMBER < 0x00907000L
9628 "no (library version too old)"
9629#elif defined(OPENSSL_NO_TLSEXT)
9630 "no (disabled via OPENSSL_NO_TLSEXT)"
9631#else
9632 "yes"
9633#endif
9634 "", ptr);
9635
9636 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
9637#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
9638 "yes"
9639#else
9640#ifdef OPENSSL_NO_TLSEXT
9641 "no (because of OPENSSL_NO_TLSEXT)"
9642#else
9643 "no (version might be too old, 0.9.8f min needed)"
9644#endif
9645#endif
9646 "", ptr);
9647
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +02009648 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
9649 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
9650 if (methodVersions[i].option)
9651 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01009652
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009653 hap_register_build_opts(ptr, 1);
Willy Tarreau80713382018-11-26 10:19:54 +01009654}
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009655
Willy Tarreau80713382018-11-26 10:19:54 +01009656INITCALL0(STG_REGISTER, ssl_register_build_options);
Remi Gacogne4f902b82015-05-28 16:23:00 +02009657
Emeric Brun46591952012-05-18 15:47:34 +02009658
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009659#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009660void ssl_free_engines(void) {
9661 struct ssl_engine_list *wl, *wlb;
9662 /* free up engine list */
9663 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
9664 ENGINE_finish(wl->e);
9665 ENGINE_free(wl->e);
9666 LIST_DEL(&wl->list);
9667 free(wl);
9668 }
9669}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009670#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +02009671
Remi Gacogned3a23c32015-05-28 16:39:47 +02009672#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +00009673void ssl_free_dh(void) {
9674 if (local_dh_1024) {
9675 DH_free(local_dh_1024);
9676 local_dh_1024 = NULL;
9677 }
9678 if (local_dh_2048) {
9679 DH_free(local_dh_2048);
9680 local_dh_2048 = NULL;
9681 }
9682 if (local_dh_4096) {
9683 DH_free(local_dh_4096);
9684 local_dh_4096 = NULL;
9685 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02009686 if (global_dh) {
9687 DH_free(global_dh);
9688 global_dh = NULL;
9689 }
Grant Zhang872f9c22017-01-21 01:10:18 +00009690}
9691#endif
9692
9693__attribute__((destructor))
9694static void __ssl_sock_deinit(void)
9695{
9696#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02009697 if (ssl_ctx_lru_tree) {
9698 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01009699 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +02009700 }
Remi Gacogned3a23c32015-05-28 16:39:47 +02009701#endif
9702
Rosen Penev68185952018-12-14 08:47:02 -08009703#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
Remi Gacogned3a23c32015-05-28 16:39:47 +02009704 ERR_remove_state(0);
9705 ERR_free_strings();
9706
9707 EVP_cleanup();
Rosen Penev68185952018-12-14 08:47:02 -08009708#endif
Remi Gacogned3a23c32015-05-28 16:39:47 +02009709
Rosen Penev68185952018-12-14 08:47:02 -08009710#if ((OPENSSL_VERSION_NUMBER >= 0x00907000L) && (OPENSSL_VERSION_NUMBER < 0x10100000L)) || defined(LIBRESSL_VERSION_NUMBER)
Remi Gacogned3a23c32015-05-28 16:39:47 +02009711 CRYPTO_cleanup_all_ex_data();
9712#endif
9713}
9714
9715
Emeric Brun46591952012-05-18 15:47:34 +02009716/*
9717 * Local variables:
9718 * c-indent-level: 8
9719 * c-basic-offset: 8
9720 * End:
9721 */