blob: 2d6b003082844117325eea8a9f2ecfdfd6b351c9 [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
Willy Tarreau8d164dc2019-05-10 09:35:00 +020026/* Note: do NOT include openssl/xxx.h here, do it in openssl-compat.h */
Emeric Brun46591952012-05-18 15:47:34 +020027#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020028#include <ctype.h>
29#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020030#include <errno.h>
31#include <fcntl.h>
32#include <stdio.h>
33#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020034#include <string.h>
35#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020036
37#include <sys/socket.h>
38#include <sys/stat.h>
39#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020040#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020041#include <netinet/tcp.h>
42
Christopher Faulet31af49d2015-06-09 17:29:50 +020043#include <import/lru.h>
44#include <import/xxhash.h>
45
Emeric Brun46591952012-05-18 15:47:34 +020046#include <common/buffer.h>
Willy Tarreau843b7cb2018-07-13 10:54:26 +020047#include <common/chunk.h>
Emeric Brun46591952012-05-18 15:47:34 +020048#include <common/compat.h>
49#include <common/config.h>
50#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020051#include <common/errors.h>
Willy Tarreau0108d902018-11-25 19:14:37 +010052#include <common/initcall.h>
Willy Tarreau55994562019-05-09 14:52:44 +020053#include <common/openssl-compat.h>
Emeric Brun46591952012-05-18 15:47:34 +020054#include <common/standard.h>
55#include <common/ticks.h>
56#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010057#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010058#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020059
Emeric Brunfc0421f2012-09-07 17:30:07 +020060#include <ebsttree.h>
61
William Lallemand32af2032016-10-29 18:09:35 +020062#include <types/applet.h>
63#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020064#include <types/global.h>
65#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +020066#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020067
Willy Tarreau7875d092012-09-10 08:20:03 +020068#include <proto/acl.h>
69#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +020070#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +020071#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +020072#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +020073#include <proto/fd.h>
74#include <proto/freq_ctr.h>
75#include <proto/frontend.h>
Willy Tarreau61c112a2018-10-02 16:43:32 +020076#include <proto/http_rules.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020077#include <proto/listener.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010078#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020079#include <proto/proto_tcp.h>
Christopher Fauletfc9cfe42019-07-16 14:54:53 +020080#include <proto/http_ana.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +020081#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +020082#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +020083#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +020084#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020085#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +020086#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +020087#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +020088#include <proto/task.h>
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010089#include <proto/vars.h>
Emeric Brun46591952012-05-18 15:47:34 +020090
Willy Tarreau9356dac2019-05-10 09:22:53 +020091/* ***** READ THIS before adding code here! *****
92 *
93 * Due to API incompatibilities between multiple OpenSSL versions and their
94 * derivatives, it's often tempting to add macros to (re-)define certain
95 * symbols. Please do not do this here, and do it in common/openssl-compat.h
96 * exclusively so that the whole code consistently uses the same macros.
97 *
98 * Whenever possible if a macro is missing in certain versions, it's better
99 * to conditionally define it in openssl-compat.h than using lots of ifdefs.
100 */
101
Willy Tarreau518cedd2014-02-17 15:43:01 +0100102/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200103#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100104#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100105#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200106#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
107
Emeric Brunf282a812012-09-21 15:27:54 +0200108/* bits 0xFFFF0000 are reserved to store verify errors */
109
110/* Verify errors macros */
111#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
112#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
113#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
114
115#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
116#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
117#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200118
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200119/* ssl_methods flags for ssl options */
120#define MC_SSL_O_ALL 0x0000
121#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
122#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
123#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
124#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200125#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200126
127/* ssl_methods versions */
128enum {
129 CONF_TLSV_NONE = 0,
130 CONF_TLSV_MIN = 1,
131 CONF_SSLV3 = 1,
132 CONF_TLSV10 = 2,
133 CONF_TLSV11 = 3,
134 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200135 CONF_TLSV13 = 5,
136 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200137};
138
Emeric Brun850efd52014-01-29 12:24:34 +0100139/* server and bind verify method, it uses a global value as default */
140enum {
141 SSL_SOCK_VERIFY_DEFAULT = 0,
142 SSL_SOCK_VERIFY_REQUIRED = 1,
143 SSL_SOCK_VERIFY_OPTIONAL = 2,
144 SSL_SOCK_VERIFY_NONE = 3,
145};
146
William Lallemand3f85c9a2017-10-09 16:30:50 +0200147
Willy Tarreau71b734c2014-01-28 15:19:44 +0100148int sslconns = 0;
149int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100150static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100151int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200152
Willy Tarreauef934602016-12-22 23:12:01 +0100153static struct {
154 char *crt_base; /* base directory path for certificates */
155 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000156 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100157
158 char *listen_default_ciphers;
159 char *connect_default_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200160#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200161 char *listen_default_ciphersuites;
162 char *connect_default_ciphersuites;
163#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100164 int listen_default_ssloptions;
165 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200166 struct tls_version_filter listen_default_sslmethods;
167 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100168
169 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
170 unsigned int life_time; /* SSL session lifetime in seconds */
171 unsigned int max_record; /* SSL max record size */
172 unsigned int default_dh_param; /* SSL maximum DH parameter size */
173 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100174 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100175} global_ssl = {
176#ifdef LISTEN_DEFAULT_CIPHERS
177 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
178#endif
179#ifdef CONNECT_DEFAULT_CIPHERS
180 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
181#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200182#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200183#ifdef LISTEN_DEFAULT_CIPHERSUITES
184 .listen_default_ciphersuites = LISTEN_DEFAULT_CIPHERSUITES,
185#endif
186#ifdef CONNECT_DEFAULT_CIPHERSUITES
187 .connect_default_ciphersuites = CONNECT_DEFAULT_CIPHERSUITES,
188#endif
189#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100190 .listen_default_ssloptions = BC_SSL_O_NONE,
191 .connect_default_ssloptions = SRV_SSL_O_NONE,
192
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200193 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
194 .listen_default_sslmethods.min = CONF_TLSV_NONE,
195 .listen_default_sslmethods.max = CONF_TLSV_NONE,
196 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
197 .connect_default_sslmethods.min = CONF_TLSV_NONE,
198 .connect_default_sslmethods.max = CONF_TLSV_NONE,
199
Willy Tarreauef934602016-12-22 23:12:01 +0100200#ifdef DEFAULT_SSL_MAX_RECORD
201 .max_record = DEFAULT_SSL_MAX_RECORD,
202#endif
203 .default_dh_param = SSL_DEFAULT_DH_PARAM,
204 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100205 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100206};
207
Olivier Houcharda8955d52019-04-07 22:00:38 +0200208static BIO_METHOD *ha_meth;
209
Olivier Houchard66ab4982019-02-26 18:37:15 +0100210struct ssl_sock_ctx {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200211 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100212 SSL *ssl;
Olivier Houcharda8955d52019-04-07 22:00:38 +0200213 BIO *bio;
Olivier Houchard5149b592019-05-23 17:47:36 +0200214 const struct xprt_ops *xprt;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100215 void *xprt_ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +0200216 struct wait_event wait_event;
217 struct wait_event *recv_wait;
218 struct wait_event *send_wait;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +0100219 int xprt_st; /* transport layer state, initialized to zero */
220 int tmp_early_data; /* 1st byte of early data, if any */
221 int sent_early_data; /* Amount of early data we sent so far */
222
Olivier Houchard66ab4982019-02-26 18:37:15 +0100223};
224
225DECLARE_STATIC_POOL(ssl_sock_ctx_pool, "ssl_sock_ctx_pool", sizeof(struct ssl_sock_ctx));
226
Olivier Houchardea8dd942019-05-20 14:02:16 +0200227static struct task *ssl_sock_io_cb(struct task *, void *, unsigned short);
Olivier Houchard000694c2019-05-23 14:45:12 +0200228static int ssl_sock_handshake(struct connection *conn, unsigned int flag);
Olivier Houchardea8dd942019-05-20 14:02:16 +0200229
Olivier Houcharda8955d52019-04-07 22:00:38 +0200230/* Methods to implement OpenSSL BIO */
231static int ha_ssl_write(BIO *h, const char *buf, int num)
232{
233 struct buffer tmpbuf;
234 struct ssl_sock_ctx *ctx;
235 int ret;
236
237 ctx = BIO_get_data(h);
238 tmpbuf.size = num;
239 tmpbuf.area = (void *)(uintptr_t)buf;
240 tmpbuf.data = num;
241 tmpbuf.head = 0;
242 ret = ctx->xprt->snd_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, num, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200243 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_WR_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200244 BIO_set_retry_write(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200245 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200246 } else if (ret == 0)
247 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200248 return ret;
249}
250
251static int ha_ssl_gets(BIO *h, char *buf, int size)
252{
253
254 return 0;
255}
256
257static int ha_ssl_puts(BIO *h, const char *str)
258{
259
260 return ha_ssl_write(h, str, strlen(str));
261}
262
263static int ha_ssl_read(BIO *h, char *buf, int size)
264{
265 struct buffer tmpbuf;
266 struct ssl_sock_ctx *ctx;
267 int ret;
268
269 ctx = BIO_get_data(h);
270 tmpbuf.size = size;
271 tmpbuf.area = buf;
272 tmpbuf.data = 0;
273 tmpbuf.head = 0;
274 ret = ctx->xprt->rcv_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, size, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200275 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_RD_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200276 BIO_set_retry_read(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200277 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200278 } else if (ret == 0)
279 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200280
281 return ret;
282}
283
284static long ha_ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2)
285{
286 int ret = 0;
287 switch (cmd) {
288 case BIO_CTRL_DUP:
289 case BIO_CTRL_FLUSH:
290 ret = 1;
291 break;
292 }
293 return ret;
294}
295
296static int ha_ssl_new(BIO *h)
297{
298 BIO_set_init(h, 1);
299 BIO_set_data(h, NULL);
300 BIO_clear_flags(h, ~0);
301 return 1;
302}
303
304static int ha_ssl_free(BIO *data)
305{
306
307 return 1;
308}
309
310
Willy Tarreau5db847a2019-05-09 14:13:35 +0200311#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100312
Emeric Brun821bb9b2017-06-15 16:37:39 +0200313static HA_RWLOCK_T *ssl_rwlocks;
314
315
316unsigned long ssl_id_function(void)
317{
318 return (unsigned long)tid;
319}
320
321void ssl_locking_function(int mode, int n, const char * file, int line)
322{
323 if (mode & CRYPTO_LOCK) {
324 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100325 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200326 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100327 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200328 }
329 else {
330 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100331 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200332 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100333 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200334 }
335}
336
337static int ssl_locking_init(void)
338{
339 int i;
340
341 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
342 if (!ssl_rwlocks)
343 return -1;
344
345 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100346 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200347
348 CRYPTO_set_id_callback(ssl_id_function);
349 CRYPTO_set_locking_callback(ssl_locking_function);
350
351 return 0;
352}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100353
Emeric Brun821bb9b2017-06-15 16:37:39 +0200354#endif
355
William Lallemand150bfa82019-09-19 17:12:49 +0200356__decl_hathreads(HA_SPINLOCK_T ckch_lock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200357
William Lallemandbc6ca7c2019-10-29 23:48:19 +0100358/* Uncommitted CKCH transaction */
359
360static struct {
361 struct ckch_store *new_ckchs;
362 struct ckch_store *old_ckchs;
363 char *path;
364} ckchs_transaction;
365
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +0200366/*
Emmanuel Hocdetb270e812019-11-21 19:09:31 +0100367 * deduplicate cafile (and crlfile)
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +0200368 */
369struct cafile_entry {
370 X509_STORE *ca_store;
Emmanuel Hocdet129d3282019-10-24 18:08:51 +0200371 STACK_OF(X509_NAME) *ca_list;
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +0200372 struct ebmb_node node;
373 char path[0];
374};
375
376static struct eb_root cafile_tree = EB_ROOT_UNIQUE;
377
378static X509_STORE* ssl_store_get0_locations_file(char *path)
379{
380 struct ebmb_node *eb;
381
382 eb = ebst_lookup(&cafile_tree, path);
383 if (eb) {
384 struct cafile_entry *ca_e;
385 ca_e = ebmb_entry(eb, struct cafile_entry, node);
386 return ca_e->ca_store;
387 }
388 return NULL;
389}
390
391static int ssl_store_load_locations_file(char *path)
392{
393 if (ssl_store_get0_locations_file(path) == NULL) {
394 struct cafile_entry *ca_e;
395 X509_STORE *store = X509_STORE_new();
396 if (X509_STORE_load_locations(store, path, NULL)) {
397 int pathlen;
398 pathlen = strlen(path);
399 ca_e = calloc(1, sizeof(*ca_e) + pathlen + 1);
400 if (ca_e) {
401 memcpy(ca_e->path, path, pathlen + 1);
402 ca_e->ca_store = store;
403 ebst_insert(&cafile_tree, &ca_e->node);
404 return 1;
405 }
406 }
407 X509_STORE_free(store);
408 return 0;
409 }
410 return 1;
411}
412
413/* mimic what X509_STORE_load_locations do with store_ctx */
414static int ssl_set_cert_crl_file(X509_STORE *store_ctx, char *path)
415{
416 X509_STORE *store;
417 store = ssl_store_get0_locations_file(path);
418 if (store_ctx && store) {
419 int i;
420 X509_OBJECT *obj;
421 STACK_OF(X509_OBJECT) *objs = X509_STORE_get0_objects(store);
422 for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
423 obj = sk_X509_OBJECT_value(objs, i);
424 switch (X509_OBJECT_get_type(obj)) {
425 case X509_LU_X509:
426 X509_STORE_add_cert(store_ctx, X509_OBJECT_get0_X509(obj));
427 break;
428 case X509_LU_CRL:
429 X509_STORE_add_crl(store_ctx, X509_OBJECT_get0_X509_CRL(obj));
430 break;
431 default:
432 break;
433 }
434 }
435 return 1;
436 }
437 return 0;
438}
439
440/* SSL_CTX_load_verify_locations substitute, internaly call X509_STORE_load_locations */
441static int ssl_set_verify_locations_file(SSL_CTX *ctx, char *path)
442{
443 X509_STORE *store_ctx = SSL_CTX_get_cert_store(ctx);
444 return ssl_set_cert_crl_file(store_ctx, path);
445}
446
Emmanuel Hocdet129d3282019-10-24 18:08:51 +0200447/*
448 Extract CA_list from CA_file already in tree.
449 Duplicate ca_name is tracking with ebtree. It's simplify openssl compatibility.
450 Return a shared ca_list: SSL_dup_CA_list must be used before set it on SSL_CTX.
451*/
452static STACK_OF(X509_NAME)* ssl_get_client_ca_file(char *path)
453{
454 struct ebmb_node *eb;
455 struct cafile_entry *ca_e;
456
457 eb = ebst_lookup(&cafile_tree, path);
458 if (!eb)
459 return NULL;
460 ca_e = ebmb_entry(eb, struct cafile_entry, node);
461
462 if (ca_e->ca_list == NULL) {
463 int i;
464 unsigned long key;
465 struct eb_root ca_name_tree = EB_ROOT;
466 struct eb64_node *node, *back;
467 struct {
468 struct eb64_node node;
469 X509_NAME *xname;
470 } *ca_name;
471 STACK_OF(X509_OBJECT) *objs;
472 STACK_OF(X509_NAME) *skn;
473 X509 *x;
474 X509_NAME *xn;
475
476 skn = sk_X509_NAME_new_null();
477 /* take x509 from cafile_tree */
478 objs = X509_STORE_get0_objects(ca_e->ca_store);
479 for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
480 x = X509_OBJECT_get0_X509(sk_X509_OBJECT_value(objs, i));
481 if (!x)
482 continue;
483 xn = X509_get_subject_name(x);
484 if (!xn)
485 continue;
486 /* Check for duplicates. */
487 key = X509_NAME_hash(xn);
488 for (node = eb64_lookup(&ca_name_tree, key), ca_name = NULL;
489 node && ca_name == NULL;
490 node = eb64_next(node)) {
491 ca_name = container_of(node, typeof(*ca_name), node);
492 if (X509_NAME_cmp(xn, ca_name->xname) != 0)
493 ca_name = NULL;
494 }
495 /* find a duplicate */
496 if (ca_name)
497 continue;
498 ca_name = calloc(1, sizeof *ca_name);
499 xn = X509_NAME_dup(xn);
500 if (!ca_name ||
501 !xn ||
502 !sk_X509_NAME_push(skn, xn)) {
503 free(ca_name);
504 X509_NAME_free(xn);
505 sk_X509_NAME_pop_free(skn, X509_NAME_free);
506 sk_X509_NAME_free(skn);
507 skn = NULL;
508 break;
509 }
510 ca_name->node.key = key;
511 ca_name->xname = xn;
512 eb64_insert(&ca_name_tree, &ca_name->node);
513 }
514 ca_e->ca_list = skn;
515 /* remove temporary ca_name tree */
516 node = eb64_first(&ca_name_tree);
517 while (node) {
518 ca_name = container_of(node, typeof(*ca_name), node);
519 back = eb64_next(node);
520 eb64_delete(node);
521 free(ca_name);
522 node = back;
523 }
524 }
525 return ca_e->ca_list;
526}
527
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100528/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100529struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100530 unsigned long long int xxh64;
531 unsigned char ciphersuite_len;
532 char ciphersuite[0];
533};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100534struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100535static int ssl_capture_ptr_index = -1;
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200536static int ssl_app_data_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100537
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200538#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
539struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
540#endif
541
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200542#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000543static unsigned int openssl_engines_initialized;
544struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
545struct ssl_engine_list {
546 struct list list;
547 ENGINE *e;
548};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200549#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000550
Remi Gacogne8de54152014-07-15 11:36:40 +0200551#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200552static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200553static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200554static DH *local_dh_1024 = NULL;
555static DH *local_dh_2048 = NULL;
556static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100557static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200558#endif /* OPENSSL_NO_DH */
559
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100560#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200561/* X509V3 Extensions that will be added on generated certificates */
562#define X509V3_EXT_SIZE 5
563static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
564 "basicConstraints",
565 "nsComment",
566 "subjectKeyIdentifier",
567 "authorityKeyIdentifier",
568 "keyUsage",
569};
570static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
571 "CA:FALSE",
572 "\"OpenSSL Generated Certificate\"",
573 "hash",
574 "keyid,issuer:always",
575 "nonRepudiation,digitalSignature,keyEncipherment"
576};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200577/* LRU cache to store generated certificate */
578static struct lru64_head *ssl_ctx_lru_tree = NULL;
579static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200580static unsigned int ssl_ctx_serial;
Willy Tarreau86abe442018-11-25 20:12:18 +0100581__decl_rwlock(ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200582
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200583#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
584
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100585static struct ssl_bind_kw ssl_bind_kws[];
586
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200587#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhube2774d2015-12-10 15:07:30 -0500588/* The order here matters for picking a default context,
589 * keep the most common keytype at the bottom of the list
590 */
591const char *SSL_SOCK_KEYTYPE_NAMES[] = {
592 "dsa",
593 "ecdsa",
594 "rsa"
595};
596#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100597#else
598#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500599#endif
600
William Lallemandc3cd35f2017-11-28 11:04:43 +0100601static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100602static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
603
604#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
605
606#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
607 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
608
609#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
610 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200611
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100612/*
613 * This function gives the detail of the SSL error. It is used only
614 * if the debug mode and the verbose mode are activated. It dump all
615 * the SSL error until the stack was empty.
616 */
617static forceinline void ssl_sock_dump_errors(struct connection *conn)
618{
619 unsigned long ret;
620
621 if (unlikely(global.mode & MODE_DEBUG)) {
622 while(1) {
623 ret = ERR_get_error();
624 if (ret == 0)
625 return;
626 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200627 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100628 ERR_func_error_string(ret), ERR_reason_error_string(ret));
629 }
630 }
631}
632
yanbzhube2774d2015-12-10 15:07:30 -0500633
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200634#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000635static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
636{
637 int err_code = ERR_ABORT;
638 ENGINE *engine;
639 struct ssl_engine_list *el;
640
641 /* grab the structural reference to the engine */
642 engine = ENGINE_by_id(engine_id);
643 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100644 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000645 goto fail_get;
646 }
647
648 if (!ENGINE_init(engine)) {
649 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100650 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000651 goto fail_init;
652 }
653
654 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100655 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000656 goto fail_set_method;
657 }
658
659 el = calloc(1, sizeof(*el));
660 el->e = engine;
661 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100662 nb_engines++;
663 if (global_ssl.async)
664 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000665 return 0;
666
667fail_set_method:
668 /* release the functional reference from ENGINE_init() */
669 ENGINE_finish(engine);
670
671fail_init:
672 /* release the structural reference from ENGINE_by_id() */
673 ENGINE_free(engine);
674
675fail_get:
676 return err_code;
677}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200678#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000679
Willy Tarreau5db847a2019-05-09 14:13:35 +0200680#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200681/*
682 * openssl async fd handler
683 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200684void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000685{
Olivier Houchardea8dd942019-05-20 14:02:16 +0200686 struct ssl_sock_ctx *ctx = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000687
Emeric Brun3854e012017-05-17 20:42:48 +0200688 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000689 * to poll this fd until it is requested
690 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000691 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000692 fd_cant_recv(fd);
693
694 /* crypto engine is available, let's notify the associated
695 * connection that it can pursue its processing.
696 */
Olivier Houchard03abf2d2019-05-28 10:12:02 +0200697 ssl_sock_io_cb(NULL, ctx, 0);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000698}
699
Emeric Brun3854e012017-05-17 20:42:48 +0200700/*
701 * openssl async delayed SSL_free handler
702 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200703void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000704{
705 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200706 OSSL_ASYNC_FD all_fd[32];
707 size_t num_all_fds = 0;
708 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000709
Emeric Brun3854e012017-05-17 20:42:48 +0200710 /* We suppose that the async job for a same SSL *
711 * are serialized. So if we are awake it is
712 * because the running job has just finished
713 * and we can remove all async fds safely
714 */
715 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
716 if (num_all_fds > 32) {
717 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
718 return;
719 }
720
721 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
722 for (i=0 ; i < num_all_fds ; i++)
723 fd_remove(all_fd[i]);
724
725 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000726 SSL_free(ssl);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +0100727 _HA_ATOMIC_SUB(&sslconns, 1);
728 _HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000729}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000730/*
Emeric Brun3854e012017-05-17 20:42:48 +0200731 * function used to manage a returned SSL_ERROR_WANT_ASYNC
732 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000733 */
Olivier Houchardea8dd942019-05-20 14:02:16 +0200734static inline void ssl_async_process_fds(struct ssl_sock_ctx *ctx)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000735{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100736 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200737 OSSL_ASYNC_FD del_fd[32];
Olivier Houchardea8dd942019-05-20 14:02:16 +0200738 SSL *ssl = ctx->ssl;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000739 size_t num_add_fds = 0;
740 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200741 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000742
743 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
744 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200745 if (num_add_fds > 32 || num_del_fds > 32) {
746 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000747 return;
748 }
749
Emeric Brun3854e012017-05-17 20:42:48 +0200750 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000751
Emeric Brun3854e012017-05-17 20:42:48 +0200752 /* We remove unused fds from the fdtab */
753 for (i=0 ; i < num_del_fds ; i++)
754 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000755
Emeric Brun3854e012017-05-17 20:42:48 +0200756 /* We add new fds to the fdtab */
757 for (i=0 ; i < num_add_fds ; i++) {
Olivier Houchardea8dd942019-05-20 14:02:16 +0200758 fd_insert(add_fd[i], ctx, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000759 }
760
Emeric Brun3854e012017-05-17 20:42:48 +0200761 num_add_fds = 0;
762 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
763 if (num_add_fds > 32) {
764 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
765 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000766 }
Emeric Brun3854e012017-05-17 20:42:48 +0200767
768 /* We activate the polling for all known async fds */
769 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000770 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200771 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000772 /* To ensure that the fd cache won't be used
773 * We'll prefer to catch a real RD event
774 * because handling an EAGAIN on this fd will
775 * result in a context switch and also
776 * some engines uses a fd in blocking mode.
777 */
778 fd_cant_recv(add_fd[i]);
779 }
Emeric Brun3854e012017-05-17 20:42:48 +0200780
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000781}
782#endif
783
William Lallemand104a7a62019-10-14 14:14:59 +0200784#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200785/*
786 * This function returns the number of seconds elapsed
787 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
788 * date presented un ASN1_GENERALIZEDTIME.
789 *
790 * In parsing error case, it returns -1.
791 */
792static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
793{
794 long epoch;
795 char *p, *end;
796 const unsigned short month_offset[12] = {
797 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
798 };
799 int year, month;
800
801 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
802
803 p = (char *)d->data;
804 end = p + d->length;
805
806 if (end - p < 4) return -1;
807 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
808 p += 4;
809 if (end - p < 2) return -1;
810 month = 10 * (p[0] - '0') + p[1] - '0';
811 if (month < 1 || month > 12) return -1;
812 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
813 We consider leap years and the current month (<marsh or not) */
814 epoch = ( ((year - 1970) * 365)
815 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
816 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
817 + month_offset[month-1]
818 ) * 24 * 60 * 60;
819 p += 2;
820 if (end - p < 2) return -1;
821 /* Add the number of seconds of completed days of current month */
822 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
823 p += 2;
824 if (end - p < 2) return -1;
825 /* Add the completed hours of the current day */
826 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
827 p += 2;
828 if (end - p < 2) return -1;
829 /* Add the completed minutes of the current hour */
830 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
831 p += 2;
832 if (p == end) return -1;
833 /* Test if there is available seconds */
834 if (p[0] < '0' || p[0] > '9')
835 goto nosec;
836 if (end - p < 2) return -1;
837 /* Add the seconds of the current minute */
838 epoch += 10 * (p[0] - '0') + p[1] - '0';
839 p += 2;
840 if (p == end) return -1;
841 /* Ignore seconds float part if present */
842 if (p[0] == '.') {
843 do {
844 if (++p == end) return -1;
845 } while (p[0] >= '0' && p[0] <= '9');
846 }
847
848nosec:
849 if (p[0] == 'Z') {
850 if (end - p != 1) return -1;
851 return epoch;
852 }
853 else if (p[0] == '+') {
854 if (end - p != 5) return -1;
855 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700856 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200857 }
858 else if (p[0] == '-') {
859 if (end - p != 5) return -1;
860 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700861 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200862 }
863
864 return -1;
865}
866
William Lallemand104a7a62019-10-14 14:14:59 +0200867/*
868 * struct alignment works here such that the key.key is the same as key_data
869 * Do not change the placement of key_data
870 */
871struct certificate_ocsp {
872 struct ebmb_node key;
873 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
874 struct buffer response;
875 long expire;
876};
877
878struct ocsp_cbk_arg {
879 int is_single;
880 int single_kt;
881 union {
882 struct certificate_ocsp *s_ocsp;
883 /*
884 * m_ocsp will have multiple entries dependent on key type
885 * Entry 0 - DSA
886 * Entry 1 - ECDSA
887 * Entry 2 - RSA
888 */
889 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
890 };
891};
892
Emeric Brun1d3865b2014-06-20 15:37:32 +0200893static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200894
895/* This function starts to check if the OCSP response (in DER format) contained
896 * in chunk 'ocsp_response' is valid (else exits on error).
897 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
898 * contained in the OCSP Response and exits on error if no match.
899 * If it's a valid OCSP Response:
900 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
901 * pointed by 'ocsp'.
902 * If 'ocsp' is NULL, the function looks up into the OCSP response's
903 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
904 * from the response) and exits on error if not found. Finally, If an OCSP response is
905 * already present in the container, it will be overwritten.
906 *
907 * Note: OCSP response containing more than one OCSP Single response is not
908 * considered valid.
909 *
910 * Returns 0 on success, 1 in error case.
911 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200912static int ssl_sock_load_ocsp_response(struct buffer *ocsp_response,
913 struct certificate_ocsp *ocsp,
914 OCSP_CERTID *cid, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200915{
916 OCSP_RESPONSE *resp;
917 OCSP_BASICRESP *bs = NULL;
918 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200919 OCSP_CERTID *id;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200920 unsigned char *p = (unsigned char *) ocsp_response->area;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200921 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200922 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200923 int reason;
924 int ret = 1;
925
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200926 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p,
927 ocsp_response->data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200928 if (!resp) {
929 memprintf(err, "Unable to parse OCSP response");
930 goto out;
931 }
932
933 rc = OCSP_response_status(resp);
934 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
935 memprintf(err, "OCSP response status not successful");
936 goto out;
937 }
938
939 bs = OCSP_response_get1_basic(resp);
940 if (!bs) {
941 memprintf(err, "Failed to get basic response from OCSP Response");
942 goto out;
943 }
944
945 count_sr = OCSP_resp_count(bs);
946 if (count_sr > 1) {
947 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
948 goto out;
949 }
950
951 sr = OCSP_resp_get0(bs, 0);
952 if (!sr) {
953 memprintf(err, "Failed to get OCSP single response");
954 goto out;
955 }
956
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200957 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
958
Emeric Brun4147b2e2014-06-16 18:36:30 +0200959 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200960 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200961 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200962 goto out;
963 }
964
Emeric Brun13a6b482014-06-20 15:44:34 +0200965 if (!nextupd) {
966 memprintf(err, "OCSP single response: missing nextupdate");
967 goto out;
968 }
969
Emeric Brunc8b27b62014-06-19 14:16:17 +0200970 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200971 if (!rc) {
972 memprintf(err, "OCSP single response: no longer valid.");
973 goto out;
974 }
975
976 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200977 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200978 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
979 goto out;
980 }
981 }
982
983 if (!ocsp) {
984 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
985 unsigned char *p;
986
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200987 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200988 if (!rc) {
989 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
990 goto out;
991 }
992
993 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
994 memprintf(err, "OCSP single response: Certificate ID too long");
995 goto out;
996 }
997
998 p = key;
999 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001000 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001001 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
1002 if (!ocsp) {
1003 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
1004 goto out;
1005 }
1006 }
1007
1008 /* According to comments on "chunk_dup", the
1009 previous chunk buffer will be freed */
1010 if (!chunk_dup(&ocsp->response, ocsp_response)) {
1011 memprintf(err, "OCSP response: Memory allocation error");
1012 goto out;
1013 }
1014
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001015 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
1016
Emeric Brun4147b2e2014-06-16 18:36:30 +02001017 ret = 0;
1018out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +01001019 ERR_clear_error();
1020
Emeric Brun4147b2e2014-06-16 18:36:30 +02001021 if (bs)
1022 OCSP_BASICRESP_free(bs);
1023
1024 if (resp)
1025 OCSP_RESPONSE_free(resp);
1026
1027 return ret;
1028}
1029/*
1030 * External function use to update the OCSP response in the OCSP response's
1031 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
1032 * to update in DER format.
1033 *
1034 * Returns 0 on success, 1 in error case.
1035 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001036int ssl_sock_update_ocsp_response(struct buffer *ocsp_response, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001037{
1038 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
1039}
1040
William Lallemand4a660132019-10-14 14:51:41 +02001041#endif
1042
1043#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001044/*
1045 * This function load the OCSP Resonse in DER format contained in file at
William Lallemand3b5f3602019-10-16 18:05:05 +02001046 * path 'ocsp_path' or base64 in a buffer <buf>
Emeric Brun4147b2e2014-06-16 18:36:30 +02001047 *
1048 * Returns 0 on success, 1 in error case.
1049 */
William Lallemand3b5f3602019-10-16 18:05:05 +02001050static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, char *buf, struct cert_key_and_chain *ckch, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001051{
1052 int fd = -1;
1053 int r = 0;
1054 int ret = 1;
William Lallemand3b5f3602019-10-16 18:05:05 +02001055 struct buffer *ocsp_response;
1056 struct buffer *src = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001057
William Lallemand3b5f3602019-10-16 18:05:05 +02001058 if (buf) {
1059 int i, j;
1060 /* if it's from a buffer it will be base64 */
Emeric Brun4147b2e2014-06-16 18:36:30 +02001061
William Lallemand3b5f3602019-10-16 18:05:05 +02001062 /* remove \r and \n from the payload */
1063 for (i = 0, j = 0; buf[i]; i++) {
1064 if (buf[i] == '\r' || buf[i] == '\n')
Emeric Brun4147b2e2014-06-16 18:36:30 +02001065 continue;
William Lallemand3b5f3602019-10-16 18:05:05 +02001066 buf[j++] = buf[i];
1067 }
1068 buf[j] = 0;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001069
William Lallemand3b5f3602019-10-16 18:05:05 +02001070 ret = base64dec(buf, j, trash.area, trash.size);
1071 if (ret < 0) {
1072 memprintf(err, "Error reading OCSP response in base64 format");
Emeric Brun4147b2e2014-06-16 18:36:30 +02001073 goto end;
1074 }
William Lallemand3b5f3602019-10-16 18:05:05 +02001075 trash.data = ret;
1076 src = &trash;
1077 } else {
1078 fd = open(ocsp_path, O_RDONLY);
1079 if (fd == -1) {
1080 memprintf(err, "Error opening OCSP response file");
1081 goto end;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001082 }
William Lallemand3b5f3602019-10-16 18:05:05 +02001083
1084 trash.data = 0;
1085 while (trash.data < trash.size) {
1086 r = read(fd, trash.area + trash.data, trash.size - trash.data);
1087 if (r < 0) {
1088 if (errno == EINTR)
1089 continue;
1090
1091 memprintf(err, "Error reading OCSP response from file");
1092 goto end;
1093 }
1094 else if (r == 0) {
1095 break;
1096 }
1097 trash.data += r;
1098 }
1099 close(fd);
1100 fd = -1;
1101 src = &trash;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001102 }
1103
William Lallemand3b5f3602019-10-16 18:05:05 +02001104 ocsp_response = calloc(1, sizeof(*ocsp_response));
1105 if (!chunk_dup(ocsp_response, src)) {
1106 free(ocsp_response);
1107 ocsp_response = NULL;
William Lallemand246c0242019-10-11 08:59:13 +02001108 goto end;
1109 }
1110
William Lallemand3b5f3602019-10-16 18:05:05 +02001111 ckch->ocsp_response = ocsp_response;
William Lallemande0f48ae2019-10-15 13:44:57 +02001112 ret = 0;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001113end:
1114 if (fd != -1)
1115 close(fd);
1116
1117 return ret;
1118}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001119#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +02001120
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001121#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
1122static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
1123{
Christopher Faulet16f45c82018-02-16 11:23:49 +01001124 struct tls_keys_ref *ref;
Emeric Brun9e754772019-01-10 17:51:55 +01001125 union tls_sess_key *keys;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001126 struct connection *conn;
1127 int head;
1128 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001129 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001130
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001131 conn = SSL_get_ex_data(s, ssl_app_data_index);
Willy Tarreau07d94e42018-09-20 10:57:52 +02001132 ref = __objt_listener(conn->target)->bind_conf->keys_ref;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001133 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
1134
1135 keys = ref->tlskeys;
1136 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001137
1138 if (enc) {
1139 memcpy(key_name, keys[head].name, 16);
1140
1141 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +01001142 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001143
Emeric Brun9e754772019-01-10 17:51:55 +01001144 if (ref->key_size_bits == 128) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001145
Emeric Brun9e754772019-01-10 17:51:55 +01001146 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].key_128.aes_key, iv))
1147 goto end;
1148
Willy Tarreau9356dac2019-05-10 09:22:53 +02001149 HMAC_Init_ex(hctx, keys[head].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +01001150 ret = 1;
1151 }
1152 else if (ref->key_size_bits == 256 ) {
1153
1154 if(!EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[head].key_256.aes_key, iv))
1155 goto end;
1156
Willy Tarreau9356dac2019-05-10 09:22:53 +02001157 HMAC_Init_ex(hctx, keys[head].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +01001158 ret = 1;
1159 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001160 } else {
1161 for (i = 0; i < TLS_TICKETS_NO; i++) {
1162 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
1163 goto found;
1164 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01001165 ret = 0;
1166 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001167
Christopher Faulet16f45c82018-02-16 11:23:49 +01001168 found:
Emeric Brun9e754772019-01-10 17:51:55 +01001169 if (ref->key_size_bits == 128) {
Willy Tarreau9356dac2019-05-10 09:22:53 +02001170 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +01001171 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_128.aes_key, iv))
1172 goto end;
1173 /* 2 for key renewal, 1 if current key is still valid */
1174 ret = i ? 2 : 1;
1175 }
1176 else if (ref->key_size_bits == 256) {
Willy Tarreau9356dac2019-05-10 09:22:53 +02001177 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +01001178 if(!EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_256.aes_key, iv))
1179 goto end;
1180 /* 2 for key renewal, 1 if current key is still valid */
1181 ret = i ? 2 : 1;
1182 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001183 }
Emeric Brun9e754772019-01-10 17:51:55 +01001184
Christopher Faulet16f45c82018-02-16 11:23:49 +01001185 end:
1186 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
1187 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001188}
1189
1190struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
1191{
1192 struct tls_keys_ref *ref;
1193
1194 list_for_each_entry(ref, &tlskeys_reference, list)
1195 if (ref->filename && strcmp(filename, ref->filename) == 0)
1196 return ref;
1197 return NULL;
1198}
1199
1200struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
1201{
1202 struct tls_keys_ref *ref;
1203
1204 list_for_each_entry(ref, &tlskeys_reference, list)
1205 if (ref->unique_id == unique_id)
1206 return ref;
1207 return NULL;
1208}
1209
Emeric Brun9e754772019-01-10 17:51:55 +01001210/* Update the key into ref: if keysize doesnt
1211 * match existing ones, this function returns -1
1212 * else it returns 0 on success.
1213 */
1214int ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref,
Willy Tarreau83061a82018-07-13 11:56:34 +02001215 struct buffer *tlskey)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001216{
Emeric Brun9e754772019-01-10 17:51:55 +01001217 if (ref->key_size_bits == 128) {
1218 if (tlskey->data != sizeof(struct tls_sess_key_128))
1219 return -1;
1220 }
1221 else if (ref->key_size_bits == 256) {
1222 if (tlskey->data != sizeof(struct tls_sess_key_256))
1223 return -1;
1224 }
1225 else
1226 return -1;
1227
Christopher Faulet16f45c82018-02-16 11:23:49 +01001228 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001229 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)),
1230 tlskey->area, tlskey->data);
Christopher Faulet16f45c82018-02-16 11:23:49 +01001231 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
1232 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Emeric Brun9e754772019-01-10 17:51:55 +01001233
1234 return 0;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001235}
1236
Willy Tarreau83061a82018-07-13 11:56:34 +02001237int ssl_sock_update_tlskey(char *filename, struct buffer *tlskey, char **err)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001238{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001239 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
1240
1241 if(!ref) {
1242 memprintf(err, "Unable to locate the referenced filename: %s", filename);
1243 return 1;
1244 }
Emeric Brun9e754772019-01-10 17:51:55 +01001245 if (ssl_sock_update_tlskey_ref(ref, tlskey) < 0) {
1246 memprintf(err, "Invalid key size");
1247 return 1;
1248 }
1249
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001250 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001251}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001252
1253/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +01001254 * automatic ids. It's called just after the basic checks. It returns
1255 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001256 */
Willy Tarreaud1c57502016-12-22 22:46:15 +01001257static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001258{
1259 int i = 0;
1260 struct tls_keys_ref *ref, *ref2, *ref3;
1261 struct list tkr = LIST_HEAD_INIT(tkr);
1262
1263 list_for_each_entry(ref, &tlskeys_reference, list) {
1264 if (ref->unique_id == -1) {
1265 /* Look for the first free id. */
1266 while (1) {
1267 list_for_each_entry(ref2, &tlskeys_reference, list) {
1268 if (ref2->unique_id == i) {
1269 i++;
1270 break;
1271 }
1272 }
1273 if (&ref2->list == &tlskeys_reference)
1274 break;
1275 }
1276
1277 /* Uses the unique id and increment it for the next entry. */
1278 ref->unique_id = i;
1279 i++;
1280 }
1281 }
1282
1283 /* This sort the reference list by id. */
1284 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
1285 LIST_DEL(&ref->list);
1286 list_for_each_entry(ref3, &tkr, list) {
1287 if (ref->unique_id < ref3->unique_id) {
1288 LIST_ADDQ(&ref3->list, &ref->list);
1289 break;
1290 }
1291 }
1292 if (&ref3->list == &tkr)
1293 LIST_ADDQ(&tkr, &ref->list);
1294 }
1295
1296 /* swap root */
1297 LIST_ADD(&tkr, &tlskeys_reference);
1298 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +01001299 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001300}
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001301#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
1302
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001303#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -05001304int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
1305{
1306 switch (evp_keytype) {
1307 case EVP_PKEY_RSA:
1308 return 2;
1309 case EVP_PKEY_DSA:
1310 return 0;
1311 case EVP_PKEY_EC:
1312 return 1;
1313 }
1314
1315 return -1;
1316}
1317
Emeric Brun4147b2e2014-06-16 18:36:30 +02001318/*
1319 * Callback used to set OCSP status extension content in server hello.
1320 */
1321int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
1322{
yanbzhube2774d2015-12-10 15:07:30 -05001323 struct certificate_ocsp *ocsp;
1324 struct ocsp_cbk_arg *ocsp_arg;
1325 char *ssl_buf;
1326 EVP_PKEY *ssl_pkey;
1327 int key_type;
1328 int index;
1329
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001330 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -05001331
1332 ssl_pkey = SSL_get_privatekey(ssl);
1333 if (!ssl_pkey)
1334 return SSL_TLSEXT_ERR_NOACK;
1335
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001336 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001337
1338 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
1339 ocsp = ocsp_arg->s_ocsp;
1340 else {
1341 /* For multiple certs per context, we have to find the correct OCSP response based on
1342 * the certificate type
1343 */
1344 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
1345
1346 if (index < 0)
1347 return SSL_TLSEXT_ERR_NOACK;
1348
1349 ocsp = ocsp_arg->m_ocsp[index];
1350
1351 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001352
1353 if (!ocsp ||
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001354 !ocsp->response.area ||
1355 !ocsp->response.data ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001356 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001357 return SSL_TLSEXT_ERR_NOACK;
1358
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001359 ssl_buf = OPENSSL_malloc(ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001360 if (!ssl_buf)
1361 return SSL_TLSEXT_ERR_NOACK;
1362
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001363 memcpy(ssl_buf, ocsp->response.area, ocsp->response.data);
1364 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001365
1366 return SSL_TLSEXT_ERR_OK;
1367}
1368
William Lallemand4a660132019-10-14 14:51:41 +02001369#endif
1370
1371#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001372/*
1373 * This function enables the handling of OCSP status extension on 'ctx' if a
William Lallemand246c0242019-10-11 08:59:13 +02001374 * ocsp_response buffer was found in the cert_key_and_chain. To enable OCSP
1375 * status extension, the issuer's certificate is mandatory. It should be
1376 * present in ckch->ocsp_issuer.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001377 *
William Lallemand246c0242019-10-11 08:59:13 +02001378 * In addition, the ckch->ocsp_reponse buffer is loaded as a DER format of an
1379 * OCSP response. If file is empty or content is not a valid OCSP response,
1380 * OCSP status extension is enabled but OCSP response is ignored (a warning is
1381 * displayed).
Emeric Brun4147b2e2014-06-16 18:36:30 +02001382 *
1383 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
Joseph Herlant017b3da2018-11-15 09:07:59 -08001384 * successfully enabled, or -1 in other error case.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001385 */
William Lallemand4a660132019-10-14 14:51:41 +02001386#ifndef OPENSSL_IS_BORINGSSL
William Lallemand246c0242019-10-11 08:59:13 +02001387static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckch)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001388{
William Lallemand246c0242019-10-11 08:59:13 +02001389 X509 *x = NULL, *issuer = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001390 OCSP_CERTID *cid = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001391 int i, ret = -1;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001392 struct certificate_ocsp *ocsp = NULL, *iocsp;
1393 char *warn = NULL;
1394 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001395 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001396
Emeric Brun4147b2e2014-06-16 18:36:30 +02001397
William Lallemand246c0242019-10-11 08:59:13 +02001398 x = ckch->cert;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001399 if (!x)
1400 goto out;
1401
William Lallemand246c0242019-10-11 08:59:13 +02001402 issuer = ckch->ocsp_issuer;
1403 if (!issuer)
1404 goto out;
Emeric Brun4147b2e2014-06-16 18:36:30 +02001405
1406 cid = OCSP_cert_to_id(0, x, issuer);
1407 if (!cid)
1408 goto out;
1409
1410 i = i2d_OCSP_CERTID(cid, NULL);
1411 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1412 goto out;
1413
Vincent Bernat02779b62016-04-03 13:48:43 +02001414 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001415 if (!ocsp)
1416 goto out;
1417
1418 p = ocsp->key_data;
1419 i2d_OCSP_CERTID(cid, &p);
1420
1421 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1422 if (iocsp == ocsp)
1423 ocsp = NULL;
1424
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001425#ifndef SSL_CTX_get_tlsext_status_cb
1426# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1427 *cb = (void (*) (void))ctx->tlsext_status_cb;
1428#endif
1429 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1430
1431 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001432 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001433 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001434
1435 cb_arg->is_single = 1;
1436 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001437
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001438 pkey = X509_get_pubkey(x);
1439 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1440 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001441
1442 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1443 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1444 } else {
1445 /*
1446 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1447 * Update that cb_arg with the new cert's staple
1448 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001449 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001450 struct certificate_ocsp *tmp_ocsp;
1451 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001452 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001453 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001454
1455#ifdef SSL_CTX_get_tlsext_status_arg
1456 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1457#else
1458 cb_arg = ctx->tlsext_status_arg;
1459#endif
yanbzhube2774d2015-12-10 15:07:30 -05001460
1461 /*
1462 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1463 * the order of operations below matter, take care when changing it
1464 */
1465 tmp_ocsp = cb_arg->s_ocsp;
1466 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1467 cb_arg->s_ocsp = NULL;
1468 cb_arg->m_ocsp[index] = tmp_ocsp;
1469 cb_arg->is_single = 0;
1470 cb_arg->single_kt = 0;
1471
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001472 pkey = X509_get_pubkey(x);
1473 key_type = EVP_PKEY_base_id(pkey);
1474 EVP_PKEY_free(pkey);
1475
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001476 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001477 if (index >= 0 && !cb_arg->m_ocsp[index])
1478 cb_arg->m_ocsp[index] = iocsp;
1479
1480 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001481
1482 ret = 0;
1483
1484 warn = NULL;
William Lallemand246c0242019-10-11 08:59:13 +02001485 if (ssl_sock_load_ocsp_response(ckch->ocsp_response, ocsp, cid, &warn)) {
William Lallemand3b5f3602019-10-16 18:05:05 +02001486 memprintf(&warn, "Loading: %s. Content will be ignored", warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001487 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001488 }
1489
1490out:
Emeric Brun4147b2e2014-06-16 18:36:30 +02001491 if (cid)
1492 OCSP_CERTID_free(cid);
1493
1494 if (ocsp)
1495 free(ocsp);
1496
1497 if (warn)
1498 free(warn);
1499
Emeric Brun4147b2e2014-06-16 18:36:30 +02001500 return ret;
1501}
William Lallemand4a660132019-10-14 14:51:41 +02001502#else /* OPENSSL_IS_BORINGSSL */
1503static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckch)
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001504{
William Lallemand4a660132019-10-14 14:51:41 +02001505 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *)ckch->ocsp_response->area, ckch->ocsp_response->data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001506}
1507#endif
1508
William Lallemand4a660132019-10-14 14:51:41 +02001509#endif
1510
1511
Willy Tarreau5db847a2019-05-09 14:13:35 +02001512#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001513
1514#define CT_EXTENSION_TYPE 18
1515
1516static int sctl_ex_index = -1;
1517
1518/*
1519 * Try to parse Signed Certificate Timestamp List structure. This function
1520 * makes only basic test if the data seems like SCTL. No signature validation
1521 * is performed.
1522 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001523static int ssl_sock_parse_sctl(struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001524{
1525 int ret = 1;
1526 int len, pos, sct_len;
1527 unsigned char *data;
1528
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001529 if (sctl->data < 2)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001530 goto out;
1531
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001532 data = (unsigned char *) sctl->area;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001533 len = (data[0] << 8) | data[1];
1534
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001535 if (len + 2 != sctl->data)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001536 goto out;
1537
1538 data = data + 2;
1539 pos = 0;
1540 while (pos < len) {
1541 if (len - pos < 2)
1542 goto out;
1543
1544 sct_len = (data[pos] << 8) | data[pos + 1];
1545 if (pos + sct_len + 2 > len)
1546 goto out;
1547
1548 pos += sct_len + 2;
1549 }
1550
1551 ret = 0;
1552
1553out:
1554 return ret;
1555}
1556
William Lallemand0dfae6c2019-10-16 18:06:58 +02001557/* Try to load a sctl from a buffer <buf> if not NULL, or read the file <sctl_path>
1558 * It fills the ckch->sctl buffer
1559 * return 0 on success or != 0 on failure */
1560static int ssl_sock_load_sctl_from_file(const char *sctl_path, char *buf, struct cert_key_and_chain *ckch, char **err)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001561{
1562 int fd = -1;
1563 int r = 0;
1564 int ret = 1;
William Lallemand0dfae6c2019-10-16 18:06:58 +02001565 struct buffer tmp;
1566 struct buffer *src;
1567 struct buffer *sctl;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001568
William Lallemand0dfae6c2019-10-16 18:06:58 +02001569 if (buf) {
1570 tmp.area = buf;
1571 tmp.data = strlen(buf);
1572 tmp.size = tmp.data + 1;
1573 src = &tmp;
1574 } else {
1575 fd = open(sctl_path, O_RDONLY);
1576 if (fd == -1)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001577 goto end;
William Lallemand0dfae6c2019-10-16 18:06:58 +02001578
1579 trash.data = 0;
1580 while (trash.data < trash.size) {
1581 r = read(fd, trash.area + trash.data, trash.size - trash.data);
1582 if (r < 0) {
1583 if (errno == EINTR)
1584 continue;
1585 goto end;
1586 }
1587 else if (r == 0) {
1588 break;
1589 }
1590 trash.data += r;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001591 }
William Lallemand0dfae6c2019-10-16 18:06:58 +02001592 src = &trash;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001593 }
1594
William Lallemand0dfae6c2019-10-16 18:06:58 +02001595 ret = ssl_sock_parse_sctl(src);
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001596 if (ret)
1597 goto end;
1598
William Lallemand0dfae6c2019-10-16 18:06:58 +02001599 sctl = calloc(1, sizeof(*sctl));
1600 if (!chunk_dup(sctl, src)) {
1601 free(sctl);
1602 sctl = NULL;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001603 goto end;
1604 }
William Lallemand0dfae6c2019-10-16 18:06:58 +02001605 ret = 0;
1606 /* TODO: free the previous SCTL in the ckch */
1607 ckch->sctl = sctl;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001608
1609end:
1610 if (fd != -1)
1611 close(fd);
1612
1613 return ret;
1614}
1615
1616int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1617{
Willy Tarreau83061a82018-07-13 11:56:34 +02001618 struct buffer *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001619
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001620 *out = (unsigned char *) sctl->area;
1621 *outlen = sctl->data;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001622
1623 return 1;
1624}
1625
1626int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1627{
1628 return 1;
1629}
1630
William Lallemanda17f4112019-10-10 15:16:44 +02001631static int ssl_sock_load_sctl(SSL_CTX *ctx, struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001632{
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001633 int ret = -1;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001634
William Lallemanda17f4112019-10-10 15:16:44 +02001635 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL))
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001636 goto out;
1637
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001638 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1639
1640 ret = 0;
1641
1642out:
1643 return ret;
1644}
1645
1646#endif
1647
Emeric Brune1f38db2012-09-03 20:36:47 +02001648void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1649{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001650 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001651 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001652 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001653 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001654
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001655#ifndef SSL_OP_NO_RENEGOTIATION
1656 /* Please note that BoringSSL defines this macro to zero so don't
1657 * change this to #if and do not assign a default value to this macro!
1658 */
Emeric Brune1f38db2012-09-03 20:36:47 +02001659 if (where & SSL_CB_HANDSHAKE_START) {
1660 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001661 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001662 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001663 conn->err_code = CO_ER_SSL_RENEG;
1664 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001665 }
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001666#endif
Emeric Brund8b2bb52014-01-28 15:43:53 +01001667
1668 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001669 if (!(ctx->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
Emeric Brund8b2bb52014-01-28 15:43:53 +01001670 /* Long certificate chains optimz
1671 If write and read bios are differents, we
1672 consider that the buffering was activated,
1673 so we rise the output buffer size from 4k
1674 to 16k */
1675 write_bio = SSL_get_wbio(ssl);
1676 if (write_bio != SSL_get_rbio(ssl)) {
1677 BIO_set_write_buffer_size(write_bio, 16384);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001678 ctx->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001679 }
1680 }
1681 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001682}
1683
Emeric Brune64aef12012-09-21 13:15:06 +02001684/* Callback is called for each certificate of the chain during a verify
1685 ok is set to 1 if preverify detect no error on current certificate.
1686 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001687int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001688{
1689 SSL *ssl;
1690 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001691 struct ssl_sock_ctx *ctx;
Emeric Brun81c00f02012-09-21 14:31:21 +02001692 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001693
1694 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001695 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001696
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001697 ctx = conn->xprt_ctx;
1698
1699 ctx->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001700
Emeric Brun81c00f02012-09-21 14:31:21 +02001701 if (ok) /* no errors */
1702 return ok;
1703
1704 depth = X509_STORE_CTX_get_error_depth(x_store);
1705 err = X509_STORE_CTX_get_error(x_store);
1706
1707 /* check if CA error needs to be ignored */
1708 if (depth > 0) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001709 if (!SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st)) {
1710 ctx->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1711 ctx->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001712 }
1713
Willy Tarreau07d94e42018-09-20 10:57:52 +02001714 if (__objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001715 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001716 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001717 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001718 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001719
Willy Tarreau20879a02012-12-03 16:32:10 +01001720 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001721 return 0;
1722 }
1723
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001724 if (!SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st))
1725 ctx->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001726
Emeric Brun81c00f02012-09-21 14:31:21 +02001727 /* check if certificate error needs to be ignored */
Willy Tarreau07d94e42018-09-20 10:57:52 +02001728 if (__objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001729 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001730 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001731 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001732 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001733
Willy Tarreau20879a02012-12-03 16:32:10 +01001734 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001735 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001736}
1737
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001738static inline
1739void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001740 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001741{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001742 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001743 unsigned char *msg;
1744 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001745 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001746
1747 /* This function is called for "from client" and "to server"
1748 * connections. The combination of write_p == 0 and content_type == 22
Joseph Herlant017b3da2018-11-15 09:07:59 -08001749 * is only available during "from client" connection.
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001750 */
1751
1752 /* "write_p" is set to 0 is the bytes are received messages,
1753 * otherwise it is set to 1.
1754 */
1755 if (write_p != 0)
1756 return;
1757
1758 /* content_type contains the type of message received or sent
1759 * according with the SSL/TLS protocol spec. This message is
1760 * encoded with one byte. The value 256 (two bytes) is used
1761 * for designing the SSL/TLS record layer. According with the
1762 * rfc6101, the expected message (other than 256) are:
1763 * - change_cipher_spec(20)
1764 * - alert(21)
1765 * - handshake(22)
1766 * - application_data(23)
1767 * - (255)
1768 * We are interessed by the handshake and specially the client
1769 * hello.
1770 */
1771 if (content_type != 22)
1772 return;
1773
1774 /* The message length is at least 4 bytes, containing the
1775 * message type and the message length.
1776 */
1777 if (len < 4)
1778 return;
1779
1780 /* First byte of the handshake message id the type of
1781 * message. The konwn types are:
1782 * - hello_request(0)
1783 * - client_hello(1)
1784 * - server_hello(2)
1785 * - certificate(11)
1786 * - server_key_exchange (12)
1787 * - certificate_request(13)
1788 * - server_hello_done(14)
1789 * We are interested by the client hello.
1790 */
1791 msg = (unsigned char *)buf;
1792 if (msg[0] != 1)
1793 return;
1794
1795 /* Next three bytes are the length of the message. The total length
1796 * must be this decoded length + 4. If the length given as argument
1797 * is not the same, we abort the protocol dissector.
1798 */
1799 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1800 if (len < rec_len + 4)
1801 return;
1802 msg += 4;
1803 end = msg + rec_len;
1804 if (end < msg)
1805 return;
1806
1807 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1808 * for minor, the random, composed by 4 bytes for the unix time and
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001809 * 28 bytes for unix payload. So we jump 1 + 1 + 4 + 28.
1810 */
1811 msg += 1 + 1 + 4 + 28;
1812 if (msg > end)
1813 return;
1814
1815 /* Next, is session id:
1816 * if present, we have to jump by length + 1 for the size information
1817 * if not present, we have to jump by 1 only
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001818 */
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001819 if (msg[0] > 0)
1820 msg += msg[0];
1821 msg += 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001822 if (msg > end)
1823 return;
1824
1825 /* Next two bytes are the ciphersuite length. */
1826 if (msg + 2 > end)
1827 return;
1828 rec_len = (msg[0] << 8) + msg[1];
1829 msg += 2;
1830 if (msg + rec_len > end || msg + rec_len < msg)
1831 return;
1832
Willy Tarreaubafbe012017-11-24 17:34:44 +01001833 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001834 if (!capture)
1835 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001836 /* Compute the xxh64 of the ciphersuite. */
1837 capture->xxh64 = XXH64(msg, rec_len, 0);
1838
1839 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001840 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1841 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001842 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001843
1844 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001845}
1846
Emeric Brun29f037d2014-04-25 19:05:36 +02001847/* Callback is called for ssl protocol analyse */
1848void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1849{
Emeric Brun29f037d2014-04-25 19:05:36 +02001850#ifdef TLS1_RT_HEARTBEAT
1851 /* test heartbeat received (write_p is set to 0
1852 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001853 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001854 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
William Lallemand7e1770b2019-05-13 14:31:34 +02001855 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001856 const unsigned char *p = buf;
1857 unsigned int payload;
1858
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001859 ctx->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001860
1861 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1862 if (*p != TLS1_HB_REQUEST)
1863 return;
1864
Willy Tarreauaeed6722014-04-25 23:59:58 +02001865 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001866 goto kill_it;
1867
1868 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001869 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001870 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001871 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001872 /* We have a clear heartbleed attack (CVE-2014-0160), the
1873 * advertised payload is larger than the advertised packet
1874 * length, so we have garbage in the buffer between the
1875 * payload and the end of the buffer (p+len). We can't know
1876 * if the SSL stack is patched, and we don't know if we can
1877 * safely wipe out the area between p+3+len and payload.
1878 * So instead, we prevent the response from being sent by
1879 * setting the max_send_fragment to 0 and we report an SSL
1880 * error, which will kill this connection. It will be reported
1881 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001882 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1883 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001884 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001885 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1886 return;
1887 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001888#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001889 if (global_ssl.capture_cipherlist > 0)
1890 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001891}
1892
Bernard Spil13c53f82018-02-15 13:34:58 +01001893#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchardc7566002018-11-20 23:33:50 +01001894static int ssl_sock_srv_select_protos(SSL *s, unsigned char **out, unsigned char *outlen,
1895 const unsigned char *in, unsigned int inlen,
1896 void *arg)
1897{
1898 struct server *srv = arg;
1899
1900 if (SSL_select_next_proto(out, outlen, in, inlen, (unsigned char *)srv->ssl_ctx.npn_str,
1901 srv->ssl_ctx.npn_len) == OPENSSL_NPN_NEGOTIATED)
1902 return SSL_TLSEXT_ERR_OK;
1903 return SSL_TLSEXT_ERR_NOACK;
1904}
1905#endif
1906
1907#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001908/* This callback is used so that the server advertises the list of
1909 * negociable protocols for NPN.
1910 */
1911static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1912 unsigned int *len, void *arg)
1913{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001914 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001915
1916 *data = (const unsigned char *)conf->npn_str;
1917 *len = conf->npn_len;
1918 return SSL_TLSEXT_ERR_OK;
1919}
1920#endif
1921
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001922#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001923/* This callback is used so that the server advertises the list of
1924 * negociable protocols for ALPN.
1925 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001926static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1927 unsigned char *outlen,
1928 const unsigned char *server,
1929 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001930{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001931 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001932
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001933 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1934 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1935 return SSL_TLSEXT_ERR_NOACK;
1936 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001937 return SSL_TLSEXT_ERR_OK;
1938}
1939#endif
1940
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001941#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001942#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001943
Christopher Faulet30548802015-06-11 13:39:32 +02001944/* Create a X509 certificate with the specified servername and serial. This
1945 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001946static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001947ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001948{
Christopher Faulet7969a332015-10-09 11:15:03 +02001949 X509 *cacert = bind_conf->ca_sign_cert;
1950 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001951 SSL_CTX *ssl_ctx = NULL;
1952 X509 *newcrt = NULL;
1953 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001954 SSL *tmp_ssl = NULL;
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001955 CONF *ctmp = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001956 X509_NAME *name;
1957 const EVP_MD *digest;
1958 X509V3_CTX ctx;
1959 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001960 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001961
Christopher Faulet48a83322017-07-28 16:56:09 +02001962 /* Get the private key of the default certificate and use it */
Willy Tarreau5db847a2019-05-09 14:13:35 +02001963#if (HA_OPENSSL_VERSION_NUMBER >= 0x10002000L)
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001964 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1965#else
1966 tmp_ssl = SSL_new(bind_conf->default_ctx);
1967 if (tmp_ssl)
1968 pkey = SSL_get_privatekey(tmp_ssl);
1969#endif
1970 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001971 goto mkcert_error;
1972
1973 /* Create the certificate */
1974 if (!(newcrt = X509_new()))
1975 goto mkcert_error;
1976
1977 /* Set version number for the certificate (X509v3) and the serial
1978 * number */
1979 if (X509_set_version(newcrt, 2L) != 1)
1980 goto mkcert_error;
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01001981 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), _HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001982
1983 /* Set duration for the certificate */
Rosen Penev68185952018-12-14 08:47:02 -08001984 if (!X509_gmtime_adj(X509_getm_notBefore(newcrt), (long)-60*60*24) ||
1985 !X509_gmtime_adj(X509_getm_notAfter(newcrt),(long)60*60*24*365))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001986 goto mkcert_error;
1987
1988 /* set public key in the certificate */
1989 if (X509_set_pubkey(newcrt, pkey) != 1)
1990 goto mkcert_error;
1991
1992 /* Set issuer name from the CA */
1993 if (!(name = X509_get_subject_name(cacert)))
1994 goto mkcert_error;
1995 if (X509_set_issuer_name(newcrt, name) != 1)
1996 goto mkcert_error;
1997
1998 /* Set the subject name using the same, but the CN */
1999 name = X509_NAME_dup(name);
2000 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
2001 (const unsigned char *)servername,
2002 -1, -1, 0) != 1) {
2003 X509_NAME_free(name);
2004 goto mkcert_error;
2005 }
2006 if (X509_set_subject_name(newcrt, name) != 1) {
2007 X509_NAME_free(name);
2008 goto mkcert_error;
2009 }
2010 X509_NAME_free(name);
2011
2012 /* Add x509v3 extensions as specified */
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02002013 ctmp = NCONF_new(NULL);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002014 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
2015 for (i = 0; i < X509V3_EXT_SIZE; i++) {
2016 X509_EXTENSION *ext;
2017
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02002018 if (!(ext = X509V3_EXT_nconf(ctmp, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
Christopher Faulet31af49d2015-06-09 17:29:50 +02002019 goto mkcert_error;
2020 if (!X509_add_ext(newcrt, ext, -1)) {
2021 X509_EXTENSION_free(ext);
2022 goto mkcert_error;
2023 }
2024 X509_EXTENSION_free(ext);
2025 }
2026
2027 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002028
2029 key_type = EVP_PKEY_base_id(capkey);
2030
2031 if (key_type == EVP_PKEY_DSA)
2032 digest = EVP_sha1();
2033 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02002034 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002035 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02002036 digest = EVP_sha256();
2037 else {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02002038#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000000fL) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet7969a332015-10-09 11:15:03 +02002039 int nid;
2040
2041 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
2042 goto mkcert_error;
2043 if (!(digest = EVP_get_digestbynid(nid)))
2044 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02002045#else
2046 goto mkcert_error;
2047#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02002048 }
2049
Christopher Faulet31af49d2015-06-09 17:29:50 +02002050 if (!(X509_sign(newcrt, capkey, digest)))
2051 goto mkcert_error;
2052
2053 /* Create and set the new SSL_CTX */
2054 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
2055 goto mkcert_error;
2056 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
2057 goto mkcert_error;
2058 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
2059 goto mkcert_error;
2060 if (!SSL_CTX_check_private_key(ssl_ctx))
2061 goto mkcert_error;
2062
2063 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02002064
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01002065#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02002066 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01002067#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02002068#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
2069 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002070 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02002071 EC_KEY *ecc;
2072 int nid;
2073
2074 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
2075 goto end;
2076 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
2077 goto end;
2078 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
2079 EC_KEY_free(ecc);
2080 }
2081#endif
2082 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02002083 return ssl_ctx;
2084
2085 mkcert_error:
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02002086 if (ctmp) NCONF_free(ctmp);
Emmanuel Hocdet15969292017-08-11 10:56:00 +02002087 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002088 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
2089 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002090 return NULL;
2091}
2092
Christopher Faulet7969a332015-10-09 11:15:03 +02002093SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002094ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02002095{
Willy Tarreau07d94e42018-09-20 10:57:52 +02002096 struct bind_conf *bind_conf = __objt_listener(conn->target)->bind_conf;
Olivier Houchard66ab4982019-02-26 18:37:15 +01002097 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002098
Olivier Houchard66ab4982019-02-26 18:37:15 +01002099 return ssl_sock_do_create_cert(servername, bind_conf, ctx->ssl);
Christopher Faulet7969a332015-10-09 11:15:03 +02002100}
2101
Christopher Faulet30548802015-06-11 13:39:32 +02002102/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02002103 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02002104SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02002105ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02002106{
2107 struct lru64 *lru = NULL;
2108
2109 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002110 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002111 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02002112 if (lru && lru->domain) {
2113 if (ssl)
2114 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002115 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002116 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002117 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002118 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002119 }
2120 return NULL;
2121}
2122
Emeric Brun821bb9b2017-06-15 16:37:39 +02002123/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
2124 * function is not thread-safe, it should only be used to check if a certificate
2125 * exists in the lru cache (with no warranty it will not be removed by another
2126 * thread). It is kept for backward compatibility. */
2127SSL_CTX *
2128ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
2129{
2130 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
2131}
2132
Christopher Fauletd2cab922015-07-28 16:03:47 +02002133/* Set a certificate int the LRU cache used to store generated
2134 * certificate. Return 0 on success, otherwise -1 */
2135int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002136ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02002137{
2138 struct lru64 *lru = NULL;
2139
2140 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002141 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002142 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02002143 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002144 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002145 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002146 }
Christopher Faulet30548802015-06-11 13:39:32 +02002147 if (lru->domain && lru->data)
2148 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02002149 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002150 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002151 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02002152 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02002153 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02002154}
2155
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002156/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02002157unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002158ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02002159{
2160 return XXH32(data, len, ssl_ctx_lru_seed);
2161}
2162
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002163/* Generate a cert and immediately assign it to the SSL session so that the cert's
2164 * refcount is maintained regardless of the cert's presence in the LRU cache.
2165 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002166static int
Christopher Faulet7969a332015-10-09 11:15:03 +02002167ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02002168{
2169 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002170 SSL_CTX *ssl_ctx = NULL;
2171 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002172 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002173
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002174 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02002175 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002176 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002177 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002178 if (lru && lru->domain)
2179 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02002180 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002181 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002182 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002183 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002184 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002185 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002186 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002187 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002188 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002189 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002190 SSL_set_SSL_CTX(ssl, ssl_ctx);
2191 /* No LRU cache, this CTX will be released as soon as the session dies */
2192 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002193 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002194 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002195 return 0;
2196}
2197static int
2198ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
2199{
2200 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002201 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002202
Willy Tarreauf5bdb642019-07-17 11:29:32 +02002203 if (conn_get_dst(conn)) {
Willy Tarreau085a1512019-07-17 14:47:35 +02002204 key = ssl_sock_generated_cert_key(conn->dst, get_addr_len(conn->dst));
Emeric Brun821bb9b2017-06-15 16:37:39 +02002205 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002206 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002207 }
2208 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002209}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002210#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002211
Willy Tarreau9a1ab082019-05-09 13:26:41 +02002212#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002213typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
2214
2215static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002216{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002217#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002218 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002219 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
2220#endif
2221}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002222static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2223 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002224 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
2225}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002226static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002227#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002228 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002229 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
2230#endif
2231}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002232static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002233#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002234 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002235 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
2236#endif
2237}
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002238/* TLSv1.2 is the last supported version in this context. */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002239static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
2240/* Unusable in this context. */
2241static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
2242static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
2243static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
2244static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
2245static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002246#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002247typedef enum { SET_MIN, SET_MAX } set_context_func;
2248
2249static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2250 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002251 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2252}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002253static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2254 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2255 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2256}
2257static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2258 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002259 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2260}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002261static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2262 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2263 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2264}
2265static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2266 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002267 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2268}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002269static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2270 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2271 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2272}
2273static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2274 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002275 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2276}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002277static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2278 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2279 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2280}
2281static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002282#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002283 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002284 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2285#endif
2286}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002287static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2288#if SSL_OP_NO_TLSv1_3
2289 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2290 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002291#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002292}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002293#endif
2294static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2295static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002296
2297static struct {
2298 int option;
2299 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002300 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2301 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002302 const char *name;
2303} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002304 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2305 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2306 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2307 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2308 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2309 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002310};
2311
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002312static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2313{
2314 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2315 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2316 SSL_set_SSL_CTX(ssl, ctx);
2317}
2318
Willy Tarreau5db847a2019-05-09 14:13:35 +02002319#if ((HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL))
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002320
2321static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2322{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002323 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002324 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002325
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002326 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2327 return SSL_TLSEXT_ERR_OK;
2328 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002329}
2330
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002331#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002332static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2333{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002334 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002335#else
2336static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2337{
2338#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002339 struct connection *conn;
2340 struct bind_conf *s;
2341 const uint8_t *extension_data;
2342 size_t extension_len;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002343 int has_rsa_sig = 0, has_ecdsa_sig = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002344
2345 char *wildp = NULL;
2346 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002347 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002348 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002349 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002350 int i;
2351
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002352 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreaua8825522018-10-15 13:20:07 +02002353 s = __objt_listener(conn->target)->bind_conf;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002354
Olivier Houchard9679ac92017-10-27 14:58:08 +02002355 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002356 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002357#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002358 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2359 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002360#else
2361 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2362#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002363 /*
2364 * The server_name extension was given too much extensibility when it
2365 * was written, so parsing the normal case is a bit complex.
2366 */
2367 size_t len;
2368 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002369 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002370 /* Extract the length of the supplied list of names. */
2371 len = (*extension_data++) << 8;
2372 len |= *extension_data++;
2373 if (len + 2 != extension_len)
2374 goto abort;
2375 /*
2376 * The list in practice only has a single element, so we only consider
2377 * the first one.
2378 */
2379 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2380 goto abort;
2381 extension_len = len - 1;
2382 /* Now we can finally pull out the byte array with the actual hostname. */
2383 if (extension_len <= 2)
2384 goto abort;
2385 len = (*extension_data++) << 8;
2386 len |= *extension_data++;
2387 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2388 || memchr(extension_data, 0, len) != NULL)
2389 goto abort;
2390 servername = extension_data;
2391 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002392 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002393#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2394 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002395 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002396 }
2397#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002398 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002399 if (!s->strict_sni) {
William Lallemand21724f02019-11-04 17:56:13 +01002400 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002401 ssl_sock_switchctx_set(ssl, s->default_ctx);
William Lallemand21724f02019-11-04 17:56:13 +01002402 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002403 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002404 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002405 goto abort;
2406 }
2407
2408 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002409#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002410 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002411#else
2412 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2413#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002414 uint8_t sign;
2415 size_t len;
2416 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002417 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002418 len = (*extension_data++) << 8;
2419 len |= *extension_data++;
2420 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002421 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002422 if (len % 2 != 0)
2423 goto abort;
2424 for (; len > 0; len -= 2) {
2425 extension_data++; /* hash */
2426 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002427 switch (sign) {
2428 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002429 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002430 break;
2431 case TLSEXT_signature_ecdsa:
2432 has_ecdsa_sig = 1;
2433 break;
2434 default:
2435 continue;
2436 }
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002437 if (has_ecdsa_sig && has_rsa_sig)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002438 break;
2439 }
2440 } else {
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002441 /* without TLSEXT_TYPE_signature_algorithms extension (< TLSv1.2) */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002442 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002443 }
2444 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002445 const SSL_CIPHER *cipher;
2446 size_t len;
2447 const uint8_t *cipher_suites;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002448 has_ecdsa_sig = 0;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002449#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002450 len = ctx->cipher_suites_len;
2451 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002452#else
2453 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2454#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002455 if (len % 2 != 0)
2456 goto abort;
2457 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002458#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002459 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002460 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002461#else
2462 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2463#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002464 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002465 has_ecdsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002466 break;
2467 }
2468 }
2469 }
2470
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002471 for (i = 0; i < trash.size && i < servername_len; i++) {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002472 trash.area[i] = tolower(servername[i]);
2473 if (!wildp && (trash.area[i] == '.'))
2474 wildp = &trash.area[i];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002475 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002476 trash.area[i] = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002477
William Lallemand150bfa82019-09-19 17:12:49 +02002478 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002479
Emmanuel Hocdet3777e3a2019-11-06 16:05:34 +01002480 for (i = 0; i < 2; i++) {
2481 if (i == 0) /* lookup in full qualified names */
2482 node = ebst_lookup(&s->sni_ctx, trash.area);
2483 else if (i == 1 && wildp) /* lookup in wildcards names */
2484 node = ebst_lookup(&s->sni_w_ctx, wildp);
2485 else
2486 break;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002487 for (n = node; n; n = ebmb_next_dup(n)) {
Emmanuel Hocdet3777e3a2019-11-06 16:05:34 +01002488 /* lookup a not neg filter */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002489 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002490 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002491 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002492 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002493 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002494 break;
2495 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002496 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002497 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002498 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002499 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002500 if (!node_anonymous)
2501 node_anonymous = n;
2502 break;
2503 }
2504 }
2505 }
Emmanuel Hocdet3777e3a2019-11-06 16:05:34 +01002506 /* select by key_signature priority order */
2507 node = (has_ecdsa_sig && node_ecdsa) ? node_ecdsa
2508 : ((has_rsa_sig && node_rsa) ? node_rsa
2509 : (node_anonymous ? node_anonymous
2510 : (node_ecdsa ? node_ecdsa /* no ecdsa signature case (< TLSv1.2) */
2511 : node_rsa /* no rsa signature case (far far away) */
2512 )));
2513 if (node) {
2514 /* switch ctx */
2515 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
2516 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002517 if (conf) {
2518 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2519 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2520 if (conf->early_data)
2521 allow_early = 1;
2522 }
William Lallemand02010472019-10-18 11:02:19 +02002523 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002524 goto allow_early;
Emmanuel Hocdet3777e3a2019-11-06 16:05:34 +01002525 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002526 }
William Lallemand150bfa82019-09-19 17:12:49 +02002527
William Lallemand02010472019-10-18 11:02:19 +02002528 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002529#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002530 if (s->generate_certs && ssl_sock_generate_certificate(trash.area, s, ssl)) {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002531 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002532 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002533 }
2534#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002535 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002536 /* no certificate match, is the default_ctx */
William Lallemand21724f02019-11-04 17:56:13 +01002537 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002538 ssl_sock_switchctx_set(ssl, s->default_ctx);
William Lallemand21724f02019-11-04 17:56:13 +01002539 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002540 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002541allow_early:
2542#ifdef OPENSSL_IS_BORINGSSL
2543 if (allow_early)
2544 SSL_set_early_data_enabled(ssl, 1);
2545#else
2546 if (!allow_early)
2547 SSL_set_max_early_data(ssl, 0);
2548#endif
2549 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002550 abort:
2551 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2552 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002553#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002554 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002555#else
2556 *al = SSL_AD_UNRECOGNIZED_NAME;
2557 return 0;
2558#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002559}
2560
2561#else /* OPENSSL_IS_BORINGSSL */
2562
Emeric Brunfc0421f2012-09-07 17:30:07 +02002563/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2564 * warning when no match is found, which implies the default (first) cert
2565 * will keep being used.
2566 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002567static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002568{
2569 const char *servername;
2570 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002571 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002572 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002573 int i;
2574 (void)al; /* shut gcc stupid warning */
2575
2576 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002577 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002578#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002579 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2580 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002581#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002582 if (s->strict_sni)
2583 return SSL_TLSEXT_ERR_ALERT_FATAL;
William Lallemand21724f02019-11-04 17:56:13 +01002584 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002585 ssl_sock_switchctx_set(ssl, s->default_ctx);
William Lallemand21724f02019-11-04 17:56:13 +01002586 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002587 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002588 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002589
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002590 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002591 if (!servername[i])
2592 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002593 trash.area[i] = tolower(servername[i]);
2594 if (!wildp && (trash.area[i] == '.'))
2595 wildp = &trash.area[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002596 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002597 trash.area[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002598
William Lallemand150bfa82019-09-19 17:12:49 +02002599 HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetc5fdf0f2019-11-04 15:49:46 +01002600 node = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002601 /* lookup in full qualified names */
Emmanuel Hocdetc5fdf0f2019-11-04 15:49:46 +01002602 for (n = ebst_lookup(&s->sni_ctx, trash.area); n; n = ebmb_next_dup(n)) {
2603 /* lookup a not neg filter */
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002604 if (!container_of(n, struct sni_ctx, name)->neg) {
2605 node = n;
2606 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002607 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002608 }
2609 if (!node && wildp) {
2610 /* lookup in wildcards names */
Emmanuel Hocdetc5fdf0f2019-11-04 15:49:46 +01002611 for (n = ebst_lookup(&s->sni_w_ctx, wildp); n; n = ebmb_next_dup(n)) {
2612 /* lookup a not neg filter */
2613 if (!container_of(n, struct sni_ctx, name)->neg) {
2614 node = n;
2615 break;
2616 }
2617 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002618 }
Emmanuel Hocdetc5fdf0f2019-11-04 15:49:46 +01002619 if (!node) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002620#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002621 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2622 /* switch ctx done in ssl_sock_generate_certificate */
William Lallemand150bfa82019-09-19 17:12:49 +02002623 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002624 return SSL_TLSEXT_ERR_OK;
2625 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002626#endif
William Lallemand21724f02019-11-04 17:56:13 +01002627 if (s->strict_sni) {
2628 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002629 return SSL_TLSEXT_ERR_ALERT_FATAL;
William Lallemand21724f02019-11-04 17:56:13 +01002630 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002631 ssl_sock_switchctx_set(ssl, s->default_ctx);
William Lallemand21724f02019-11-04 17:56:13 +01002632 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002633 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002634 }
2635
2636 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002637 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
William Lallemand150bfa82019-09-19 17:12:49 +02002638 HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002639 return SSL_TLSEXT_ERR_OK;
2640}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002641#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002642#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2643
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002644#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002645
2646static DH * ssl_get_dh_1024(void)
2647{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002648 static unsigned char dh1024_p[]={
2649 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2650 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2651 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2652 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2653 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2654 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2655 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2656 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2657 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2658 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2659 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2660 };
2661 static unsigned char dh1024_g[]={
2662 0x02,
2663 };
2664
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002665 BIGNUM *p;
2666 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002667 DH *dh = DH_new();
2668 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002669 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2670 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002671
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002672 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002673 DH_free(dh);
2674 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002675 } else {
2676 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002677 }
2678 }
2679 return dh;
2680}
2681
2682static DH *ssl_get_dh_2048(void)
2683{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002684 static unsigned char dh2048_p[]={
2685 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2686 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2687 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2688 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2689 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2690 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2691 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2692 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2693 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2694 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2695 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2696 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2697 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2698 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2699 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2700 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2701 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2702 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2703 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2704 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2705 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2706 0xB7,0x1F,0x77,0xF3,
2707 };
2708 static unsigned char dh2048_g[]={
2709 0x02,
2710 };
2711
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002712 BIGNUM *p;
2713 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002714 DH *dh = DH_new();
2715 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002716 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2717 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002718
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002719 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002720 DH_free(dh);
2721 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002722 } else {
2723 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002724 }
2725 }
2726 return dh;
2727}
2728
2729static DH *ssl_get_dh_4096(void)
2730{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002731 static unsigned char dh4096_p[]={
2732 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2733 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2734 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2735 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2736 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2737 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2738 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2739 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2740 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2741 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2742 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2743 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2744 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2745 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2746 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2747 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2748 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2749 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2750 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2751 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2752 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2753 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2754 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2755 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2756 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2757 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2758 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2759 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2760 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2761 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2762 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2763 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2764 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2765 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2766 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2767 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2768 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2769 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2770 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2771 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2772 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2773 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2774 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002775 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002776 static unsigned char dh4096_g[]={
2777 0x02,
2778 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002779
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002780 BIGNUM *p;
2781 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002782 DH *dh = DH_new();
2783 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002784 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2785 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002786
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002787 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002788 DH_free(dh);
2789 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002790 } else {
2791 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002792 }
2793 }
2794 return dh;
2795}
2796
2797/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002798 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002799static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2800{
2801 DH *dh = NULL;
2802 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002803 int type;
2804
2805 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002806
2807 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2808 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2809 */
2810 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2811 keylen = EVP_PKEY_bits(pkey);
2812 }
2813
Willy Tarreauef934602016-12-22 23:12:01 +01002814 if (keylen > global_ssl.default_dh_param) {
2815 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002816 }
2817
Remi Gacogned3a341a2015-05-29 16:26:17 +02002818 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002819 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002820 }
2821 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002822 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002823 }
2824 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002825 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002826 }
2827
2828 return dh;
2829}
2830
Remi Gacogne47783ef2015-05-29 15:53:22 +02002831static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002832{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002833 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002834 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002835
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002836 if (in == NULL)
2837 goto end;
2838
Remi Gacogne47783ef2015-05-29 15:53:22 +02002839 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002840 goto end;
2841
Remi Gacogne47783ef2015-05-29 15:53:22 +02002842 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2843
2844end:
2845 if (in)
2846 BIO_free(in);
2847
Emeric Brune1b4ed42018-08-16 15:14:12 +02002848 ERR_clear_error();
2849
Remi Gacogne47783ef2015-05-29 15:53:22 +02002850 return dh;
2851}
2852
2853int ssl_sock_load_global_dh_param_from_file(const char *filename)
2854{
2855 global_dh = ssl_sock_get_dh_from_file(filename);
2856
2857 if (global_dh) {
2858 return 0;
2859 }
2860
2861 return -1;
2862}
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002863#endif
2864
William Lallemand9117de92019-10-04 00:29:42 +02002865/* Alloc and init a ckch_inst */
2866static struct ckch_inst *ckch_inst_new()
2867{
2868 struct ckch_inst *ckch_inst;
2869
2870 ckch_inst = calloc(1, sizeof *ckch_inst);
2871 if (ckch_inst)
2872 LIST_INIT(&ckch_inst->sni_ctx);
2873
2874 return ckch_inst;
2875}
2876
2877
2878/* This function allocates a sni_ctx and adds it to the ckch_inst */
William Lallemand1d29c742019-10-04 00:53:29 +02002879static int ckch_inst_add_cert_sni(SSL_CTX *ctx, struct ckch_inst *ckch_inst,
William Lallemand9117de92019-10-04 00:29:42 +02002880 struct bind_conf *s, struct ssl_bind_conf *conf,
2881 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002882{
2883 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002884 int wild = 0, neg = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002885
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002886 if (*name == '!') {
2887 neg = 1;
2888 name++;
2889 }
2890 if (*name == '*') {
2891 wild = 1;
2892 name++;
2893 }
2894 /* !* filter is a nop */
2895 if (neg && wild)
2896 return order;
2897 if (*name) {
2898 int j, len;
2899 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002900 for (j = 0; j < len && j < trash.size; j++)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002901 trash.area[j] = tolower(name[j]);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002902 if (j >= trash.size)
William Lallemandfe49bb32019-10-03 23:46:33 +02002903 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002904 trash.area[j] = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002905
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002906 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002907 if (!sc)
William Lallemandfe49bb32019-10-03 23:46:33 +02002908 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002909 memcpy(sc->name.key, trash.area, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002910 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002911 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002912 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002913 sc->order = order++;
2914 sc->neg = neg;
William Lallemand1d29c742019-10-04 00:53:29 +02002915 sc->wild = wild;
2916 sc->name.node.leaf_p = NULL;
William Lallemand1d29c742019-10-04 00:53:29 +02002917 LIST_ADDQ(&ckch_inst->sni_ctx, &sc->by_ckch_inst);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002918 }
2919 return order;
2920}
2921
William Lallemand6af03992019-07-23 15:00:54 +02002922/*
William Lallemand1d29c742019-10-04 00:53:29 +02002923 * Insert the sni_ctxs that are listed in the ckch_inst, in the bind_conf's sni_ctx tree
2924 * This function can't return an error.
2925 *
2926 * *CAUTION*: The caller must lock the sni tree if called in multithreading mode
2927 */
2928static void ssl_sock_load_cert_sni(struct ckch_inst *ckch_inst, struct bind_conf *bind_conf)
2929{
2930
2931 struct sni_ctx *sc0, *sc0b, *sc1;
2932 struct ebmb_node *node;
William Lallemand21724f02019-11-04 17:56:13 +01002933 int def = 0;
William Lallemand1d29c742019-10-04 00:53:29 +02002934
2935 list_for_each_entry_safe(sc0, sc0b, &ckch_inst->sni_ctx, by_ckch_inst) {
2936
2937 /* ignore if sc0 was already inserted in a tree */
2938 if (sc0->name.node.leaf_p)
2939 continue;
2940
2941 /* Check for duplicates. */
2942 if (sc0->wild)
2943 node = ebst_lookup(&bind_conf->sni_w_ctx, (char *)sc0->name.key);
2944 else
2945 node = ebst_lookup(&bind_conf->sni_ctx, (char *)sc0->name.key);
2946
2947 for (; node; node = ebmb_next_dup(node)) {
2948 sc1 = ebmb_entry(node, struct sni_ctx, name);
2949 if (sc1->ctx == sc0->ctx && sc1->conf == sc0->conf
2950 && sc1->neg == sc0->neg && sc1->wild == sc0->wild) {
2951 /* it's a duplicate, we should remove and free it */
2952 LIST_DEL(&sc0->by_ckch_inst);
2953 free(sc0);
2954 sc0 = NULL;
William Lallemande15029b2019-10-14 10:46:58 +02002955 break;
William Lallemand1d29c742019-10-04 00:53:29 +02002956 }
2957 }
2958
2959 /* if duplicate, ignore the insertion */
2960 if (!sc0)
2961 continue;
2962
2963 if (sc0->wild)
2964 ebst_insert(&bind_conf->sni_w_ctx, &sc0->name);
2965 else
2966 ebst_insert(&bind_conf->sni_ctx, &sc0->name);
William Lallemand21724f02019-11-04 17:56:13 +01002967
2968 /* replace the default_ctx if required with the first ctx */
2969 if (ckch_inst->is_default && !def) {
2970 /* we don't need to free the default_ctx because the refcount was not incremented */
2971 bind_conf->default_ctx = sc0->ctx;
2972 def = 1;
2973 }
William Lallemand1d29c742019-10-04 00:53:29 +02002974 }
2975}
2976
2977/*
William Lallemande3af8fb2019-10-08 11:36:53 +02002978 * tree used to store the ckchs ordered by filename/bundle name
William Lallemand6af03992019-07-23 15:00:54 +02002979 */
William Lallemande3af8fb2019-10-08 11:36:53 +02002980struct eb_root ckchs_tree = EB_ROOT_UNIQUE;
William Lallemand6af03992019-07-23 15:00:54 +02002981
William Lallemandfa892222019-07-23 16:06:08 +02002982
Emeric Brun7a883362019-10-17 13:27:40 +02002983/* Loads Diffie-Hellman parameter from a ckchs to an SSL_CTX.
2984 * If there is no DH paramater availaible in the ckchs, the global
2985 * DH parameter is loaded into the SSL_CTX and if there is no
2986 * DH parameter available in ckchs nor in global, the default
2987 * DH parameters are applied on the SSL_CTX.
2988 * Returns a bitfield containing the flags:
2989 * ERR_FATAL in any fatal error case
2990 * ERR_ALERT if a reason of the error is availabine in err
2991 * ERR_WARN if a warning is available into err
2992 * The value 0 means there is no error nor warning and
2993 * the operation succeed.
2994 */
William Lallemandfa892222019-07-23 16:06:08 +02002995#ifndef OPENSSL_NO_DH
Emeric Brun7a883362019-10-17 13:27:40 +02002996static int ssl_sock_load_dh_params(SSL_CTX *ctx, const struct cert_key_and_chain *ckch,
2997 const char *path, char **err)
William Lallemandfa892222019-07-23 16:06:08 +02002998{
Emeric Brun7a883362019-10-17 13:27:40 +02002999 int ret = 0;
William Lallemandfa892222019-07-23 16:06:08 +02003000 DH *dh = NULL;
3001
William Lallemanda8c73742019-07-31 18:31:34 +02003002 if (ckch && ckch->dh) {
William Lallemandfa892222019-07-23 16:06:08 +02003003 dh = ckch->dh;
Emeric Bruna9363eb2019-10-17 14:53:03 +02003004 if (!SSL_CTX_set_tmp_dh(ctx, dh)) {
3005 memprintf(err, "%sunable to load the DH parameter specified in '%s'",
3006 err && *err ? *err : "", path);
3007#if defined(SSL_CTX_set_dh_auto)
3008 SSL_CTX_set_dh_auto(ctx, 1);
3009 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
3010 err && *err ? *err : "");
3011#else
3012 memprintf(err, "%s, DH ciphers won't be available.\n",
3013 err && *err ? *err : "");
3014#endif
3015 ret |= ERR_WARN;
3016 goto end;
3017 }
William Lallemandfa892222019-07-23 16:06:08 +02003018
3019 if (ssl_dh_ptr_index >= 0) {
3020 /* store a pointer to the DH params to avoid complaining about
3021 ssl-default-dh-param not being set for this SSL_CTX */
3022 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
3023 }
3024 }
3025 else if (global_dh) {
Emeric Bruna9363eb2019-10-17 14:53:03 +02003026 if (!SSL_CTX_set_tmp_dh(ctx, global_dh)) {
3027 memprintf(err, "%sunable to use the global DH parameter for certificate '%s'",
3028 err && *err ? *err : "", path);
3029#if defined(SSL_CTX_set_dh_auto)
3030 SSL_CTX_set_dh_auto(ctx, 1);
3031 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
3032 err && *err ? *err : "");
3033#else
3034 memprintf(err, "%s, DH ciphers won't be available.\n",
3035 err && *err ? *err : "");
3036#endif
3037 ret |= ERR_WARN;
3038 goto end;
3039 }
William Lallemandfa892222019-07-23 16:06:08 +02003040 }
3041 else {
3042 /* Clear openssl global errors stack */
3043 ERR_clear_error();
3044
3045 if (global_ssl.default_dh_param <= 1024) {
3046 /* we are limited to DH parameter of 1024 bits anyway */
3047 if (local_dh_1024 == NULL)
3048 local_dh_1024 = ssl_get_dh_1024();
3049
Emeric Brun7a883362019-10-17 13:27:40 +02003050 if (local_dh_1024 == NULL) {
3051 memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
3052 err && *err ? *err : "", path);
3053 ret |= ERR_ALERT | ERR_FATAL;
William Lallemandfa892222019-07-23 16:06:08 +02003054 goto end;
Emeric Brun7a883362019-10-17 13:27:40 +02003055 }
William Lallemandfa892222019-07-23 16:06:08 +02003056
Emeric Bruna9363eb2019-10-17 14:53:03 +02003057 if (!SSL_CTX_set_tmp_dh(ctx, local_dh_1024)) {
3058 memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
3059 err && *err ? *err : "", path);
3060#if defined(SSL_CTX_set_dh_auto)
3061 SSL_CTX_set_dh_auto(ctx, 1);
3062 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
3063 err && *err ? *err : "");
3064#else
3065 memprintf(err, "%s, DH ciphers won't be available.\n",
3066 err && *err ? *err : "");
3067#endif
3068 ret |= ERR_WARN;
3069 goto end;
3070 }
William Lallemandfa892222019-07-23 16:06:08 +02003071 }
3072 else {
3073 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
3074 }
William Lallemandfa892222019-07-23 16:06:08 +02003075 }
3076
3077end:
William Lallemandfa892222019-07-23 16:06:08 +02003078 return ret;
3079}
3080#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05003081
yanbzhu488a4d22015-12-01 15:16:07 -05003082/* Frees the contents of a cert_key_and_chain
3083 */
3084static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
3085{
yanbzhu488a4d22015-12-01 15:16:07 -05003086 if (!ckch)
3087 return;
3088
3089 /* Free the certificate and set pointer to NULL */
3090 if (ckch->cert)
3091 X509_free(ckch->cert);
3092 ckch->cert = NULL;
3093
3094 /* Free the key and set pointer to NULL */
3095 if (ckch->key)
3096 EVP_PKEY_free(ckch->key);
3097 ckch->key = NULL;
3098
3099 /* Free each certificate in the chain */
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01003100 if (ckch->chain)
3101 sk_X509_pop_free(ckch->chain, X509_free);
3102 ckch->chain = NULL;
yanbzhu488a4d22015-12-01 15:16:07 -05003103
William Lallemand455af502019-10-17 18:04:45 +02003104 if (ckch->dh)
3105 DH_free(ckch->dh);
3106 ckch->dh = NULL;
3107
3108 if (ckch->sctl) {
3109 free(ckch->sctl->area);
3110 ckch->sctl->area = NULL;
3111 free(ckch->sctl);
3112 ckch->sctl = NULL;
3113 }
3114
3115 if (ckch->ocsp_response) {
3116 free(ckch->ocsp_response->area);
3117 ckch->ocsp_response->area = NULL;
3118 free(ckch->ocsp_response);
3119 ckch->ocsp_response = NULL;
3120 }
yanbzhu488a4d22015-12-01 15:16:07 -05003121}
3122
William Lallemand8d0f8932019-10-17 18:03:58 +02003123/*
3124 *
3125 * This function copy a cert_key_and_chain in memory
3126 *
3127 * It's used to try to apply changes on a ckch before committing them, because
3128 * most of the time it's not possible to revert those changes
3129 *
3130 * Return a the dst or NULL
3131 */
3132static struct cert_key_and_chain *ssl_sock_copy_cert_key_and_chain(struct cert_key_and_chain *src,
3133 struct cert_key_and_chain *dst)
3134{
3135 if (src->cert) {
3136 dst->cert = src->cert;
3137 X509_up_ref(src->cert);
3138 }
3139
3140 if (src->key) {
3141 dst->key = src->key;
3142 EVP_PKEY_up_ref(src->key);
3143 }
3144
3145 if (src->chain) {
3146 dst->chain = X509_chain_up_ref(src->chain);
3147 }
3148
3149 if (src->dh) {
3150 DH_up_ref(src->dh);
3151 dst->dh = src->dh;
3152 }
3153
3154 if (src->sctl) {
3155 struct buffer *sctl;
3156
3157 sctl = calloc(1, sizeof(*sctl));
3158 if (!chunk_dup(sctl, src->sctl)) {
3159 free(sctl);
3160 sctl = NULL;
3161 goto error;
3162 }
3163 dst->sctl = sctl;
3164 }
3165
3166 if (src->ocsp_response) {
3167 struct buffer *ocsp_response;
3168
3169 ocsp_response = calloc(1, sizeof(*ocsp_response));
3170 if (!chunk_dup(ocsp_response, src->ocsp_response)) {
3171 free(ocsp_response);
3172 ocsp_response = NULL;
3173 goto error;
3174 }
3175 dst->ocsp_response = ocsp_response;
3176 }
3177
3178 if (src->ocsp_issuer) {
3179 X509_up_ref(src->ocsp_issuer);
3180 dst->ocsp_issuer = src->ocsp_issuer;
3181 }
3182
3183 return dst;
3184
3185error:
3186
3187 /* free everything */
3188 ssl_sock_free_cert_key_and_chain_contents(dst);
3189
3190 return NULL;
3191}
3192
3193
yanbzhu488a4d22015-12-01 15:16:07 -05003194/* checks if a key and cert exists in the ckch
3195 */
William Lallemand1633e392019-09-30 12:58:13 +02003196#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu488a4d22015-12-01 15:16:07 -05003197static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
3198{
3199 return (ckch->cert != NULL && ckch->key != NULL);
3200}
William Lallemand1633e392019-09-30 12:58:13 +02003201#endif
yanbzhu488a4d22015-12-01 15:16:07 -05003202
William Lallemandf9568fc2019-10-16 18:27:58 +02003203/*
3204 * return 0 on success or != 0 on failure
3205 */
3206static int ssl_sock_load_issuer_file_into_ckch(const char *path, char *buf, struct cert_key_and_chain *ckch, char **err)
3207{
3208 int ret = 1;
3209 BIO *in = NULL;
3210 X509 *issuer;
3211
3212 if (buf) {
3213 /* reading from a buffer */
3214 in = BIO_new_mem_buf(buf, -1);
3215 if (in == NULL) {
3216 memprintf(err, "%sCan't allocate memory\n", err && *err ? *err : "");
3217 goto end;
3218 }
3219
3220 } else {
3221 /* reading from a file */
3222 in = BIO_new(BIO_s_file());
3223 if (in == NULL)
3224 goto end;
3225
3226 if (BIO_read_filename(in, path) <= 0)
3227 goto end;
3228 }
3229
3230 issuer = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
3231 if (!issuer) {
3232 memprintf(err, "%s'%s' cannot be read or parsed'.\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01003233 err && *err ? *err : "", path);
William Lallemandf9568fc2019-10-16 18:27:58 +02003234 goto end;
3235 }
3236 ret = 0;
3237 ckch->ocsp_issuer = issuer;
3238
3239end:
3240
3241 ERR_clear_error();
3242 if (in)
3243 BIO_free(in);
3244
3245 return ret;
3246}
3247
William Lallemand96a9c972019-10-17 11:56:17 +02003248
3249/*
3250 * Try to load a PEM file from a <path> or a buffer <buf>
3251 * The PEM must contain at least a Private Key and a Certificate,
3252 * It could contain a DH and a certificate chain.
yanbzhu488a4d22015-12-01 15:16:07 -05003253 *
William Lallemand96a9c972019-10-17 11:56:17 +02003254 * If it failed you should not attempt to use the ckch but free it.
3255 *
3256 * Return 0 on success or != 0 on failure
yanbzhu488a4d22015-12-01 15:16:07 -05003257 */
William Lallemand96a9c972019-10-17 11:56:17 +02003258static int ssl_sock_load_pem_into_ckch(const char *path, char *buf, struct cert_key_and_chain *ckch , char **err)
yanbzhu488a4d22015-12-01 15:16:07 -05003259{
William Lallemandf11365b2019-09-19 14:25:58 +02003260 BIO *in = NULL;
yanbzhu488a4d22015-12-01 15:16:07 -05003261 int ret = 1;
Emmanuel Hocdet83cbd3c2019-10-25 11:55:03 +02003262 X509 *ca;
William Lallemand96a9c972019-10-17 11:56:17 +02003263 X509 *cert = NULL;
3264 EVP_PKEY *key = NULL;
3265 DH *dh;
3266
3267 if (buf) {
3268 /* reading from a buffer */
3269 in = BIO_new_mem_buf(buf, -1);
3270 if (in == NULL) {
3271 memprintf(err, "%sCan't allocate memory\n", err && *err ? *err : "");
3272 goto end;
3273 }
yanbzhu488a4d22015-12-01 15:16:07 -05003274
William Lallemand96a9c972019-10-17 11:56:17 +02003275 } else {
3276 /* reading from a file */
William Lallemandf11365b2019-09-19 14:25:58 +02003277 in = BIO_new(BIO_s_file());
3278 if (in == NULL)
3279 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003280
William Lallemandf11365b2019-09-19 14:25:58 +02003281 if (BIO_read_filename(in, path) <= 0)
3282 goto end;
William Lallemandf11365b2019-09-19 14:25:58 +02003283 }
yanbzhu488a4d22015-12-01 15:16:07 -05003284
yanbzhu488a4d22015-12-01 15:16:07 -05003285 /* Read Private Key */
William Lallemand96a9c972019-10-17 11:56:17 +02003286 key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
3287 if (key == NULL) {
yanbzhu488a4d22015-12-01 15:16:07 -05003288 memprintf(err, "%sunable to load private key from file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003289 err && *err ? *err : "", path);
yanbzhu488a4d22015-12-01 15:16:07 -05003290 goto end;
3291 }
3292
Emmanuel Hocdet54227d82019-07-30 17:04:01 +02003293#ifndef OPENSSL_NO_DH
William Lallemandfa892222019-07-23 16:06:08 +02003294 /* Seek back to beginning of file */
3295 if (BIO_reset(in) == -1) {
3296 memprintf(err, "%san error occurred while reading the file '%s'.\n",
3297 err && *err ? *err : "", path);
3298 goto end;
3299 }
3300
William Lallemand96a9c972019-10-17 11:56:17 +02003301 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
3302 /* no need to return an error there, dh is not mandatory */
3303
3304 if (dh) {
3305 if (ckch->dh)
3306 DH_free(ckch->dh);
3307 ckch->dh = dh;
3308 }
3309
Emmanuel Hocdet54227d82019-07-30 17:04:01 +02003310#endif
William Lallemandfa892222019-07-23 16:06:08 +02003311
Willy Tarreaubb137a82016-04-06 19:02:38 +02003312 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02003313 if (BIO_reset(in) == -1) {
3314 memprintf(err, "%san error occurred while reading the file '%s'.\n",
3315 err && *err ? *err : "", path);
3316 goto end;
3317 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02003318
3319 /* Read Certificate */
William Lallemand96a9c972019-10-17 11:56:17 +02003320 cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
3321 if (cert == NULL) {
Willy Tarreaubb137a82016-04-06 19:02:38 +02003322 memprintf(err, "%sunable to load certificate from file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003323 err && *err ? *err : "", path);
Willy Tarreaubb137a82016-04-06 19:02:38 +02003324 goto end;
3325 }
3326
William Lallemand96a9c972019-10-17 11:56:17 +02003327 if (!X509_check_private_key(cert, key)) {
Emmanuel Hocdet03e09f32019-07-30 14:21:25 +02003328 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003329 err && *err ? *err : "", path);
Emmanuel Hocdet03e09f32019-07-30 14:21:25 +02003330 goto end;
3331 }
3332
William Lallemand96a9c972019-10-17 11:56:17 +02003333 /* Key and Cert are good, we can use them in the ckch */
3334 if (ckch->key) /* free the previous key */
3335 EVP_PKEY_free(ckch->key);
3336 ckch->key = key;
Emmanuel Hocdet83cbd3c2019-10-25 11:55:03 +02003337 key = NULL;
William Lallemand96a9c972019-10-17 11:56:17 +02003338
3339 if (ckch->cert) /* free the previous cert */
3340 X509_free(ckch->cert);
3341 ckch->cert = cert;
Emmanuel Hocdet83cbd3c2019-10-25 11:55:03 +02003342 cert = NULL;
William Lallemand96a9c972019-10-17 11:56:17 +02003343
3344 /* Look for a Certificate Chain */
3345 ca = PEM_read_bio_X509(in, NULL, NULL, NULL);
3346 if (ca) {
3347 /* there is a chain a in the PEM, clean the previous one in the CKCH */
3348 if (ckch->chain) /* free the previous chain */
3349 sk_X509_pop_free(ckch->chain, X509_free);
3350 ckch->chain = sk_X509_new_null();
3351 if (!sk_X509_push(ckch->chain, ca)) {
3352 X509_free(ca);
3353 goto end;
3354 }
3355 }
3356 /* look for other crt in the chain */
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01003357 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL)))
3358 if (!sk_X509_push(ckch->chain, ca)) {
3359 X509_free(ca);
3360 goto end;
3361 }
yanbzhu488a4d22015-12-01 15:16:07 -05003362
Emmanuel Hocdeted17f472019-10-24 18:28:33 +02003363 /* no chain */
3364 if (ckch->chain == NULL) {
3365 ckch->chain = sk_X509_new_null();
3366 }
3367
yanbzhu488a4d22015-12-01 15:16:07 -05003368 ret = ERR_get_error();
3369 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
3370 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
William Lallemand96a9c972019-10-17 11:56:17 +02003371 err && *err ? *err : "", path);
yanbzhu488a4d22015-12-01 15:16:07 -05003372 goto end;
William Lallemand246c0242019-10-11 08:59:13 +02003373 }
3374
3375 ret = 0;
3376
William Lallemand96a9c972019-10-17 11:56:17 +02003377end:
William Lallemand246c0242019-10-11 08:59:13 +02003378
3379 ERR_clear_error();
William Lallemand96a9c972019-10-17 11:56:17 +02003380 if (in)
William Lallemand246c0242019-10-11 08:59:13 +02003381 BIO_free(in);
Emmanuel Hocdet83cbd3c2019-10-25 11:55:03 +02003382 if (key)
3383 EVP_PKEY_free(key);
3384 if (cert)
3385 X509_free(cert);
William Lallemanda17f4112019-10-10 15:16:44 +02003386
William Lallemand96a9c972019-10-17 11:56:17 +02003387 return ret;
3388}
3389
3390/*
3391 * Try to load in a ckch every files related to a ckch.
3392 * (PEM, sctl, ocsp, issuer etc.)
3393 *
3394 * This function is only used to load files during the configuration parsing,
3395 * it is not used with the CLI.
3396 *
3397 * This allows us to carry the contents of the file without having to read the
3398 * file multiple times. The caller must call
3399 * ssl_sock_free_cert_key_and_chain_contents.
3400 *
3401 * returns:
3402 * 0 on Success
3403 * 1 on SSL Failure
3404 */
3405static int ssl_sock_load_files_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
3406{
3407 int ret = 1;
3408
3409 /* try to load the PEM */
3410 if (ssl_sock_load_pem_into_ckch(path, NULL, ckch , err) != 0) {
3411 goto end;
3412 }
3413
William Lallemanda17f4112019-10-10 15:16:44 +02003414#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
3415 /* try to load the sctl file */
3416 {
3417 char fp[MAXPATHLEN+1];
3418 struct stat st;
3419
3420 snprintf(fp, MAXPATHLEN+1, "%s.sctl", path);
3421 if (stat(fp, &st) == 0) {
William Lallemand0dfae6c2019-10-16 18:06:58 +02003422 if (ssl_sock_load_sctl_from_file(fp, NULL, ckch, err)) {
William Lallemanda17f4112019-10-10 15:16:44 +02003423 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01003424 err && *err ? *err : "", fp);
William Lallemanda17f4112019-10-10 15:16:44 +02003425 ret = 1;
3426 goto end;
3427 }
3428 }
3429 }
3430#endif
yanbzhu488a4d22015-12-01 15:16:07 -05003431
William Lallemand246c0242019-10-11 08:59:13 +02003432 /* try to load an ocsp response file */
3433 {
3434 char fp[MAXPATHLEN+1];
3435 struct stat st;
3436
3437 snprintf(fp, MAXPATHLEN+1, "%s.ocsp", path);
3438 if (stat(fp, &st) == 0) {
William Lallemand3b5f3602019-10-16 18:05:05 +02003439 if (ssl_sock_load_ocsp_response_from_file(fp, NULL, ckch, err)) {
William Lallemand246c0242019-10-11 08:59:13 +02003440 ret = 1;
3441 goto end;
3442 }
3443 }
3444 }
3445
Emmanuel Hocdeteaad5cc2019-10-25 12:19:00 +02003446#ifndef OPENSSL_IS_BORINGSSL /* Useless for BoringSSL */
William Lallemand246c0242019-10-11 08:59:13 +02003447 if (ckch->ocsp_response) {
3448 X509 *issuer;
3449 int i;
3450
3451 /* check if one of the certificate of the chain is the issuer */
3452 for (i = 0; i < sk_X509_num(ckch->chain); i++) {
3453 issuer = sk_X509_value(ckch->chain, i);
3454 if (X509_check_issued(issuer, ckch->cert) == X509_V_OK) {
3455 ckch->ocsp_issuer = issuer;
3456 break;
3457 } else
3458 issuer = NULL;
3459 }
3460
3461 /* if no issuer was found, try to load an issuer from the .issuer */
3462 if (!issuer) {
3463 struct stat st;
3464 char fp[MAXPATHLEN+1];
3465
3466 snprintf(fp, MAXPATHLEN+1, "%s.issuer", path);
3467 if (stat(fp, &st) == 0) {
William Lallemandf9568fc2019-10-16 18:27:58 +02003468 if (ssl_sock_load_issuer_file_into_ckch(fp, NULL, ckch, err)) {
William Lallemand246c0242019-10-11 08:59:13 +02003469 ret = 1;
3470 goto end;
3471 }
3472
3473 if (X509_check_issued(ckch->ocsp_issuer, ckch->cert) != X509_V_OK) {
William Lallemand786188f2019-10-15 10:05:37 +02003474 memprintf(err, "%s '%s' is not an issuer'.\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01003475 err && *err ? *err : "", fp);
William Lallemand246c0242019-10-11 08:59:13 +02003476 ret = 1;
3477 goto end;
3478 }
3479 } else {
3480 memprintf(err, "%sNo issuer found, cannot use the OCSP response'.\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01003481 err && *err ? *err : "");
William Lallemand246c0242019-10-11 08:59:13 +02003482 ret = 1;
3483 goto end;
3484 }
3485 }
3486 }
Emmanuel Hocdeteaad5cc2019-10-25 12:19:00 +02003487#endif
William Lallemand246c0242019-10-11 08:59:13 +02003488
yanbzhu488a4d22015-12-01 15:16:07 -05003489 ret = 0;
3490
3491end:
3492
3493 ERR_clear_error();
yanbzhu488a4d22015-12-01 15:16:07 -05003494
3495 /* Something went wrong in one of the reads */
3496 if (ret != 0)
3497 ssl_sock_free_cert_key_and_chain_contents(ckch);
3498
3499 return ret;
3500}
3501
3502/* Loads the info in ckch into ctx
Emeric Bruna96b5822019-10-17 13:25:14 +02003503 * Returns a bitfield containing the flags:
3504 * ERR_FATAL in any fatal error case
3505 * ERR_ALERT if the reason of the error is available in err
3506 * ERR_WARN if a warning is available into err
3507 * The value 0 means there is no error nor warning and
3508 * the operation succeed.
yanbzhu488a4d22015-12-01 15:16:07 -05003509 */
3510static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
3511{
Emeric Bruna96b5822019-10-17 13:25:14 +02003512 int errcode = 0;
3513
yanbzhu488a4d22015-12-01 15:16:07 -05003514 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
3515 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
3516 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003517 errcode |= ERR_ALERT | ERR_FATAL;
3518 return errcode;
yanbzhu488a4d22015-12-01 15:16:07 -05003519 }
3520
3521 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
3522 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
3523 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003524 errcode |= ERR_ALERT | ERR_FATAL;
3525 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003526 }
3527
yanbzhu488a4d22015-12-01 15:16:07 -05003528 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003529#ifdef SSL_CTX_set1_chain
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01003530 if (!SSL_CTX_set1_chain(ctx, ckch->chain)) {
3531 memprintf(err, "%sunable to load chain certificate into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
3532 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003533 errcode |= ERR_ALERT | ERR_FATAL;
3534 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003535 }
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003536#else
3537 { /* legacy compat (< openssl 1.0.2) */
3538 X509 *ca;
Emmanuel Hocdet140b64f2019-10-24 18:33:10 +02003539 STACK_OF(X509) *chain;
3540 chain = X509_chain_up_ref(ckch->chain);
3541 while ((ca = sk_X509_shift(chain)))
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003542 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3543 memprintf(err, "%sunable to load chain certificate into SSL Context '%s'.\n",
3544 err && *err ? *err : "", path);
3545 X509_free(ca);
Emmanuel Hocdet140b64f2019-10-24 18:33:10 +02003546 sk_X509_pop_free(chain, X509_free);
Emeric Bruna96b5822019-10-17 13:25:14 +02003547 errcode |= ERR_ALERT | ERR_FATAL;
3548 goto end;
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003549 }
3550 }
3551#endif
yanbzhu488a4d22015-12-01 15:16:07 -05003552
William Lallemandfa892222019-07-23 16:06:08 +02003553#ifndef OPENSSL_NO_DH
3554 /* store a NULL pointer to indicate we have not yet loaded
3555 a custom DH param file */
3556 if (ssl_dh_ptr_index >= 0) {
3557 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3558 }
3559
Emeric Brun7a883362019-10-17 13:27:40 +02003560 errcode |= ssl_sock_load_dh_params(ctx, ckch, path, err);
3561 if (errcode & ERR_CODE) {
William Lallemandfa892222019-07-23 16:06:08 +02003562 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3563 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003564 goto end;
William Lallemandfa892222019-07-23 16:06:08 +02003565 }
3566#endif
3567
William Lallemanda17f4112019-10-10 15:16:44 +02003568#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
3569 if (sctl_ex_index >= 0 && ckch->sctl) {
3570 if (ssl_sock_load_sctl(ctx, ckch->sctl) < 0) {
3571 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01003572 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003573 errcode |= ERR_ALERT | ERR_FATAL;
3574 goto end;
William Lallemanda17f4112019-10-10 15:16:44 +02003575 }
3576 }
3577#endif
3578
William Lallemand4a660132019-10-14 14:51:41 +02003579#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
William Lallemand246c0242019-10-11 08:59:13 +02003580 /* Load OCSP Info into context */
3581 if (ckch->ocsp_response) {
3582 if (ssl_sock_load_ocsp(ctx, ckch) < 0) {
Tim Duesterhus93128532019-11-23 23:45:10 +01003583 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3584 err && *err ? *err : "", path);
Emeric Bruna96b5822019-10-17 13:25:14 +02003585 errcode |= ERR_ALERT | ERR_FATAL;
3586 goto end;
William Lallemand246c0242019-10-11 08:59:13 +02003587 }
3588 }
William Lallemand246c0242019-10-11 08:59:13 +02003589#endif
3590
Emeric Bruna96b5822019-10-17 13:25:14 +02003591 end:
3592 return errcode;
yanbzhu488a4d22015-12-01 15:16:07 -05003593}
3594
William Lallemandc4ecddf2019-07-31 16:50:08 +02003595#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu08ce6ab2015-12-02 13:01:29 -05003596
William Lallemand28a8fce2019-10-04 17:36:55 +02003597static int ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003598{
3599 struct sni_keytype *s_kt = NULL;
3600 struct ebmb_node *node;
3601 int i;
3602
3603 for (i = 0; i < trash.size; i++) {
3604 if (!str[i])
3605 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003606 trash.area[i] = tolower(str[i]);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003607 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003608 trash.area[i] = 0;
3609 node = ebst_lookup(sni_keytypes, trash.area);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003610 if (!node) {
3611 /* CN not found in tree */
3612 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
3613 /* Using memcpy here instead of strncpy.
3614 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
3615 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
3616 */
William Lallemand28a8fce2019-10-04 17:36:55 +02003617 if (!s_kt)
3618 return -1;
3619
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003620 memcpy(s_kt->name.key, trash.area, i+1);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003621 s_kt->keytypes = 0;
3622 ebst_insert(sni_keytypes, &s_kt->name);
3623 } else {
3624 /* CN found in tree */
3625 s_kt = container_of(node, struct sni_keytype, name);
3626 }
3627
3628 /* Mark that this CN has the keytype of key_index via keytypes mask */
3629 s_kt->keytypes |= 1<<key_index;
3630
William Lallemand28a8fce2019-10-04 17:36:55 +02003631 return 0;
3632
yanbzhu08ce6ab2015-12-02 13:01:29 -05003633}
3634
William Lallemandc4ecddf2019-07-31 16:50:08 +02003635#endif
William Lallemand8c1cdde2019-10-18 10:58:14 +02003636/*
3637 * Free a ckch_store and its ckch(s)
3638 * The linked ckch_inst are not free'd
3639 */
3640void ckchs_free(struct ckch_store *ckchs)
3641{
3642 if (!ckchs)
3643 return;
3644
3645#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3646 if (ckchs->multi) {
3647 int n;
3648
3649 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
3650 ssl_sock_free_cert_key_and_chain_contents(&ckchs->ckch[n]);
3651 } else
3652#endif
3653 {
3654 ssl_sock_free_cert_key_and_chain_contents(ckchs->ckch);
3655 ckchs->ckch = NULL;
3656 }
3657
3658 free(ckchs);
3659}
3660
3661/* allocate and duplicate a ckch_store
3662 * Return a new ckch_store or NULL */
3663static struct ckch_store *ckchs_dup(const struct ckch_store *src)
3664{
3665 struct ckch_store *dst;
3666 int pathlen;
3667
3668 pathlen = strlen(src->path);
3669 dst = calloc(1, sizeof(*dst) + pathlen + 1);
3670 if (!dst)
3671 return NULL;
3672 /* copy previous key */
3673 memcpy(dst->path, src->path, pathlen + 1);
3674 dst->multi = src->multi;
3675 LIST_INIT(&dst->ckch_inst);
3676
3677 dst->ckch = calloc((src->multi ? SSL_SOCK_NUM_KEYTYPES : 1), sizeof(*dst->ckch));
3678 if (!dst->ckch)
3679 goto error;
3680
3681#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3682 if (src->multi) {
3683 int n;
3684
3685 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3686 if (&src->ckch[n]) {
3687 if (!ssl_sock_copy_cert_key_and_chain(&src->ckch[n], &dst->ckch[n]))
3688 goto error;
3689 }
3690 }
3691 } else
3692#endif
3693 {
3694 if (!ssl_sock_copy_cert_key_and_chain(src->ckch, dst->ckch))
3695 goto error;
3696 }
3697
3698 return dst;
3699
3700error:
3701 ckchs_free(dst);
3702
3703 return NULL;
3704}
William Lallemandc4ecddf2019-07-31 16:50:08 +02003705
William Lallemand36b84632019-07-18 19:28:17 +02003706/*
William Lallemande3af8fb2019-10-08 11:36:53 +02003707 * lookup a path into the ckchs tree.
William Lallemand6af03992019-07-23 15:00:54 +02003708 */
William Lallemande3af8fb2019-10-08 11:36:53 +02003709static inline struct ckch_store *ckchs_lookup(char *path)
William Lallemand6af03992019-07-23 15:00:54 +02003710{
3711 struct ebmb_node *eb;
3712
William Lallemande3af8fb2019-10-08 11:36:53 +02003713 eb = ebst_lookup(&ckchs_tree, path);
William Lallemand6af03992019-07-23 15:00:54 +02003714 if (!eb)
3715 return NULL;
3716
William Lallemande3af8fb2019-10-08 11:36:53 +02003717 return ebmb_entry(eb, struct ckch_store, node);
William Lallemand6af03992019-07-23 15:00:54 +02003718}
3719
3720/*
William Lallemande3af8fb2019-10-08 11:36:53 +02003721 * This function allocate a ckch_store and populate it with certificates from files.
William Lallemand36b84632019-07-18 19:28:17 +02003722 */
William Lallemande3af8fb2019-10-08 11:36:53 +02003723static struct ckch_store *ckchs_load_cert_file(char *path, int multi, char **err)
William Lallemand36b84632019-07-18 19:28:17 +02003724{
William Lallemande3af8fb2019-10-08 11:36:53 +02003725 struct ckch_store *ckchs;
William Lallemand36b84632019-07-18 19:28:17 +02003726
William Lallemande3af8fb2019-10-08 11:36:53 +02003727 ckchs = calloc(1, sizeof(*ckchs) + strlen(path) + 1);
3728 if (!ckchs) {
William Lallemand36b84632019-07-18 19:28:17 +02003729 memprintf(err, "%sunable to allocate memory.\n", err && *err ? *err : "");
3730 goto end;
3731 }
William Lallemande3af8fb2019-10-08 11:36:53 +02003732 ckchs->ckch = calloc(1, sizeof(*ckchs->ckch) * (multi ? SSL_SOCK_NUM_KEYTYPES : 1));
William Lallemand36b84632019-07-18 19:28:17 +02003733
William Lallemande3af8fb2019-10-08 11:36:53 +02003734 if (!ckchs->ckch) {
William Lallemand36b84632019-07-18 19:28:17 +02003735 memprintf(err, "%sunable to allocate memory.\n", err && *err ? *err : "");
3736 goto end;
3737 }
3738
William Lallemand9117de92019-10-04 00:29:42 +02003739 LIST_INIT(&ckchs->ckch_inst);
3740
William Lallemand36b84632019-07-18 19:28:17 +02003741 if (!multi) {
3742
William Lallemand96a9c972019-10-17 11:56:17 +02003743 if (ssl_sock_load_files_into_ckch(path, ckchs->ckch, err) == 1)
William Lallemand36b84632019-07-18 19:28:17 +02003744 goto end;
3745
William Lallemande3af8fb2019-10-08 11:36:53 +02003746 /* insert into the ckchs tree */
3747 memcpy(ckchs->path, path, strlen(path) + 1);
3748 ebst_insert(&ckchs_tree, &ckchs->node);
William Lallemand36b84632019-07-18 19:28:17 +02003749 } else {
3750 int found = 0;
William Lallemandc4ecddf2019-07-31 16:50:08 +02003751#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3752 char fp[MAXPATHLEN+1] = {0};
3753 int n = 0;
William Lallemand36b84632019-07-18 19:28:17 +02003754
3755 /* Load all possible certs and keys */
3756 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3757 struct stat buf;
3758 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3759 if (stat(fp, &buf) == 0) {
William Lallemand96a9c972019-10-17 11:56:17 +02003760 if (ssl_sock_load_files_into_ckch(fp, &ckchs->ckch[n], err) == 1)
William Lallemand36b84632019-07-18 19:28:17 +02003761 goto end;
3762 found = 1;
William Lallemande3af8fb2019-10-08 11:36:53 +02003763 ckchs->multi = 1;
William Lallemand36b84632019-07-18 19:28:17 +02003764 }
3765 }
William Lallemandc4ecddf2019-07-31 16:50:08 +02003766#endif
William Lallemand36b84632019-07-18 19:28:17 +02003767
3768 if (!found) {
William Lallemand6e5f2ce2019-08-01 14:43:20 +02003769 memprintf(err, "%sDidn't find any certificate for bundle '%s'.\n", err && *err ? *err : "", path);
William Lallemand36b84632019-07-18 19:28:17 +02003770 goto end;
3771 }
William Lallemande3af8fb2019-10-08 11:36:53 +02003772 /* insert into the ckchs tree */
3773 memcpy(ckchs->path, path, strlen(path) + 1);
3774 ebst_insert(&ckchs_tree, &ckchs->node);
William Lallemand36b84632019-07-18 19:28:17 +02003775 }
William Lallemande3af8fb2019-10-08 11:36:53 +02003776 return ckchs;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003777
William Lallemand36b84632019-07-18 19:28:17 +02003778end:
William Lallemande3af8fb2019-10-08 11:36:53 +02003779 if (ckchs) {
3780 free(ckchs->ckch);
3781 ebmb_delete(&ckchs->node);
William Lallemand6af03992019-07-23 15:00:54 +02003782 }
3783
William Lallemande3af8fb2019-10-08 11:36:53 +02003784 free(ckchs);
William Lallemand36b84632019-07-18 19:28:17 +02003785
3786 return NULL;
3787}
3788
William Lallemandc4ecddf2019-07-31 16:50:08 +02003789#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3790
William Lallemand36b84632019-07-18 19:28:17 +02003791/*
William Lallemande3af8fb2019-10-08 11:36:53 +02003792 * Take a ckch_store which contains a multi-certificate bundle.
William Lallemand36b84632019-07-18 19:28:17 +02003793 * Group these certificates into a set of SSL_CTX*
yanbzhu08ce6ab2015-12-02 13:01:29 -05003794 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
3795 *
Joseph Herlant017b3da2018-11-15 09:07:59 -08003796 * This will allow the user to explicitly group multiple cert/keys for a single purpose
yanbzhu08ce6ab2015-12-02 13:01:29 -05003797 *
Emeric Brun054563d2019-10-17 13:16:58 +02003798 * Returns a bitfield containing the flags:
3799 * ERR_FATAL in any fatal error case
3800 * ERR_ALERT if the reason of the error is available in err
3801 * ERR_WARN if a warning is available into err
William Lallemand36b84632019-07-18 19:28:17 +02003802 *
yanbzhu08ce6ab2015-12-02 13:01:29 -05003803 */
Emeric Brun054563d2019-10-17 13:16:58 +02003804static int ckch_inst_new_load_multi_store(const char *path, struct ckch_store *ckchs,
3805 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3806 char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003807{
William Lallemand36b84632019-07-18 19:28:17 +02003808 int i = 0, n = 0;
3809 struct cert_key_and_chain *certs_and_keys;
William Lallemand4b989f22019-10-04 18:36:55 +02003810 struct eb_root sni_keytypes_map = EB_ROOT;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003811 struct ebmb_node *node;
3812 struct ebmb_node *next;
3813 /* Array of SSL_CTX pointers corresponding to each possible combo
3814 * of keytypes
3815 */
3816 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
Emeric Brun054563d2019-10-17 13:16:58 +02003817 int errcode = 0;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003818 X509_NAME *xname = NULL;
3819 char *str = NULL;
3820#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3821 STACK_OF(GENERAL_NAME) *names = NULL;
3822#endif
William Lallemand614ca0d2019-10-07 13:52:11 +02003823 struct ckch_inst *ckch_inst;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003824
Emeric Brun054563d2019-10-17 13:16:58 +02003825 *ckchi = NULL;
3826
William Lallemande3af8fb2019-10-08 11:36:53 +02003827 if (!ckchs || !ckchs->ckch || !ckchs->multi) {
William Lallemand36b84632019-07-18 19:28:17 +02003828 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3829 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003830 return ERR_ALERT | ERR_FATAL;
William Lallemand614ca0d2019-10-07 13:52:11 +02003831 }
3832
3833 ckch_inst = ckch_inst_new();
3834 if (!ckch_inst) {
3835 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3836 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003837 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand614ca0d2019-10-07 13:52:11 +02003838 goto end;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003839 }
3840
William Lallemande3af8fb2019-10-08 11:36:53 +02003841 certs_and_keys = ckchs->ckch;
William Lallemand36b84632019-07-18 19:28:17 +02003842
William Lallemand150bfa82019-09-19 17:12:49 +02003843 /* at least one of the instances is using filters during the config
3844 * parsing, that's ok to inherit this during loading on CLI */
William Lallemand920b0352019-12-04 15:33:01 +01003845 ckchs->filters |= !!fcount;
William Lallemand150bfa82019-09-19 17:12:49 +02003846
yanbzhu08ce6ab2015-12-02 13:01:29 -05003847 /* Process each ckch and update keytypes for each CN/SAN
3848 * for example, if CN/SAN www.a.com is associated with
3849 * certs with keytype 0 and 2, then at the end of the loop,
3850 * www.a.com will have:
3851 * keyindex = 0 | 1 | 4 = 5
3852 */
3853 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
William Lallemand28a8fce2019-10-04 17:36:55 +02003854 int ret;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003855
3856 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3857 continue;
3858
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003859 if (fcount) {
William Lallemand28a8fce2019-10-04 17:36:55 +02003860 for (i = 0; i < fcount; i++) {
3861 ret = ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3862 if (ret < 0) {
3863 memprintf(err, "%sunable to allocate SSL context.\n",
3864 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003865 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003866 goto end;
3867 }
3868 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003869 } else {
3870 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3871 * so the line that contains logic is marked via comments
3872 */
3873 xname = X509_get_subject_name(certs_and_keys[n].cert);
3874 i = -1;
3875 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3876 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003877 ASN1_STRING *value;
3878 value = X509_NAME_ENTRY_get_data(entry);
3879 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003880 /* Important line is here */
William Lallemand28a8fce2019-10-04 17:36:55 +02003881 ret = ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003882
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003883 OPENSSL_free(str);
3884 str = NULL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003885 if (ret < 0) {
3886 memprintf(err, "%sunable to allocate SSL context.\n",
3887 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003888 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003889 goto end;
3890 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003891 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003892 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003893
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003894 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003895#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003896 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3897 if (names) {
3898 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3899 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003900
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003901 if (name->type == GEN_DNS) {
3902 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3903 /* Important line is here */
William Lallemand28a8fce2019-10-04 17:36:55 +02003904 ret = ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003905
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003906 OPENSSL_free(str);
3907 str = NULL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003908 if (ret < 0) {
3909 memprintf(err, "%sunable to allocate SSL context.\n",
3910 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003911 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand28a8fce2019-10-04 17:36:55 +02003912 goto end;
3913 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003914 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003915 }
3916 }
3917 }
3918 }
3919#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3920 }
3921
3922 /* If no files found, return error */
3923 if (eb_is_empty(&sni_keytypes_map)) {
3924 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3925 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02003926 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003927 goto end;
3928 }
3929
3930 /* We now have a map of CN/SAN to keytypes that are loaded in
3931 * Iterate through the map to create the SSL_CTX's (if needed)
3932 * and add each CTX to the SNI tree
3933 *
3934 * Some math here:
Joseph Herlant017b3da2018-11-15 09:07:59 -08003935 * There are 2^n - 1 possible combinations, each unique
yanbzhu08ce6ab2015-12-02 13:01:29 -05003936 * combination is denoted by the key in the map. Each key
3937 * has a value between 1 and 2^n - 1. Conveniently, the array
3938 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3939 * entry in the array to correspond to the unique combo (key)
3940 * associated with i. This unique key combo (i) will be associated
3941 * with combos[i-1]
3942 */
3943
3944 node = ebmb_first(&sni_keytypes_map);
3945 while (node) {
3946 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003947 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003948 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003949
3950 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3951 i = container_of(node, struct sni_keytype, name)->keytypes;
3952 cur_ctx = key_combos[i-1].ctx;
3953
3954 if (cur_ctx == NULL) {
3955 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003956 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003957 if (cur_ctx == NULL) {
3958 memprintf(err, "%sunable to allocate SSL context.\n",
3959 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003960 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003961 goto end;
3962 }
3963
yanbzhube2774d2015-12-10 15:07:30 -05003964 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003965 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3966 if (i & (1<<n)) {
3967 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003968 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
Emeric Bruna96b5822019-10-17 13:25:14 +02003969 errcode |= ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err);
3970 if (errcode & ERR_CODE)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003971 goto end;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003972 }
3973 }
3974
yanbzhu08ce6ab2015-12-02 13:01:29 -05003975 /* Update key_combos */
3976 key_combos[i-1].ctx = cur_ctx;
3977 }
3978
3979 /* Update SNI Tree */
William Lallemand9117de92019-10-04 00:29:42 +02003980
William Lallemand1d29c742019-10-04 00:53:29 +02003981 key_combos[i-1].order = ckch_inst_add_cert_sni(cur_ctx, ckch_inst, bind_conf, ssl_conf,
William Lallemandfe49bb32019-10-03 23:46:33 +02003982 kinfo, str, key_combos[i-1].order);
3983 if (key_combos[i-1].order < 0) {
3984 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02003985 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandfe49bb32019-10-03 23:46:33 +02003986 goto end;
3987 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003988 node = ebmb_next(node);
3989 }
3990
3991
3992 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3993 if (!bind_conf->default_ctx) {
3994 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3995 if (key_combos[i].ctx) {
3996 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003997 bind_conf->default_ssl_conf = ssl_conf;
William Lallemand21724f02019-11-04 17:56:13 +01003998 ckch_inst->is_default = 1;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003999 break;
4000 }
4001 }
4002 }
4003
William Lallemand614ca0d2019-10-07 13:52:11 +02004004 ckch_inst->bind_conf = bind_conf;
William Lallemand150bfa82019-09-19 17:12:49 +02004005 ckch_inst->ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004006end:
4007
4008 if (names)
4009 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
4010
yanbzhu08ce6ab2015-12-02 13:01:29 -05004011 node = ebmb_first(&sni_keytypes_map);
4012 while (node) {
4013 next = ebmb_next(node);
4014 ebmb_delete(node);
William Lallemand8ed5b962019-10-04 17:24:39 +02004015 free(ebmb_entry(node, struct sni_keytype, name));
yanbzhu08ce6ab2015-12-02 13:01:29 -05004016 node = next;
4017 }
4018
Emeric Brun054563d2019-10-17 13:16:58 +02004019 if (errcode & ERR_CODE && ckch_inst) {
William Lallemand0c6d12f2019-10-04 18:38:51 +02004020 struct sni_ctx *sc0, *sc0b;
4021
4022 /* free the SSL_CTX in case of error */
4023 for (i = 0; i < SSL_SOCK_POSSIBLE_KT_COMBOS; i++) {
4024 if (key_combos[i].ctx)
4025 SSL_CTX_free(key_combos[i].ctx);
4026 }
4027
4028 /* free the sni_ctx in case of error */
4029 list_for_each_entry_safe(sc0, sc0b, &ckch_inst->sni_ctx, by_ckch_inst) {
4030
4031 ebmb_delete(&sc0->name);
4032 LIST_DEL(&sc0->by_ckch_inst);
4033 free(sc0);
4034 }
William Lallemand614ca0d2019-10-07 13:52:11 +02004035 free(ckch_inst);
4036 ckch_inst = NULL;
William Lallemand0c6d12f2019-10-04 18:38:51 +02004037 }
4038
Emeric Brun054563d2019-10-17 13:16:58 +02004039 *ckchi = ckch_inst;
4040 return errcode;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004041}
4042#else
4043/* This is a dummy, that just logs an error and returns error */
Emeric Brun054563d2019-10-17 13:16:58 +02004044static int ckch_inst_new_load_multi_store(const char *path, struct ckch_store *ckchs,
4045 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
4046 char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05004047{
4048 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
4049 err && *err ? *err : "", path, strerror(errno));
Emeric Brun054563d2019-10-17 13:16:58 +02004050 return ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004051}
4052
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004053#endif /* #if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
yanbzhu488a4d22015-12-01 15:16:07 -05004054
William Lallemand614ca0d2019-10-07 13:52:11 +02004055/*
4056 * This function allocate a ckch_inst and create its snis
Emeric Brun054563d2019-10-17 13:16:58 +02004057 *
4058 * Returns a bitfield containing the flags:
4059 * ERR_FATAL in any fatal error case
4060 * ERR_ALERT if the reason of the error is available in err
4061 * ERR_WARN if a warning is available into err
William Lallemand614ca0d2019-10-07 13:52:11 +02004062 */
Emeric Brun054563d2019-10-17 13:16:58 +02004063static int ckch_inst_new_load_store(const char *path, struct ckch_store *ckchs, struct bind_conf *bind_conf,
4064 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004065{
William Lallemandc9402072019-05-15 15:33:54 +02004066 SSL_CTX *ctx;
William Lallemandc9402072019-05-15 15:33:54 +02004067 int i;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004068 int order = 0;
4069 X509_NAME *xname;
4070 char *str;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01004071 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02004072 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Emeric Brunfc0421f2012-09-07 17:30:07 +02004073#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
4074 STACK_OF(GENERAL_NAME) *names;
4075#endif
William Lallemand36b84632019-07-18 19:28:17 +02004076 struct cert_key_and_chain *ckch;
William Lallemand614ca0d2019-10-07 13:52:11 +02004077 struct ckch_inst *ckch_inst = NULL;
Emeric Brun054563d2019-10-17 13:16:58 +02004078 int errcode = 0;
4079
4080 *ckchi = NULL;
William Lallemanda59191b2019-05-15 16:08:56 +02004081
William Lallemande3af8fb2019-10-08 11:36:53 +02004082 if (!ckchs || !ckchs->ckch)
Emeric Brun054563d2019-10-17 13:16:58 +02004083 return ERR_FATAL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004084
William Lallemande3af8fb2019-10-08 11:36:53 +02004085 ckch = ckchs->ckch;
William Lallemand36b84632019-07-18 19:28:17 +02004086
William Lallemand150bfa82019-09-19 17:12:49 +02004087 /* at least one of the instances is using filters during the config
4088 * parsing, that's ok to inherit this during loading on CLI */
William Lallemand920b0352019-12-04 15:33:01 +01004089 ckchs->filters |= !!fcount;
William Lallemand150bfa82019-09-19 17:12:49 +02004090
William Lallemandc9402072019-05-15 15:33:54 +02004091 ctx = SSL_CTX_new(SSLv23_server_method());
4092 if (!ctx) {
4093 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
4094 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02004095 errcode |= ERR_ALERT | ERR_FATAL;
4096 goto error;
William Lallemandc9402072019-05-15 15:33:54 +02004097 }
4098
Emeric Bruna96b5822019-10-17 13:25:14 +02004099 errcode |= ssl_sock_put_ckch_into_ctx(path, ckch, ctx, err);
4100 if (errcode & ERR_CODE)
William Lallemand614ca0d2019-10-07 13:52:11 +02004101 goto error;
William Lallemand614ca0d2019-10-07 13:52:11 +02004102
4103 ckch_inst = ckch_inst_new();
4104 if (!ckch_inst) {
4105 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
4106 err && *err ? *err : "", path);
Emeric Brun054563d2019-10-17 13:16:58 +02004107 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02004108 goto error;
William Lallemandc9402072019-05-15 15:33:54 +02004109 }
4110
William Lallemand36b84632019-07-18 19:28:17 +02004111 pkey = X509_get_pubkey(ckch->cert);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01004112 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02004113 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01004114 switch(EVP_PKEY_base_id(pkey)) {
4115 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02004116 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01004117 break;
4118 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02004119 kinfo.sig = TLSEXT_signature_ecdsa;
4120 break;
4121 case EVP_PKEY_DSA:
4122 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01004123 break;
4124 }
4125 EVP_PKEY_free(pkey);
4126 }
4127
Emeric Brun50bcecc2013-04-22 13:05:23 +02004128 if (fcount) {
William Lallemandfe49bb32019-10-03 23:46:33 +02004129 while (fcount--) {
William Lallemand1d29c742019-10-04 00:53:29 +02004130 order = ckch_inst_add_cert_sni(ctx, ckch_inst, bind_conf, ssl_conf, kinfo, sni_filter[fcount], order);
William Lallemandfe49bb32019-10-03 23:46:33 +02004131 if (order < 0) {
4132 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02004133 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02004134 goto error;
William Lallemandfe49bb32019-10-03 23:46:33 +02004135 }
4136 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004137 }
4138 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02004139#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
William Lallemand36b84632019-07-18 19:28:17 +02004140 names = X509_get_ext_d2i(ckch->cert, NID_subject_alt_name, NULL, NULL);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004141 if (names) {
4142 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
4143 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
4144 if (name->type == GEN_DNS) {
4145 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
William Lallemand1d29c742019-10-04 00:53:29 +02004146 order = ckch_inst_add_cert_sni(ctx, ckch_inst, bind_conf, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004147 OPENSSL_free(str);
William Lallemandfe49bb32019-10-03 23:46:33 +02004148 if (order < 0) {
4149 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02004150 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02004151 goto error;
William Lallemandfe49bb32019-10-03 23:46:33 +02004152 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004153 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004154 }
4155 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004156 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004157 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004158#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
William Lallemand36b84632019-07-18 19:28:17 +02004159 xname = X509_get_subject_name(ckch->cert);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004160 i = -1;
4161 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
4162 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02004163 ASN1_STRING *value;
4164
4165 value = X509_NAME_ENTRY_get_data(entry);
4166 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
William Lallemand1d29c742019-10-04 00:53:29 +02004167 order = ckch_inst_add_cert_sni(ctx, ckch_inst, bind_conf, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004168 OPENSSL_free(str);
William Lallemandfe49bb32019-10-03 23:46:33 +02004169 if (order < 0) {
4170 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02004171 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02004172 goto error;
William Lallemandfe49bb32019-10-03 23:46:33 +02004173 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004174 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004175 }
4176 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004177 /* we must not free the SSL_CTX anymore below, since it's already in
4178 * the tree, so it will be discovered and cleaned in time.
4179 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02004180
Emeric Brunfc0421f2012-09-07 17:30:07 +02004181#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004182 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02004183 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
4184 err && *err ? *err : "");
Emeric Brun054563d2019-10-17 13:16:58 +02004185 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemandd9199372019-10-04 15:37:05 +02004186 goto error;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004187 }
4188#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004189 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004190 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004191 bind_conf->default_ssl_conf = ssl_conf;
William Lallemand21724f02019-11-04 17:56:13 +01004192 ckch_inst->is_default = 1;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004193 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004194
William Lallemand9117de92019-10-04 00:29:42 +02004195 /* everything succeed, the ckch instance can be used */
4196 ckch_inst->bind_conf = bind_conf;
William Lallemand150bfa82019-09-19 17:12:49 +02004197 ckch_inst->ssl_conf = ssl_conf;
William Lallemand9117de92019-10-04 00:29:42 +02004198
Emeric Brun054563d2019-10-17 13:16:58 +02004199 *ckchi = ckch_inst;
4200 return errcode;
William Lallemandd9199372019-10-04 15:37:05 +02004201
4202error:
4203 /* free the allocated sni_ctxs */
William Lallemand614ca0d2019-10-07 13:52:11 +02004204 if (ckch_inst) {
William Lallemandd9199372019-10-04 15:37:05 +02004205 struct sni_ctx *sc0, *sc0b;
4206
4207 list_for_each_entry_safe(sc0, sc0b, &ckch_inst->sni_ctx, by_ckch_inst) {
4208
4209 ebmb_delete(&sc0->name);
4210 LIST_DEL(&sc0->by_ckch_inst);
4211 free(sc0);
4212 }
William Lallemand614ca0d2019-10-07 13:52:11 +02004213 free(ckch_inst);
4214 ckch_inst = NULL;
William Lallemandd9199372019-10-04 15:37:05 +02004215 }
4216 /* We only created 1 SSL_CTX so we can free it there */
4217 SSL_CTX_free(ctx);
4218
Emeric Brun054563d2019-10-17 13:16:58 +02004219 return errcode;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004220}
4221
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004222/* Returns a set of ERR_* flags possibly with an error in <err>. */
William Lallemand614ca0d2019-10-07 13:52:11 +02004223static int ssl_sock_load_ckchs(const char *path, struct ckch_store *ckchs,
4224 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
4225 char **sni_filter, int fcount, char **err)
4226{
4227 struct ckch_inst *ckch_inst = NULL;
Emeric Brun054563d2019-10-17 13:16:58 +02004228 int errcode = 0;
William Lallemand614ca0d2019-10-07 13:52:11 +02004229
4230 /* we found the ckchs in the tree, we can use it directly */
4231 if (ckchs->multi)
Emeric Brun054563d2019-10-17 13:16:58 +02004232 errcode |= ckch_inst_new_load_multi_store(path, ckchs, bind_conf, ssl_conf, sni_filter, fcount, &ckch_inst, err);
William Lallemand614ca0d2019-10-07 13:52:11 +02004233 else
Emeric Brun054563d2019-10-17 13:16:58 +02004234 errcode |= ckch_inst_new_load_store(path, ckchs, bind_conf, ssl_conf, sni_filter, fcount, &ckch_inst, err);
William Lallemand614ca0d2019-10-07 13:52:11 +02004235
Emeric Brun054563d2019-10-17 13:16:58 +02004236 if (errcode & ERR_CODE)
4237 return errcode;
William Lallemand614ca0d2019-10-07 13:52:11 +02004238
4239 ssl_sock_load_cert_sni(ckch_inst, bind_conf);
4240
4241 /* succeed, add the instance to the ckch_store's list of instance */
4242 LIST_ADDQ(&ckchs->ckch_inst, &ckch_inst->by_ckchs);
Emeric Brun054563d2019-10-17 13:16:58 +02004243 return errcode;
William Lallemand614ca0d2019-10-07 13:52:11 +02004244}
4245
4246
Willy Tarreaubbc91962019-10-16 16:42:19 +02004247/* Returns a set of ERR_* flags possibly with an error in <err>. */
Willy Tarreau03209342016-12-22 17:08:28 +01004248int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004249{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01004250 struct dirent **de_list;
4251 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004252 DIR *dir;
4253 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01004254 char *end;
4255 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02004256 int cfgerr = 0;
William Lallemande3af8fb2019-10-08 11:36:53 +02004257 struct ckch_store *ckchs;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004258#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05004259 int is_bundle;
4260 int j;
4261#endif
William Lallemande3af8fb2019-10-08 11:36:53 +02004262 if ((ckchs = ckchs_lookup(path))) {
William Lallemande3af8fb2019-10-08 11:36:53 +02004263 /* we found the ckchs in the tree, we can use it directly */
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004264 return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
William Lallemand6af03992019-07-23 15:00:54 +02004265 }
4266
yanbzhu08ce6ab2015-12-02 13:01:29 -05004267 if (stat(path, &buf) == 0) {
4268 dir = opendir(path);
William Lallemand36b84632019-07-18 19:28:17 +02004269 if (!dir) {
William Lallemande3af8fb2019-10-08 11:36:53 +02004270 ckchs = ckchs_load_cert_file(path, 0, err);
4271 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004272 return ERR_ALERT | ERR_FATAL;
4273
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004274 return ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
William Lallemand36b84632019-07-18 19:28:17 +02004275 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004276
yanbzhu08ce6ab2015-12-02 13:01:29 -05004277 /* strip trailing slashes, including first one */
4278 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
4279 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004280
yanbzhu08ce6ab2015-12-02 13:01:29 -05004281 n = scandir(path, &de_list, 0, alphasort);
4282 if (n < 0) {
4283 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
4284 err && *err ? *err : "", path, strerror(errno));
Willy Tarreaubbc91962019-10-16 16:42:19 +02004285 cfgerr |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004286 }
4287 else {
4288 for (i = 0; i < n; i++) {
4289 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02004290
yanbzhu08ce6ab2015-12-02 13:01:29 -05004291 end = strrchr(de->d_name, '.');
4292 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
4293 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01004294
yanbzhu08ce6ab2015-12-02 13:01:29 -05004295 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
4296 if (stat(fp, &buf) != 0) {
4297 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
4298 err && *err ? *err : "", fp, strerror(errno));
Willy Tarreaubbc91962019-10-16 16:42:19 +02004299 cfgerr |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05004300 goto ignore_entry;
4301 }
4302 if (!S_ISREG(buf.st_mode))
4303 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05004304
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004305#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05004306 is_bundle = 0;
4307 /* Check if current entry in directory is part of a multi-cert bundle */
4308
4309 if (end) {
4310 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
4311 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
4312 is_bundle = 1;
4313 break;
4314 }
4315 }
4316
4317 if (is_bundle) {
yanbzhu63ea8462015-12-09 13:35:14 -05004318 int dp_len;
4319
4320 dp_len = end - de->d_name;
yanbzhu63ea8462015-12-09 13:35:14 -05004321
4322 /* increment i and free de until we get to a non-bundle cert
4323 * Note here that we look at de_list[i + 1] before freeing de
Willy Tarreau05800522019-10-29 10:48:50 +01004324 * this is important since ignore_entry will free de. This also
4325 * guarantees that de->d_name continues to hold the same prefix.
yanbzhu63ea8462015-12-09 13:35:14 -05004326 */
Willy Tarreau05800522019-10-29 10:48:50 +01004327 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, de->d_name, dp_len)) {
yanbzhu63ea8462015-12-09 13:35:14 -05004328 free(de);
4329 i++;
4330 de = de_list[i];
4331 }
4332
Willy Tarreau05800522019-10-29 10:48:50 +01004333 snprintf(fp, sizeof(fp), "%s/%.*s", path, dp_len, de->d_name);
William Lallemande3af8fb2019-10-08 11:36:53 +02004334 if ((ckchs = ckchs_lookup(fp)) == NULL)
4335 ckchs = ckchs_load_cert_file(fp, 1, err);
4336 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004337 cfgerr |= ERR_ALERT | ERR_FATAL;
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004338 else
4339 cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05004340 /* Successfully processed the bundle */
4341 goto ignore_entry;
4342 }
4343 }
4344
4345#endif
William Lallemande3af8fb2019-10-08 11:36:53 +02004346 if ((ckchs = ckchs_lookup(fp)) == NULL)
4347 ckchs = ckchs_load_cert_file(fp, 0, err);
4348 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004349 cfgerr |= ERR_ALERT | ERR_FATAL;
William Lallemand614ca0d2019-10-07 13:52:11 +02004350 else
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004351 cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
William Lallemand36b84632019-07-18 19:28:17 +02004352
yanbzhu08ce6ab2015-12-02 13:01:29 -05004353ignore_entry:
4354 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01004355 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05004356 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004357 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05004358 closedir(dir);
4359 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004360 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05004361
William Lallemande3af8fb2019-10-08 11:36:53 +02004362 ckchs = ckchs_load_cert_file(path, 1, err);
4363 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004364 return ERR_ALERT | ERR_FATAL;
4365
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004366 cfgerr |= ssl_sock_load_ckchs(path, ckchs, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05004367
Emeric Brunfc0421f2012-09-07 17:30:07 +02004368 return cfgerr;
4369}
4370
Thierry Fournier383085f2013-01-24 14:15:43 +01004371/* Make sure openssl opens /dev/urandom before the chroot. The work is only
4372 * done once. Zero is returned if the operation fails. No error is returned
4373 * if the random is said as not implemented, because we expect that openssl
4374 * will use another method once needed.
4375 */
4376static int ssl_initialize_random()
4377{
4378 unsigned char random;
4379 static int random_initialized = 0;
4380
4381 if (!random_initialized && RAND_bytes(&random, 1) != 0)
4382 random_initialized = 1;
4383
4384 return random_initialized;
4385}
4386
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004387/* release ssl bind conf */
4388void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004389{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004390 if (conf) {
Bernard Spil13c53f82018-02-15 13:34:58 +01004391#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004392 free(conf->npn_str);
4393 conf->npn_str = NULL;
4394#endif
4395#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4396 free(conf->alpn_str);
4397 conf->alpn_str = NULL;
4398#endif
4399 free(conf->ca_file);
4400 conf->ca_file = NULL;
4401 free(conf->crl_file);
4402 conf->crl_file = NULL;
4403 free(conf->ciphers);
4404 conf->ciphers = NULL;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004405#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004406 free(conf->ciphersuites);
4407 conf->ciphersuites = NULL;
4408#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004409 free(conf->curves);
4410 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004411 free(conf->ecdhe);
4412 conf->ecdhe = NULL;
4413 }
4414}
4415
Willy Tarreaubbc91962019-10-16 16:42:19 +02004416/* Returns a set of ERR_* flags possibly with an error in <err>. */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004417int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
4418{
4419 char thisline[CRT_LINESIZE];
4420 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004421 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05004422 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004423 int linenum = 0;
4424 int cfgerr = 0;
William Lallemande3af8fb2019-10-08 11:36:53 +02004425 struct ckch_store *ckchs;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004426
Willy Tarreauad1731d2013-04-02 17:35:58 +02004427 if ((f = fopen(file, "r")) == NULL) {
4428 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Willy Tarreaubbc91962019-10-16 16:42:19 +02004429 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004430 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004431
4432 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004433 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004434 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004435 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004436 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004437 char *crt_path;
4438 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004439
4440 linenum++;
4441 end = line + strlen(line);
4442 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
4443 /* Check if we reached the limit and the last char is not \n.
4444 * Watch out for the last line without the terminating '\n'!
4445 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02004446 memprintf(err, "line %d too long in file '%s', limit is %d characters",
4447 linenum, file, (int)sizeof(thisline)-1);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004448 cfgerr |= ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004449 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004450 }
4451
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004452 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02004453 newarg = 1;
4454 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004455 if (*line == '#' || *line == '\n' || *line == '\r') {
4456 /* end of string, end of loop */
4457 *line = 0;
4458 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004459 } else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02004460 newarg = 1;
4461 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004462 } else if (*line == '[') {
4463 if (ssl_b) {
4464 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004465 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004466 break;
4467 }
4468 if (!arg) {
4469 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004470 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004471 break;
4472 }
4473 ssl_b = arg;
4474 newarg = 1;
4475 *line = 0;
4476 } else if (*line == ']') {
4477 if (ssl_e) {
4478 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004479 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brun50bcecc2013-04-22 13:05:23 +02004480 break;
4481 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004482 if (!ssl_b) {
4483 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004484 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004485 break;
4486 }
4487 ssl_e = arg;
4488 newarg = 1;
4489 *line = 0;
4490 } else if (newarg) {
4491 if (arg == MAX_CRT_ARGS) {
4492 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004493 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004494 break;
4495 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02004496 newarg = 0;
4497 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004498 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02004499 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004500 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02004501 if (cfgerr)
4502 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004503 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004504
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004505 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004506 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004507 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004508
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004509 crt_path = args[0];
4510 if (*crt_path != '/' && global_ssl.crt_base) {
4511 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
4512 memprintf(err, "'%s' : path too long on line %d in file '%s'",
4513 crt_path, linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004514 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004515 break;
4516 }
4517 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
4518 crt_path = path;
4519 }
4520
4521 ssl_conf = calloc(1, sizeof *ssl_conf);
4522 cur_arg = ssl_b ? ssl_b : 1;
4523 while (cur_arg < ssl_e) {
4524 newarg = 0;
4525 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
4526 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
4527 newarg = 1;
Willy Tarreaubbc91962019-10-16 16:42:19 +02004528 cfgerr |= ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004529 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
4530 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
4531 args[cur_arg], linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004532 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004533 }
4534 cur_arg += 1 + ssl_bind_kws[i].skip;
4535 break;
4536 }
4537 }
4538 if (!cfgerr && !newarg) {
4539 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
4540 args[cur_arg], linenum, file);
Willy Tarreaubbc91962019-10-16 16:42:19 +02004541 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004542 break;
4543 }
4544 }
Willy Tarreaubbc91962019-10-16 16:42:19 +02004545
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004546 if (cfgerr) {
4547 ssl_sock_free_ssl_conf(ssl_conf);
4548 free(ssl_conf);
4549 ssl_conf = NULL;
4550 break;
4551 }
4552
William Lallemande3af8fb2019-10-08 11:36:53 +02004553 if ((ckchs = ckchs_lookup(crt_path)) == NULL) {
William Lallemandeed4bf22019-10-10 11:38:13 +02004554 if (stat(crt_path, &buf) == 0)
William Lallemande3af8fb2019-10-08 11:36:53 +02004555 ckchs = ckchs_load_cert_file(crt_path, 0, err);
Emmanuel Hocdet1503e052019-07-31 18:30:33 +02004556 else
William Lallemande3af8fb2019-10-08 11:36:53 +02004557 ckchs = ckchs_load_cert_file(crt_path, 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05004558 }
4559
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004560 if (!ckchs)
Willy Tarreaubbc91962019-10-16 16:42:19 +02004561 cfgerr |= ERR_ALERT | ERR_FATAL;
Willy Tarreau8c5414a2019-10-16 17:06:25 +02004562 else
4563 cfgerr |= ssl_sock_load_ckchs(crt_path, ckchs, bind_conf, ssl_conf, &args[cur_arg], arg - cur_arg - 1, err);
William Lallemandeed4bf22019-10-10 11:38:13 +02004564
Willy Tarreauad1731d2013-04-02 17:35:58 +02004565 if (cfgerr) {
4566 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004567 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02004568 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004569 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004570 fclose(f);
4571 return cfgerr;
4572}
4573
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004574/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004575static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004576ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004577{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004578 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004579 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02004580 SSL_OP_ALL | /* all known workarounds for bugs */
4581 SSL_OP_NO_SSLv2 |
4582 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02004583 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02004584 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02004585 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02004586 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02004587 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004588 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02004589 SSL_MODE_ENABLE_PARTIAL_WRITE |
4590 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004591 SSL_MODE_RELEASE_BUFFERS |
4592 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004593 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004594 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004595 int flags = MC_SSL_O_ALL;
4596 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004597
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004598 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004599 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004600
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004601 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004602 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
4603 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4604 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004605 else
4606 flags = conf_ssl_methods->flags;
4607
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02004608 min = conf_ssl_methods->min;
4609 max = conf_ssl_methods->max;
4610 /* start with TLSv10 to remove SSLv3 per default */
4611 if (!min && (!max || max >= CONF_TLSV10))
4612 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004613 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02004614 if (min)
4615 flags |= (methodVersions[min].flag - 1);
4616 if (max)
4617 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004618 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004619 min = max = CONF_TLSV_NONE;
4620 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004621 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004622 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004623 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004624 if (min) {
4625 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004626 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
4627 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4628 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
4629 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004630 hole = 0;
4631 }
4632 max = i;
4633 }
4634 else {
4635 min = max = i;
4636 }
4637 }
4638 else {
4639 if (min)
4640 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004641 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004642 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004643 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4644 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004645 cfgerr += 1;
4646 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004647 /* save real min/max in bind_conf */
4648 conf_ssl_methods->min = min;
4649 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004650
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004651#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004652 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08004653 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004654 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004655 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004656 else
4657 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4658 if (flags & methodVersions[i].flag)
4659 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004660#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004661 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004662 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4663 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02004664#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004665
4666 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
4667 options |= SSL_OP_NO_TICKET;
4668 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
4669 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
Dirkjan Bussink526894f2019-01-21 09:35:03 -08004670
4671#ifdef SSL_OP_NO_RENEGOTIATION
4672 options |= SSL_OP_NO_RENEGOTIATION;
4673#endif
4674
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004675 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004676
Willy Tarreau5db847a2019-05-09 14:13:35 +02004677#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004678 if (global_ssl.async)
4679 mode |= SSL_MODE_ASYNC;
4680#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004681 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004682 if (global_ssl.life_time)
4683 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004684
4685#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
4686#ifdef OPENSSL_IS_BORINGSSL
4687 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
4688 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Willy Tarreau5db847a2019-05-09 14:13:35 +02004689#elif (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard545989f2019-12-17 15:39:54 +01004690 if (bind_conf->ssl_conf.early_data)
Olivier Houchard51088ce2019-01-02 18:46:41 +01004691 SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02004692 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
4693 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004694#else
4695 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004696#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02004697 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004698#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004699 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004700}
4701
William Lallemand4f45bb92017-10-30 20:08:51 +01004702
4703static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
4704{
4705 if (first == block) {
4706 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4707 if (first->len > 0)
4708 sh_ssl_sess_tree_delete(sh_ssl_sess);
4709 }
4710}
4711
4712/* return first block from sh_ssl_sess */
4713static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
4714{
4715 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
4716
4717}
4718
4719/* store a session into the cache
4720 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
4721 * data: asn1 encoded session
4722 * data_len: asn1 encoded session length
4723 * Returns 1 id session was stored (else 0)
4724 */
4725static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
4726{
4727 struct shared_block *first;
4728 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
4729
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004730 first = shctx_row_reserve_hot(ssl_shctx, NULL, data_len + sizeof(struct sh_ssl_sess_hdr));
William Lallemand4f45bb92017-10-30 20:08:51 +01004731 if (!first) {
4732 /* Could not retrieve enough free blocks to store that session */
4733 return 0;
4734 }
4735
4736 /* STORE the key in the first elem */
4737 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4738 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
4739 first->len = sizeof(struct sh_ssl_sess_hdr);
4740
4741 /* it returns the already existing node
4742 or current node if none, never returns null */
4743 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
4744 if (oldsh_ssl_sess != sh_ssl_sess) {
4745 /* NOTE: Row couldn't be in use because we lock read & write function */
4746 /* release the reserved row */
4747 shctx_row_dec_hot(ssl_shctx, first);
4748 /* replace the previous session already in the tree */
4749 sh_ssl_sess = oldsh_ssl_sess;
4750 /* ignore the previous session data, only use the header */
4751 first = sh_ssl_sess_first_block(sh_ssl_sess);
4752 shctx_row_inc_hot(ssl_shctx, first);
4753 first->len = sizeof(struct sh_ssl_sess_hdr);
4754 }
4755
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004756 if (shctx_row_data_append(ssl_shctx, first, NULL, data, data_len) < 0) {
William Lallemand99b90af2018-01-03 19:15:51 +01004757 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004758 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01004759 }
4760
4761 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004762
4763 return 1;
4764}
William Lallemanded0b5ad2017-10-30 19:36:36 +01004765
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004766/* SSL callback used when a new session is created while connecting to a server */
4767static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
4768{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004769 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004770 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004771
Willy Tarreau07d94e42018-09-20 10:57:52 +02004772 s = __objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004773
Olivier Houcharde6060c52017-11-16 17:42:52 +01004774 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
4775 int len;
4776 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004777
Olivier Houcharde6060c52017-11-16 17:42:52 +01004778 len = i2d_SSL_SESSION(sess, NULL);
4779 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
4780 ptr = s->ssl_ctx.reused_sess[tid].ptr;
4781 } else {
4782 free(s->ssl_ctx.reused_sess[tid].ptr);
4783 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
4784 s->ssl_ctx.reused_sess[tid].allocated_size = len;
4785 }
4786 if (s->ssl_ctx.reused_sess[tid].ptr) {
4787 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
4788 &ptr);
4789 }
4790 } else {
4791 free(s->ssl_ctx.reused_sess[tid].ptr);
4792 s->ssl_ctx.reused_sess[tid].ptr = NULL;
4793 }
4794
4795 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004796}
4797
Olivier Houcharde6060c52017-11-16 17:42:52 +01004798
William Lallemanded0b5ad2017-10-30 19:36:36 +01004799/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01004800int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004801{
4802 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
4803 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
4804 unsigned char *p;
4805 int data_len;
Emeric Bruneb469652019-10-08 18:27:37 +02004806 unsigned int sid_length;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004807 const unsigned char *sid_data;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004808
4809 /* Session id is already stored in to key and session id is known
4810 * so we dont store it to keep size.
Emeric Bruneb469652019-10-08 18:27:37 +02004811 * note: SSL_SESSION_set1_id is using
4812 * a memcpy so we need to use a different pointer
4813 * than sid_data or sid_ctx_data to avoid valgrind
4814 * complaining.
William Lallemanded0b5ad2017-10-30 19:36:36 +01004815 */
4816
4817 sid_data = SSL_SESSION_get_id(sess, &sid_length);
Emeric Bruneb469652019-10-08 18:27:37 +02004818
4819 /* copy value in an other buffer */
4820 memcpy(encid, sid_data, sid_length);
4821
4822 /* pad with 0 */
4823 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
4824 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
4825
4826 /* force length to zero to avoid ASN1 encoding */
4827 SSL_SESSION_set1_id(sess, encid, 0);
4828
4829 /* force length to zero to avoid ASN1 encoding */
4830 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, 0);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004831
4832 /* check if buffer is large enough for the ASN1 encoded session */
4833 data_len = i2d_SSL_SESSION(sess, NULL);
4834 if (data_len > SHSESS_MAX_DATA_LEN)
4835 goto err;
4836
4837 p = encsess;
4838
4839 /* process ASN1 session encoding before the lock */
4840 i2d_SSL_SESSION(sess, &p);
4841
William Lallemanded0b5ad2017-10-30 19:36:36 +01004842
William Lallemanda3c77cf2017-10-30 23:44:40 +01004843 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004844 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004845 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01004846 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004847err:
4848 /* reset original length values */
Emeric Bruneb469652019-10-08 18:27:37 +02004849 SSL_SESSION_set1_id(sess, encid, sid_length);
4850 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004851
4852 return 0; /* do not increment session reference count */
4853}
4854
4855/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004856SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004857{
William Lallemand4f45bb92017-10-30 20:08:51 +01004858 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004859 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
4860 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01004861 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01004862 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004863
4864 global.shctx_lookups++;
4865
4866 /* allow the session to be freed automatically by openssl */
4867 *do_copy = 0;
4868
4869 /* tree key is zeros padded sessionid */
4870 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4871 memcpy(tmpkey, key, key_len);
4872 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
4873 key = tmpkey;
4874 }
4875
4876 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004877 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004878
4879 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004880 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
4881 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004882 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004883 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004884 global.shctx_misses++;
4885 return NULL;
4886 }
4887
William Lallemand4f45bb92017-10-30 20:08:51 +01004888 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
4889 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004890
William Lallemand4f45bb92017-10-30 20:08:51 +01004891 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004892
William Lallemanda3c77cf2017-10-30 23:44:40 +01004893 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004894
4895 /* decode ASN1 session */
4896 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004897 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004898 /* Reset session id and session id contenxt */
4899 if (sess) {
4900 SSL_SESSION_set1_id(sess, key, key_len);
4901 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4902 }
4903
4904 return sess;
4905}
4906
William Lallemand4f45bb92017-10-30 20:08:51 +01004907
William Lallemanded0b5ad2017-10-30 19:36:36 +01004908/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004909void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004910{
William Lallemand4f45bb92017-10-30 20:08:51 +01004911 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004912 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4913 unsigned int sid_length;
4914 const unsigned char *sid_data;
4915 (void)ctx;
4916
4917 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4918 /* tree key is zeros padded sessionid */
4919 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4920 memcpy(tmpkey, sid_data, sid_length);
4921 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4922 sid_data = tmpkey;
4923 }
4924
William Lallemanda3c77cf2017-10-30 23:44:40 +01004925 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004926
4927 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004928 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4929 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004930 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004931 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004932 }
4933
4934 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004935 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004936}
4937
4938/* Set session cache mode to server and disable openssl internal cache.
4939 * Set shared cache callbacks on an ssl context.
4940 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004941void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004942{
4943 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4944
4945 if (!ssl_shctx) {
4946 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4947 return;
4948 }
4949
4950 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4951 SSL_SESS_CACHE_NO_INTERNAL |
4952 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4953
4954 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004955 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4956 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4957 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004958}
4959
William Lallemand8b453912019-11-21 15:48:10 +01004960/*
4961 * This function applies the SSL configuration on a SSL_CTX
4962 * It returns an error code and fills the <err> buffer
4963 */
4964int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx, char **err)
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004965{
4966 struct proxy *curproxy = bind_conf->frontend;
4967 int cfgerr = 0;
4968 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004969 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004970 const char *conf_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004971#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004972 const char *conf_ciphersuites;
4973#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004974 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004975
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004976 if (ssl_conf) {
4977 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4978 int i, min, max;
4979 int flags = MC_SSL_O_ALL;
4980
4981 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004982 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4983 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004984 if (min)
4985 flags |= (methodVersions[min].flag - 1);
4986 if (max)
4987 flags |= ~((methodVersions[max].flag << 1) - 1);
4988 min = max = CONF_TLSV_NONE;
4989 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4990 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4991 if (min)
4992 max = i;
4993 else
4994 min = max = i;
4995 }
4996 /* save real min/max */
4997 conf_ssl_methods->min = min;
4998 conf_ssl_methods->max = max;
4999 if (!min) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005000 memprintf(err, "%sProxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
5001 err && *err ? *err : "", bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005002 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02005003 }
5004 }
5005
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005006 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01005007 case SSL_SOCK_VERIFY_NONE:
5008 verify = SSL_VERIFY_NONE;
5009 break;
5010 case SSL_SOCK_VERIFY_OPTIONAL:
5011 verify = SSL_VERIFY_PEER;
5012 break;
5013 case SSL_SOCK_VERIFY_REQUIRED:
5014 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
5015 break;
5016 }
5017 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
5018 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005019 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
5020 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
5021 if (ca_file) {
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +02005022 /* set CAfile to verify */
5023 if (!ssl_set_verify_locations_file(ctx, ca_file)) {
5024 memprintf(err, "%sProxy '%s': unable to set CA file '%s' for bind '%s' at [%s:%d].\n",
Tim Duesterhus93128532019-11-23 23:45:10 +01005025 err && *err ? *err : "", curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005026 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02005027 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02005028 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
5029 /* set CA names for client cert request, function returns void */
Emmanuel Hocdet129d3282019-10-24 18:08:51 +02005030 SSL_CTX_set_client_CA_list(ctx, SSL_dup_CA_list(ssl_get_client_ca_file(ca_file)));
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02005031 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02005032 }
Emeric Brun850efd52014-01-29 12:24:34 +01005033 else {
Tim Duesterhus93128532019-11-23 23:45:10 +01005034 memprintf(err, "%sProxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
5035 err && *err ? *err : "", curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005036 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brun850efd52014-01-29 12:24:34 +01005037 }
Emeric Brun051cdab2012-10-02 19:25:50 +02005038#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005039 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02005040 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
5041
Emmanuel Hocdetb270e812019-11-21 19:09:31 +01005042 if (!ssl_set_cert_crl_file(store, crl_file)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005043 memprintf(err, "%sProxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
5044 err && *err ? *err : "", curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005045 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02005046 }
Emeric Brun561e5742012-10-02 15:20:55 +02005047 else {
5048 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
5049 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02005050 }
Emeric Brun051cdab2012-10-02 19:25:50 +02005051#endif
Emeric Brun644cde02012-12-14 11:21:13 +01005052 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02005053 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01005054#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02005055 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01005056 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005057 memprintf(err, "%sProxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
5058 err && *err ? *err : "", curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005059 cfgerr |= ERR_ALERT | ERR_FATAL;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01005060 }
5061 }
5062#endif
5063
William Lallemand4f45bb92017-10-30 20:08:51 +01005064 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005065 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
5066 if (conf_ciphers &&
5067 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005068 memprintf(err, "%sProxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
5069 err && *err ? *err : "", curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005070 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02005071 }
5072
Emmanuel Hocdet839af572019-05-14 16:27:35 +02005073#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005074 conf_ciphersuites = (ssl_conf && ssl_conf->ciphersuites) ? ssl_conf->ciphersuites : bind_conf->ssl_conf.ciphersuites;
5075 if (conf_ciphersuites &&
5076 !SSL_CTX_set_ciphersuites(ctx, conf_ciphersuites)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005077 memprintf(err, "%sProxy '%s': unable to set TLS 1.3 cipher suites to '%s' for bind '%s' at [%s:%d].\n",
5078 err && *err ? *err : "", curproxy->id, conf_ciphersuites, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005079 cfgerr |= ERR_ALERT | ERR_FATAL;
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005080 }
5081#endif
5082
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01005083#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02005084 /* If tune.ssl.default-dh-param has not been set,
5085 neither has ssl-default-dh-file and no static DH
5086 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01005087 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02005088 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02005089 (ssl_dh_ptr_index == -1 ||
5090 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01005091 STACK_OF(SSL_CIPHER) * ciphers = NULL;
5092 const SSL_CIPHER * cipher = NULL;
5093 char cipher_description[128];
5094 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
5095 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
5096 which is not ephemeral DH. */
5097 const char dhe_description[] = " Kx=DH ";
5098 const char dhe_export_description[] = " Kx=DH(";
5099 int idx = 0;
5100 int dhe_found = 0;
5101 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02005102
Remi Gacogne23d5d372014-10-10 17:04:26 +02005103 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02005104
Remi Gacogne23d5d372014-10-10 17:04:26 +02005105 if (ssl) {
5106 ciphers = SSL_get_ciphers(ssl);
5107
5108 if (ciphers) {
5109 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
5110 cipher = sk_SSL_CIPHER_value(ciphers, idx);
5111 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
5112 if (strstr(cipher_description, dhe_description) != NULL ||
5113 strstr(cipher_description, dhe_export_description) != NULL) {
5114 dhe_found = 1;
5115 break;
5116 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02005117 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02005118 }
5119 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02005120 SSL_free(ssl);
5121 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02005122 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02005123
Lukas Tribus90132722014-08-18 00:56:33 +02005124 if (dhe_found) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005125 memprintf(err, "%sSetting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n",
5126 err && *err ? *err : "");
William Lallemand8b453912019-11-21 15:48:10 +01005127 cfgerr |= ERR_WARN;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02005128 }
5129
Willy Tarreauef934602016-12-22 23:12:01 +01005130 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02005131 }
Remi Gacogne8de54152014-07-15 11:36:40 +02005132
Willy Tarreauef934602016-12-22 23:12:01 +01005133 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02005134 if (local_dh_1024 == NULL) {
5135 local_dh_1024 = ssl_get_dh_1024();
5136 }
Willy Tarreauef934602016-12-22 23:12:01 +01005137 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02005138 if (local_dh_2048 == NULL) {
5139 local_dh_2048 = ssl_get_dh_2048();
5140 }
Willy Tarreauef934602016-12-22 23:12:01 +01005141 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02005142 if (local_dh_4096 == NULL) {
5143 local_dh_4096 = ssl_get_dh_4096();
5144 }
Remi Gacogne8de54152014-07-15 11:36:40 +02005145 }
5146 }
5147 }
5148#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02005149
Emeric Brunfc0421f2012-09-07 17:30:07 +02005150 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005151#if HA_OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02005152 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02005153#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02005154
Bernard Spil13c53f82018-02-15 13:34:58 +01005155#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005156 ssl_conf_cur = NULL;
5157 if (ssl_conf && ssl_conf->npn_str)
5158 ssl_conf_cur = ssl_conf;
5159 else if (bind_conf->ssl_conf.npn_str)
5160 ssl_conf_cur = &bind_conf->ssl_conf;
5161 if (ssl_conf_cur)
5162 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02005163#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01005164#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005165 ssl_conf_cur = NULL;
5166 if (ssl_conf && ssl_conf->alpn_str)
5167 ssl_conf_cur = ssl_conf;
5168 else if (bind_conf->ssl_conf.alpn_str)
5169 ssl_conf_cur = &bind_conf->ssl_conf;
5170 if (ssl_conf_cur)
5171 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02005172#endif
Lukas Tribusd14b49c2019-11-24 18:20:40 +01005173#if ((HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL) || defined(LIBRESSL_VERSION_NUMBER))
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01005174 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
5175 if (conf_curves) {
5176 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005177 memprintf(err, "%sProxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
5178 err && *err ? *err : "", curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005179 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01005180 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01005181#if defined(SSL_CTX_set_ecdh_auto)
5182 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
5183#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01005184 }
5185#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02005186#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01005187 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02005188 int i;
5189 EC_KEY *ecdh;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005190#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005191 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02005192 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
5193 NULL);
5194
5195 if (ecdhe == NULL) {
Eric Salama3c8bde82019-11-20 11:33:40 +01005196 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005197 return cfgerr;
5198 }
5199#else
5200 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
5201 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
5202 ECDHE_DEFAULT_CURVE);
5203#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02005204
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005205 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02005206 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01005207 memprintf(err, "%sProxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
5208 err && *err ? *err : "", curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
William Lallemand8b453912019-11-21 15:48:10 +01005209 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brun2b58d042012-09-20 17:10:03 +02005210 }
5211 else {
5212 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
5213 EC_KEY_free(ecdh);
5214 }
5215 }
5216#endif
5217
Emeric Brunfc0421f2012-09-07 17:30:07 +02005218 return cfgerr;
5219}
5220
Evan Broderbe554312013-06-27 00:05:25 -07005221static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
5222{
5223 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
5224 size_t prefixlen, suffixlen;
5225
5226 /* Trivial case */
5227 if (strcmp(pattern, hostname) == 0)
5228 return 1;
5229
Evan Broderbe554312013-06-27 00:05:25 -07005230 /* The rest of this logic is based on RFC 6125, section 6.4.3
5231 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
5232
Emeric Bruna848dae2013-10-08 11:27:28 +02005233 pattern_wildcard = NULL;
5234 pattern_left_label_end = pattern;
5235 while (*pattern_left_label_end != '.') {
5236 switch (*pattern_left_label_end) {
5237 case 0:
5238 /* End of label not found */
5239 return 0;
5240 case '*':
5241 /* If there is more than one wildcards */
5242 if (pattern_wildcard)
5243 return 0;
5244 pattern_wildcard = pattern_left_label_end;
5245 break;
5246 }
5247 pattern_left_label_end++;
5248 }
5249
5250 /* If it's not trivial and there is no wildcard, it can't
5251 * match */
5252 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07005253 return 0;
5254
5255 /* Make sure all labels match except the leftmost */
5256 hostname_left_label_end = strchr(hostname, '.');
5257 if (!hostname_left_label_end
5258 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
5259 return 0;
5260
5261 /* Make sure the leftmost label of the hostname is long enough
5262 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02005263 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07005264 return 0;
5265
5266 /* Finally compare the string on either side of the
5267 * wildcard */
5268 prefixlen = pattern_wildcard - pattern;
5269 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02005270 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
5271 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07005272 return 0;
5273
5274 return 1;
5275}
5276
5277static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
5278{
5279 SSL *ssl;
5280 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005281 struct ssl_sock_ctx *ssl_ctx;
Willy Tarreau2ab88672017-07-05 18:23:03 +02005282 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02005283 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07005284
5285 int depth;
5286 X509 *cert;
5287 STACK_OF(GENERAL_NAME) *alt_names;
5288 int i;
5289 X509_NAME *cert_subject;
5290 char *str;
5291
5292 if (ok == 0)
5293 return ok;
5294
5295 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02005296 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005297 ssl_ctx = conn->xprt_ctx;
Evan Broderbe554312013-06-27 00:05:25 -07005298
Willy Tarreauad92a9a2017-07-28 11:38:41 +02005299 /* We're checking if the provided hostnames match the desired one. The
5300 * desired hostname comes from the SNI we presented if any, or if not
5301 * provided then it may have been explicitly stated using a "verifyhost"
5302 * directive. If neither is set, we don't care about the name so the
5303 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02005304 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005305 servername = SSL_get_servername(ssl_ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02005306 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02005307 if (!servername) {
Willy Tarreau07d94e42018-09-20 10:57:52 +02005308 servername = __objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02005309 if (!servername)
5310 return ok;
5311 }
Evan Broderbe554312013-06-27 00:05:25 -07005312
5313 /* We only need to verify the CN on the actual server cert,
5314 * not the indirect CAs */
5315 depth = X509_STORE_CTX_get_error_depth(ctx);
5316 if (depth != 0)
5317 return ok;
5318
5319 /* At this point, the cert is *not* OK unless we can find a
5320 * hostname match */
5321 ok = 0;
5322
5323 cert = X509_STORE_CTX_get_current_cert(ctx);
5324 /* It seems like this might happen if verify peer isn't set */
5325 if (!cert)
5326 return ok;
5327
5328 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
5329 if (alt_names) {
5330 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
5331 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
5332 if (name->type == GEN_DNS) {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005333#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Emeric Bruna33410c2013-09-17 15:47:48 +02005334 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
5335#else
Evan Broderbe554312013-06-27 00:05:25 -07005336 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02005337#endif
Evan Broderbe554312013-06-27 00:05:25 -07005338 ok = ssl_sock_srv_hostcheck(str, servername);
5339 OPENSSL_free(str);
5340 }
5341 }
5342 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02005343 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07005344 }
5345
5346 cert_subject = X509_get_subject_name(cert);
5347 i = -1;
5348 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
5349 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005350 ASN1_STRING *value;
5351 value = X509_NAME_ENTRY_get_data(entry);
5352 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07005353 ok = ssl_sock_srv_hostcheck(str, servername);
5354 OPENSSL_free(str);
5355 }
5356 }
5357
Willy Tarreau71d058c2017-07-26 20:09:56 +02005358 /* report the mismatch and indicate if SNI was used or not */
5359 if (!ok && !conn->err_code)
5360 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07005361 return ok;
5362}
5363
Emeric Brun94324a42012-10-11 14:00:19 +02005364/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01005365int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02005366{
Willy Tarreau03209342016-12-22 17:08:28 +01005367 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02005368 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02005369 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02005370 SSL_OP_ALL | /* all known workarounds for bugs */
5371 SSL_OP_NO_SSLv2 |
5372 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02005373 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02005374 SSL_MODE_ENABLE_PARTIAL_WRITE |
5375 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01005376 SSL_MODE_RELEASE_BUFFERS |
5377 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01005378 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005379 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005380 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005381 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005382 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02005383
Thierry Fournier383085f2013-01-24 14:15:43 +01005384 /* Make sure openssl opens /dev/urandom before the chroot */
5385 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005386 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01005387 cfgerr++;
5388 }
5389
Willy Tarreaufce03112015-01-15 21:32:40 +01005390 /* Automatic memory computations need to know we use SSL there */
5391 global.ssl_used_backend = 1;
5392
5393 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02005394 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005395 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005396 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
5397 curproxy->id, srv->id,
5398 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005399 cfgerr++;
5400 return cfgerr;
5401 }
5402 }
Emeric Brun94324a42012-10-11 14:00:19 +02005403 if (srv->use_ssl)
5404 srv->xprt = &ssl_sock;
5405 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01005406 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02005407
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005408 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005409 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005410 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
5411 proxy_type_str(curproxy), curproxy->id,
5412 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02005413 cfgerr++;
5414 return cfgerr;
5415 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005416
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005417 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01005418 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
5419 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
5420 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005421 else
5422 flags = conf_ssl_methods->flags;
5423
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005424 /* Real min and max should be determinate with configuration and openssl's capabilities */
5425 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005426 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005427 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005428 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005429
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02005430 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005431 min = max = CONF_TLSV_NONE;
5432 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005433 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005434 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005435 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005436 if (min) {
5437 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005438 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
5439 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
5440 proxy_type_str(curproxy), curproxy->id, srv->id,
5441 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005442 hole = 0;
5443 }
5444 max = i;
5445 }
5446 else {
5447 min = max = i;
5448 }
5449 }
5450 else {
5451 if (min)
5452 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005453 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005454 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005455 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
5456 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005457 cfgerr += 1;
5458 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005459
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005460#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005461 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08005462 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005463 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02005464 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005465 else
5466 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
5467 if (flags & methodVersions[i].flag)
5468 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005469#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02005470 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02005471 methodVersions[min].ctx_set_version(ctx, SET_MIN);
5472 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02005473#endif
5474
5475 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
5476 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005477 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005478
Willy Tarreau5db847a2019-05-09 14:13:35 +02005479#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005480 if (global_ssl.async)
5481 mode |= SSL_MODE_ASYNC;
5482#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01005483 SSL_CTX_set_mode(ctx, mode);
5484 srv->ssl_ctx.ctx = ctx;
5485
Emeric Bruna7aa3092012-10-26 12:58:00 +02005486 if (srv->ssl_ctx.client_crt) {
5487 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005488 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
5489 proxy_type_str(curproxy), curproxy->id,
5490 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02005491 cfgerr++;
5492 }
5493 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005494 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
5495 proxy_type_str(curproxy), curproxy->id,
5496 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02005497 cfgerr++;
5498 }
5499 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005500 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
5501 proxy_type_str(curproxy), curproxy->id,
5502 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02005503 cfgerr++;
5504 }
5505 }
Emeric Brun94324a42012-10-11 14:00:19 +02005506
Emeric Brun850efd52014-01-29 12:24:34 +01005507 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
5508 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01005509 switch (srv->ssl_ctx.verify) {
5510 case SSL_SOCK_VERIFY_NONE:
5511 verify = SSL_VERIFY_NONE;
5512 break;
5513 case SSL_SOCK_VERIFY_REQUIRED:
5514 verify = SSL_VERIFY_PEER;
5515 break;
5516 }
Evan Broderbe554312013-06-27 00:05:25 -07005517 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01005518 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02005519 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01005520 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02005521 if (srv->ssl_ctx.ca_file) {
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +02005522 /* set CAfile to verify */
5523 if (!ssl_set_verify_locations_file(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file)) {
5524 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to set CA file '%s'.\n",
Christopher Faulet767a84b2017-11-24 16:50:31 +01005525 curproxy->id, srv->id,
5526 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02005527 cfgerr++;
5528 }
5529 }
Emeric Brun850efd52014-01-29 12:24:34 +01005530 else {
5531 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01005532 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
5533 curproxy->id, srv->id,
5534 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01005535 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01005536 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
5537 curproxy->id, srv->id,
5538 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01005539 cfgerr++;
5540 }
Emeric Brunef42d922012-10-11 16:11:36 +02005541#ifdef X509_V_FLAG_CRL_CHECK
5542 if (srv->ssl_ctx.crl_file) {
5543 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
5544
Emmanuel Hocdetb270e812019-11-21 19:09:31 +01005545 if (!ssl_set_cert_crl_file(store, srv->ssl_ctx.crl_file)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005546 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
5547 curproxy->id, srv->id,
5548 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02005549 cfgerr++;
5550 }
5551 else {
5552 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
5553 }
5554 }
5555#endif
5556 }
5557
Olivier Houchardbd84ac82017-11-03 13:43:35 +01005558 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
5559 SSL_SESS_CACHE_NO_INTERNAL_STORE);
5560 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02005561 if (srv->ssl_ctx.ciphers &&
5562 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005563 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
5564 curproxy->id, srv->id,
5565 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02005566 cfgerr++;
5567 }
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005568
Emmanuel Hocdet839af572019-05-14 16:27:35 +02005569#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005570 if (srv->ssl_ctx.ciphersuites &&
Pierre Cheynierbc34cd12019-03-21 16:15:47 +00005571 !SSL_CTX_set_ciphersuites(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphersuites)) {
Dirkjan Bussink415150f2018-09-14 11:14:21 +02005572 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set TLS 1.3 cipher suites to '%s'.\n",
5573 curproxy->id, srv->id,
5574 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphersuites);
5575 cfgerr++;
5576 }
5577#endif
Olivier Houchardc7566002018-11-20 23:33:50 +01005578#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
5579 if (srv->ssl_ctx.npn_str)
5580 SSL_CTX_set_next_proto_select_cb(ctx, ssl_sock_srv_select_protos, srv);
5581#endif
5582#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
5583 if (srv->ssl_ctx.alpn_str)
5584 SSL_CTX_set_alpn_protos(ctx, (unsigned char *)srv->ssl_ctx.alpn_str, srv->ssl_ctx.alpn_len);
5585#endif
5586
Emeric Brun94324a42012-10-11 14:00:19 +02005587
5588 return cfgerr;
5589}
5590
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005591/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02005592 * be NULL, in which case nothing is done. Returns the number of errors
5593 * encountered.
5594 */
Willy Tarreau03209342016-12-22 17:08:28 +01005595int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02005596{
5597 struct ebmb_node *node;
5598 struct sni_ctx *sni;
5599 int err = 0;
William Lallemand8b453912019-11-21 15:48:10 +01005600 int errcode = 0;
5601 char *errmsg = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02005602
Willy Tarreaufce03112015-01-15 21:32:40 +01005603 /* Automatic memory computations need to know we use SSL there */
5604 global.ssl_used_frontend = 1;
5605
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005606 /* Make sure openssl opens /dev/urandom before the chroot */
5607 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005608 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005609 err++;
5610 }
5611 /* Create initial_ctx used to start the ssl connection before do switchctx */
5612 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02005613 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005614 /* It should not be necessary to call this function, but it's
5615 necessary first to check and move all initialisation related
5616 to initial_ctx in ssl_sock_initial_ctx. */
William Lallemand8b453912019-11-21 15:48:10 +01005617 errcode |= ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx, &errmsg);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005618 }
Emeric Brun0bed9942014-10-30 19:25:24 +01005619 if (bind_conf->default_ctx)
William Lallemand8b453912019-11-21 15:48:10 +01005620 errcode |= ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx, &errmsg);
Emeric Brun0bed9942014-10-30 19:25:24 +01005621
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005622 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005623 while (node) {
5624 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01005625 if (!sni->order && sni->ctx != bind_conf->default_ctx)
5626 /* only initialize the CTX on its first occurrence and
5627 if it is not the default_ctx */
William Lallemand8b453912019-11-21 15:48:10 +01005628 errcode |= ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx, &errmsg);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005629 node = ebmb_next(node);
5630 }
5631
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005632 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005633 while (node) {
5634 sni = ebmb_entry(node, struct sni_ctx, name);
William Lallemand8b453912019-11-21 15:48:10 +01005635 if (!sni->order && sni->ctx != bind_conf->default_ctx) {
Emeric Brun0bed9942014-10-30 19:25:24 +01005636 /* only initialize the CTX on its first occurrence and
5637 if it is not the default_ctx */
William Lallemand8b453912019-11-21 15:48:10 +01005638 errcode |= ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx, &errmsg);
5639 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005640 node = ebmb_next(node);
5641 }
William Lallemand8b453912019-11-21 15:48:10 +01005642
5643 if (errcode & ERR_WARN) {
Tim Duesterhusc0e820c2019-11-23 23:52:30 +01005644 ha_warning("%s", errmsg);
William Lallemand8b453912019-11-21 15:48:10 +01005645 } else if (errcode & ERR_CODE) {
Tim Duesterhusc0e820c2019-11-23 23:52:30 +01005646 ha_alert("%s", errmsg);
William Lallemand8b453912019-11-21 15:48:10 +01005647 err++;
5648 }
5649
5650 free(errmsg);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005651 return err;
5652}
5653
Willy Tarreau55d37912016-12-21 23:38:39 +01005654/* Prepares all the contexts for a bind_conf and allocates the shared SSL
5655 * context if needed. Returns < 0 on error, 0 on success. The warnings and
5656 * alerts are directly emitted since the rest of the stack does it below.
5657 */
5658int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
5659{
5660 struct proxy *px = bind_conf->frontend;
5661 int alloc_ctx;
5662 int err;
5663
5664 if (!bind_conf->is_ssl) {
5665 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005666 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
5667 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01005668 }
5669 return 0;
5670 }
5671 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005672 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005673 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
5674 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005675 }
5676 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005677 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
5678 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005679 return -1;
5680 }
Willy Tarreau55d37912016-12-21 23:38:39 +01005681 }
William Lallemandc61c0b32017-12-04 18:46:39 +01005682 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01005683 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
Frédéric Lécailleb7838af2018-10-22 16:21:39 +02005684 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE, -1,
William Lallemandc3cd35f2017-11-28 11:04:43 +01005685 sizeof(*sh_ssl_sess_tree),
5686 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
Frédéric Lécaille4c8aa112018-10-25 20:22:46 +02005687 if (alloc_ctx <= 0) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01005688 if (alloc_ctx == SHCTX_E_INIT_LOCK)
5689 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
5690 else
5691 ha_alert("Unable to allocate SSL session cache.\n");
5692 return -1;
5693 }
5694 /* free block callback */
5695 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
5696 /* init the root tree within the extra space */
5697 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
5698 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01005699 }
Willy Tarreau55d37912016-12-21 23:38:39 +01005700 err = 0;
5701 /* initialize all certificate contexts */
5702 err += ssl_sock_prepare_all_ctx(bind_conf);
5703
5704 /* initialize CA variables if the certificates generation is enabled */
5705 err += ssl_sock_load_ca(bind_conf);
5706
5707 return -err;
5708}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005709
5710/* release ssl context allocated for servers. */
5711void ssl_sock_free_srv_ctx(struct server *srv)
5712{
Olivier Houchardc7566002018-11-20 23:33:50 +01005713#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
5714 if (srv->ssl_ctx.alpn_str)
5715 free(srv->ssl_ctx.alpn_str);
5716#endif
Lukas Tribusda95fd92018-11-25 13:21:27 +01005717#ifdef OPENSSL_NPN_NEGOTIATED
Olivier Houchardc7566002018-11-20 23:33:50 +01005718 if (srv->ssl_ctx.npn_str)
5719 free(srv->ssl_ctx.npn_str);
Lukas Tribus7706b852018-11-26 22:57:17 +01005720#endif
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005721 if (srv->ssl_ctx.ctx)
5722 SSL_CTX_free(srv->ssl_ctx.ctx);
5723}
5724
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005725/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02005726 * be NULL, in which case nothing is done. The default_ctx is nullified too.
5727 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005728void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02005729{
5730 struct ebmb_node *node, *back;
5731 struct sni_ctx *sni;
5732
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005733 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005734 while (node) {
5735 sni = ebmb_entry(node, struct sni_ctx, name);
5736 back = ebmb_next(node);
5737 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005738 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005739 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005740 ssl_sock_free_ssl_conf(sni->conf);
5741 free(sni->conf);
5742 sni->conf = NULL;
5743 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005744 free(sni);
5745 node = back;
5746 }
5747
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005748 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005749 while (node) {
5750 sni = ebmb_entry(node, struct sni_ctx, name);
5751 back = ebmb_next(node);
5752 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005753 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005754 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005755 ssl_sock_free_ssl_conf(sni->conf);
5756 free(sni->conf);
5757 sni->conf = NULL;
5758 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005759 free(sni);
5760 node = back;
5761 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005762 SSL_CTX_free(bind_conf->initial_ctx);
5763 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005764 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005765 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02005766}
5767
Willy Tarreau795cdab2016-12-22 17:30:54 +01005768/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
5769void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
5770{
5771 ssl_sock_free_ca(bind_conf);
5772 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005773 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01005774 free(bind_conf->ca_sign_file);
5775 free(bind_conf->ca_sign_pass);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02005776 if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) {
Willy Tarreau795cdab2016-12-22 17:30:54 +01005777 free(bind_conf->keys_ref->filename);
5778 free(bind_conf->keys_ref->tlskeys);
5779 LIST_DEL(&bind_conf->keys_ref->list);
5780 free(bind_conf->keys_ref);
5781 }
5782 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005783 bind_conf->ca_sign_pass = NULL;
5784 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005785}
5786
Christopher Faulet31af49d2015-06-09 17:29:50 +02005787/* Load CA cert file and private key used to generate certificates */
5788int
Willy Tarreau03209342016-12-22 17:08:28 +01005789ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005790{
Willy Tarreau03209342016-12-22 17:08:28 +01005791 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005792 FILE *fp;
5793 X509 *cacert = NULL;
5794 EVP_PKEY *capkey = NULL;
5795 int err = 0;
5796
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02005797 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005798 return err;
5799
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005800#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02005801 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01005802 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005803 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02005804 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005805 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02005806#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02005807
Christopher Faulet31af49d2015-06-09 17:29:50 +02005808 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005809 ha_alert("Proxy '%s': cannot enable certificate generation, "
5810 "no CA certificate File configured at [%s:%d].\n",
5811 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005812 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005813 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005814
5815 /* read in the CA certificate */
5816 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005817 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5818 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005819 goto load_error;
5820 }
5821 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005822 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5823 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005824 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005825 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005826 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005827 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005828 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
5829 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005830 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005831 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005832
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005833 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005834 bind_conf->ca_sign_cert = cacert;
5835 bind_conf->ca_sign_pkey = capkey;
5836 return err;
5837
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005838 read_error:
5839 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005840 if (capkey) EVP_PKEY_free(capkey);
5841 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005842 load_error:
5843 bind_conf->generate_certs = 0;
5844 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005845 return err;
5846}
5847
5848/* Release CA cert and private key used to generate certificated */
5849void
5850ssl_sock_free_ca(struct bind_conf *bind_conf)
5851{
Christopher Faulet31af49d2015-06-09 17:29:50 +02005852 if (bind_conf->ca_sign_pkey)
5853 EVP_PKEY_free(bind_conf->ca_sign_pkey);
5854 if (bind_conf->ca_sign_cert)
5855 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01005856 bind_conf->ca_sign_pkey = NULL;
5857 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005858}
5859
Emeric Brun46591952012-05-18 15:47:34 +02005860/*
5861 * This function is called if SSL * context is not yet allocated. The function
5862 * is designed to be called before any other data-layer operation and sets the
5863 * handshake flag on the connection. It is safe to call it multiple times.
5864 * It returns 0 on success and -1 in error case.
5865 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005866static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005867{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005868 struct ssl_sock_ctx *ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005869 /* already initialized */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005870 if (*xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005871 return 0;
5872
Willy Tarreau3c728722014-01-23 13:50:42 +01005873 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005874 return 0;
5875
Olivier Houchard66ab4982019-02-26 18:37:15 +01005876 ctx = pool_alloc(ssl_sock_ctx_pool);
5877 if (!ctx) {
5878 conn->err_code = CO_ER_SSL_NO_MEM;
5879 return -1;
5880 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005881 ctx->wait_event.tasklet = tasklet_new();
5882 if (!ctx->wait_event.tasklet) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005883 conn->err_code = CO_ER_SSL_NO_MEM;
5884 pool_free(ssl_sock_ctx_pool, ctx);
5885 return -1;
5886 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005887 ctx->wait_event.tasklet->process = ssl_sock_io_cb;
5888 ctx->wait_event.tasklet->context = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005889 ctx->wait_event.events = 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005890 ctx->sent_early_data = 0;
5891 ctx->tmp_early_data = -1;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005892 ctx->conn = conn;
Olivier Houchard81284e62019-06-06 13:21:23 +02005893 ctx->send_wait = NULL;
5894 ctx->recv_wait = NULL;
Emeric Brun5762a0d2019-09-06 15:36:02 +02005895 ctx->xprt_st = 0;
5896 ctx->xprt_ctx = NULL;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005897
5898 /* Only work with sockets for now, this should be adapted when we'll
5899 * add QUIC support.
5900 */
5901 ctx->xprt = xprt_get(XPRT_RAW);
Olivier Houchard19afb272019-05-23 18:24:07 +02005902 if (ctx->xprt->init) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005903 if (ctx->xprt->init(conn, &ctx->xprt_ctx) != 0)
5904 goto err;
Olivier Houchard19afb272019-05-23 18:24:07 +02005905 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005906
Willy Tarreau20879a02012-12-03 16:32:10 +01005907 if (global.maxsslconn && sslconns >= global.maxsslconn) {
5908 conn->err_code = CO_ER_SSL_TOO_MANY;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005909 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005910 }
Willy Tarreau403edff2012-09-06 11:58:37 +02005911
Emeric Brun46591952012-05-18 15:47:34 +02005912 /* If it is in client mode initiate SSL session
5913 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005914 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005915 int may_retry = 1;
5916
5917 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02005918 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005919 ctx->ssl = SSL_new(__objt_server(conn->target)->ssl_ctx.ctx);
5920 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005921 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005922 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005923 goto retry_connect;
5924 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005925 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005926 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005927 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005928 ctx->bio = BIO_new(ha_meth);
5929 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005930 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005931 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005932 goto retry_connect;
5933 }
Emeric Brun55476152014-11-12 17:35:37 +01005934 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005935 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005936 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005937 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005938 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005939
Evan Broderbe554312013-06-27 00:05:25 -07005940 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005941 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5942 SSL_free(ctx->ssl);
5943 ctx->ssl = NULL;
Emeric Brun55476152014-11-12 17:35:37 +01005944 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005945 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005946 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005947 goto retry_connect;
5948 }
Emeric Brun55476152014-11-12 17:35:37 +01005949 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005950 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005951 }
5952
Olivier Houchard66ab4982019-02-26 18:37:15 +01005953 SSL_set_connect_state(ctx->ssl);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005954 if (__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5955 const unsigned char *ptr = __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
5956 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, __objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005957 if (sess && !SSL_set_session(ctx->ssl, sess)) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005958 SSL_SESSION_free(sess);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005959 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5960 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Olivier Houcharde6060c52017-11-16 17:42:52 +01005961 } else if (sess) {
5962 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01005963 }
5964 }
Evan Broderbe554312013-06-27 00:05:25 -07005965
Emeric Brun46591952012-05-18 15:47:34 +02005966 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005967 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02005968
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005969 _HA_ATOMIC_ADD(&sslconns, 1);
5970 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005971 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005972 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005973 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005974 if (conn->flags & CO_FL_ERROR)
5975 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005976 return 0;
5977 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005978 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005979 int may_retry = 1;
5980
5981 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02005982 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005983 ctx->ssl = SSL_new(__objt_listener(conn->target)->bind_conf->initial_ctx);
5984 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005985 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005986 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005987 goto retry_accept;
5988 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005989 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005990 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005991 }
Olivier Houchard545989f2019-12-17 15:39:54 +01005992#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
5993 if (__objt_listener(conn->target)->bind_conf->ssl_conf.early_data)
5994 SSL_set_max_early_data(ctx->ssl, global.tune.bufsize - global.tune.maxrewrite);
5995#endif
Emeric Brun46591952012-05-18 15:47:34 +02005996
Olivier Houcharda8955d52019-04-07 22:00:38 +02005997 ctx->bio = BIO_new(ha_meth);
5998 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005999 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01006000 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01006001 goto retry_accept;
6002 }
Emeric Brun55476152014-11-12 17:35:37 +01006003 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006004 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01006005 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02006006 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02006007 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02006008
Emeric Brune1f38db2012-09-03 20:36:47 +02006009 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006010 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
6011 SSL_free(ctx->ssl);
6012 ctx->ssl = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01006013 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01006014 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01006015 goto retry_accept;
6016 }
Emeric Brun55476152014-11-12 17:35:37 +01006017 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006018 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01006019 }
6020
Olivier Houchard66ab4982019-02-26 18:37:15 +01006021 SSL_set_accept_state(ctx->ssl);
Emeric Brune1f38db2012-09-03 20:36:47 +02006022
Emeric Brun46591952012-05-18 15:47:34 +02006023 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02006024 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Emmanuel Hocdetf967c312019-08-05 18:04:16 +02006025#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02006026 conn->flags |= CO_FL_EARLY_SSL_HS;
6027#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02006028
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006029 _HA_ATOMIC_ADD(&sslconns, 1);
6030 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006031 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006032 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006033 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006034 if (conn->flags & CO_FL_ERROR)
6035 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02006036 return 0;
6037 }
6038 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01006039 conn->err_code = CO_ER_SSL_NO_TARGET;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006040err:
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006041 if (ctx && ctx->wait_event.tasklet)
6042 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006043 pool_free(ssl_sock_ctx_pool, ctx);
Emeric Brun46591952012-05-18 15:47:34 +02006044 return -1;
6045}
6046
6047
6048/* This is the callback which is used when an SSL handshake is pending. It
6049 * updates the FD status if it wants some polling before being called again.
6050 * It returns 0 if it fails in a fatal way or needs to poll to go further,
6051 * otherwise it returns non-zero and removes itself from the connection's
6052 * flags (the bit is provided in <flag> by the caller).
6053 */
Olivier Houchard000694c2019-05-23 14:45:12 +02006054static int ssl_sock_handshake(struct connection *conn, unsigned int flag)
Emeric Brun46591952012-05-18 15:47:34 +02006055{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006056 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brun46591952012-05-18 15:47:34 +02006057 int ret;
6058
Willy Tarreau3c728722014-01-23 13:50:42 +01006059 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02006060 return 0;
6061
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02006062 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02006063 goto out_error;
6064
Willy Tarreau5db847a2019-05-09 14:13:35 +02006065#if HA_OPENSSL_VERSION_NUMBER >= 0x10101000L
Olivier Houchardc2aae742017-09-22 18:26:28 +02006066 /*
6067 * Check if we have early data. If we do, we have to read them
6068 * before SSL_do_handshake() is called, And there's no way to
6069 * detect early data, except to try to read them
6070 */
6071 if (conn->flags & CO_FL_EARLY_SSL_HS) {
6072 size_t read_data;
6073
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006074 ret = SSL_read_early_data(ctx->ssl, &ctx->tmp_early_data,
Olivier Houchardc2aae742017-09-22 18:26:28 +02006075 1, &read_data);
6076 if (ret == SSL_READ_EARLY_DATA_ERROR)
6077 goto check_error;
6078 if (ret == SSL_READ_EARLY_DATA_SUCCESS) {
6079 conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
6080 return 1;
6081 } else
6082 conn->flags &= ~CO_FL_EARLY_SSL_HS;
6083 }
6084#endif
Emeric Brun674b7432012-11-08 19:21:55 +01006085 /* If we use SSL_do_handshake to process a reneg initiated by
6086 * the remote peer, it sometimes returns SSL_ERROR_SSL.
6087 * Usually SSL_write and SSL_read are used and process implicitly
6088 * the reneg handshake.
6089 * Here we use SSL_peek as a workaround for reneg.
6090 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006091 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01006092 char c;
6093
Olivier Houchard66ab4982019-02-26 18:37:15 +01006094 ret = SSL_peek(ctx->ssl, &c, 1);
Emeric Brun674b7432012-11-08 19:21:55 +01006095 if (ret <= 0) {
6096 /* handshake may have not been completed, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006097 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006098
Emeric Brun674b7432012-11-08 19:21:55 +01006099 if (ret == SSL_ERROR_WANT_WRITE) {
6100 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02006101 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02006102 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01006103 return 0;
6104 }
6105 else if (ret == SSL_ERROR_WANT_READ) {
6106 /* handshake may have been completed but we have
6107 * no more data to read.
6108 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006109 if (!SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01006110 ret = 1;
6111 goto reneg_ok;
6112 }
6113 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02006114 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02006115 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01006116 return 0;
6117 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02006118#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006119 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006120 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006121 return 0;
6122 }
6123#endif
Emeric Brun674b7432012-11-08 19:21:55 +01006124 else if (ret == SSL_ERROR_SYSCALL) {
6125 /* if errno is null, then connection was successfully established */
6126 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
6127 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01006128 if (!conn->err_code) {
Lukas Tribus49799162019-07-08 14:29:15 +02006129#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
6130 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006131 conn->err_code = CO_ER_SSL_HANDSHAKE;
6132#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006133 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02006134#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus49799162019-07-08 14:29:15 +02006135 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006136 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)ctx->ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006137 empty_handshake = state == TLS_ST_BEFORE;
6138#else
Lukas Tribus49799162019-07-08 14:29:15 +02006139 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
6140 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006141#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006142 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02006143 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006144 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02006145 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6146 else
6147 conn->err_code = CO_ER_SSL_EMPTY;
6148 }
6149 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006150 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02006151 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6152 else
6153 conn->err_code = CO_ER_SSL_ABORT;
6154 }
6155 }
6156 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006157 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02006158 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01006159 else
Emeric Brun29f037d2014-04-25 19:05:36 +02006160 conn->err_code = CO_ER_SSL_HANDSHAKE;
6161 }
Lukas Tribus49799162019-07-08 14:29:15 +02006162#endif /* BoringSSL or LibreSSL */
Willy Tarreau20879a02012-12-03 16:32:10 +01006163 }
Emeric Brun674b7432012-11-08 19:21:55 +01006164 goto out_error;
6165 }
6166 else {
6167 /* Fail on all other handshake errors */
6168 /* Note: OpenSSL may leave unread bytes in the socket's
6169 * buffer, causing an RST to be emitted upon close() on
6170 * TCP sockets. We first try to drain possibly pending
6171 * data to avoid this as much as possible.
6172 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01006173 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01006174 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006175 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02006176 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01006177 goto out_error;
6178 }
6179 }
6180 /* read some data: consider handshake completed */
6181 goto reneg_ok;
6182 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01006183 ret = SSL_do_handshake(ctx->ssl);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006184check_error:
Emeric Brun46591952012-05-18 15:47:34 +02006185 if (ret != 1) {
6186 /* handshake did not complete, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006187 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02006188
6189 if (ret == SSL_ERROR_WANT_WRITE) {
6190 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02006191 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02006192 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02006193 return 0;
6194 }
6195 else if (ret == SSL_ERROR_WANT_READ) {
6196 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchardea8dd942019-05-20 14:02:16 +02006197 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02006198 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6199 SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02006200 return 0;
6201 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02006202#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006203 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006204 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006205 return 0;
6206 }
6207#endif
Willy Tarreau89230192012-09-28 20:22:13 +02006208 else if (ret == SSL_ERROR_SYSCALL) {
6209 /* if errno is null, then connection was successfully established */
6210 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
6211 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006212 if (!conn->err_code) {
Lukas Tribus49799162019-07-08 14:29:15 +02006213#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
6214 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006215 conn->err_code = CO_ER_SSL_HANDSHAKE;
6216#else
6217 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02006218#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus49799162019-07-08 14:29:15 +02006219 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006220 OSSL_HANDSHAKE_STATE state = SSL_get_state(ctx->ssl);
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006221 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006222#else
Lukas Tribus49799162019-07-08 14:29:15 +02006223 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
6224 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006225#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006226 if (empty_handshake) {
6227 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006228 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006229 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6230 else
6231 conn->err_code = CO_ER_SSL_EMPTY;
6232 }
6233 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006234 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006235 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6236 else
6237 conn->err_code = CO_ER_SSL_ABORT;
6238 }
Emeric Brun29f037d2014-04-25 19:05:36 +02006239 }
6240 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006241 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02006242 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
6243 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01006244 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02006245 }
Lukas Tribus49799162019-07-08 14:29:15 +02006246#endif /* BoringSSL or LibreSSL */
Emeric Brun29f037d2014-04-25 19:05:36 +02006247 }
Willy Tarreau89230192012-09-28 20:22:13 +02006248 goto out_error;
6249 }
Emeric Brun46591952012-05-18 15:47:34 +02006250 else {
6251 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02006252 /* Note: OpenSSL may leave unread bytes in the socket's
6253 * buffer, causing an RST to be emitted upon close() on
6254 * TCP sockets. We first try to drain possibly pending
6255 * data to avoid this as much as possible.
6256 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01006257 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01006258 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006259 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02006260 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02006261 goto out_error;
6262 }
6263 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02006264#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard522eea72017-11-03 16:27:47 +01006265 else {
6266 /*
6267 * If the server refused the early data, we have to send a
6268 * 425 to the client, as we no longer have the data to sent
6269 * them again.
6270 */
6271 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006272 if (SSL_get_early_data_status(ctx->ssl) == SSL_EARLY_DATA_REJECTED) {
Olivier Houchard522eea72017-11-03 16:27:47 +01006273 conn->err_code = CO_ER_SSL_EARLY_FAILED;
6274 goto out_error;
6275 }
6276 }
6277 }
6278#endif
6279
Emeric Brun46591952012-05-18 15:47:34 +02006280
Emeric Brun674b7432012-11-08 19:21:55 +01006281reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00006282
Willy Tarreau5db847a2019-05-09 14:13:35 +02006283#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006284 /* ASYNC engine API doesn't support moving read/write
6285 * buffers. So we disable ASYNC mode right after
6286 * the handshake to avoid buffer oveflows.
6287 */
6288 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006289 SSL_clear_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006290#endif
Emeric Brun46591952012-05-18 15:47:34 +02006291 /* Handshake succeeded */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006292 if (!SSL_session_reused(ctx->ssl)) {
Willy Tarreau0c9c2722014-05-28 12:28:58 +02006293 if (objt_server(conn->target)) {
6294 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
6295 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
6296 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02006297 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02006298 else {
6299 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
6300 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
6301 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
6302 }
Emeric Brun46591952012-05-18 15:47:34 +02006303 }
6304
6305 /* The connection is now established at both layers, it's time to leave */
6306 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
6307 return 1;
6308
6309 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01006310 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006311 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006312 ERR_clear_error();
6313
Emeric Brun9fa89732012-10-04 17:09:56 +02006314 /* free resumed session if exists */
Willy Tarreau07d94e42018-09-20 10:57:52 +02006315 if (objt_server(conn->target) && __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
6316 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
6317 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02006318 }
6319
Emeric Brun46591952012-05-18 15:47:34 +02006320 /* Fail on all other handshake errors */
6321 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01006322 if (!conn->err_code)
6323 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02006324 return 0;
6325}
6326
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006327static int ssl_subscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01006328{
Olivier Houchardea8dd942019-05-20 14:02:16 +02006329 struct wait_event *sw;
6330 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006331
Olivier Houchard0ff28652019-06-24 18:57:39 +02006332 if (!ctx)
6333 return -1;
6334
Olivier Houchardea8dd942019-05-20 14:02:16 +02006335 if (event_type & SUB_RETRY_RECV) {
6336 sw = param;
6337 BUG_ON(ctx->recv_wait != NULL || (sw->events & SUB_RETRY_RECV));
6338 sw->events |= SUB_RETRY_RECV;
6339 ctx->recv_wait = sw;
6340 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
6341 !(ctx->wait_event.events & SUB_RETRY_RECV))
6342 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
6343 event_type &= ~SUB_RETRY_RECV;
6344 }
6345 if (event_type & SUB_RETRY_SEND) {
6346sw = param;
6347 BUG_ON(ctx->send_wait != NULL || (sw->events & SUB_RETRY_SEND));
6348 sw->events |= SUB_RETRY_SEND;
6349 ctx->send_wait = sw;
6350 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
6351 !(ctx->wait_event.events & SUB_RETRY_SEND))
6352 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
6353 event_type &= ~SUB_RETRY_SEND;
6354
6355 }
6356 if (event_type != 0)
6357 return -1;
6358 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01006359}
6360
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006361static int ssl_unsubscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01006362{
Olivier Houchardea8dd942019-05-20 14:02:16 +02006363 struct wait_event *sw;
6364 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006365
Olivier Houchardea8dd942019-05-20 14:02:16 +02006366 if (event_type & SUB_RETRY_RECV) {
6367 sw = param;
6368 BUG_ON(ctx->recv_wait != sw);
6369 ctx->recv_wait = NULL;
6370 sw->events &= ~SUB_RETRY_RECV;
6371 /* If we subscribed, and we're not doing the handshake,
6372 * then we subscribed because the upper layer asked for it,
6373 * as the upper layer is no longer interested, we can
6374 * unsubscribe too.
6375 */
6376 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
6377 (ctx->wait_event.events & SUB_RETRY_RECV))
6378 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV,
6379 &ctx->wait_event);
6380 }
6381 if (event_type & SUB_RETRY_SEND) {
6382 sw = param;
6383 BUG_ON(ctx->send_wait != sw);
6384 ctx->send_wait = NULL;
6385 sw->events &= ~SUB_RETRY_SEND;
6386 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
6387 (ctx->wait_event.events & SUB_RETRY_SEND))
6388 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND,
6389 &ctx->wait_event);
6390
6391 }
6392
6393 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01006394}
6395
Olivier Houchard2e055482019-05-27 19:50:12 +02006396/* Use the provided XPRT as an underlying XPRT, and provide the old one.
6397 * Returns 0 on success, and non-zero on failure.
6398 */
6399static int ssl_add_xprt(struct connection *conn, void *xprt_ctx, void *toadd_ctx, const struct xprt_ops *toadd_ops, void **oldxprt_ctx, const struct xprt_ops **oldxprt_ops)
6400{
6401 struct ssl_sock_ctx *ctx = xprt_ctx;
6402
6403 if (oldxprt_ops != NULL)
6404 *oldxprt_ops = ctx->xprt;
6405 if (oldxprt_ctx != NULL)
6406 *oldxprt_ctx = ctx->xprt_ctx;
6407 ctx->xprt = toadd_ops;
6408 ctx->xprt_ctx = toadd_ctx;
6409 return 0;
6410}
6411
Olivier Houchard5149b592019-05-23 17:47:36 +02006412/* Remove the specified xprt. If if it our underlying XPRT, remove it and
6413 * return 0, otherwise just call the remove_xprt method from the underlying
6414 * XPRT.
6415 */
6416static int ssl_remove_xprt(struct connection *conn, void *xprt_ctx, void *toremove_ctx, const struct xprt_ops *newops, void *newctx)
6417{
6418 struct ssl_sock_ctx *ctx = xprt_ctx;
6419
6420 if (ctx->xprt_ctx == toremove_ctx) {
6421 ctx->xprt_ctx = newctx;
6422 ctx->xprt = newops;
6423 return 0;
6424 }
6425 return (ctx->xprt->remove_xprt(conn, ctx->xprt_ctx, toremove_ctx, newops, newctx));
6426}
6427
Olivier Houchardea8dd942019-05-20 14:02:16 +02006428static struct task *ssl_sock_io_cb(struct task *t, void *context, unsigned short state)
6429{
6430 struct ssl_sock_ctx *ctx = context;
6431
6432 /* First if we're doing an handshake, try that */
6433 if (ctx->conn->flags & CO_FL_SSL_WAIT_HS)
6434 ssl_sock_handshake(ctx->conn, CO_FL_SSL_WAIT_HS);
6435 /* If we had an error, or the handshake is done and I/O is available,
6436 * let the upper layer know.
6437 * If no mux was set up yet, and nobody subscribed, then call
6438 * xprt_done_cb() ourself if it's set, or destroy the connection,
6439 * we can't be sure conn_fd_handler() will be called again.
6440 */
6441 if ((ctx->conn->flags & CO_FL_ERROR) ||
6442 !(ctx->conn->flags & CO_FL_SSL_WAIT_HS)) {
6443 int ret = 0;
6444 int woke = 0;
6445
6446 /* On error, wake any waiter */
6447 if (ctx->recv_wait) {
6448 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006449 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006450 ctx->recv_wait = NULL;
6451 woke = 1;
6452 }
6453 if (ctx->send_wait) {
6454 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006455 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006456 ctx->send_wait = NULL;
6457 woke = 1;
6458 }
6459 /* If we're the first xprt for the connection, let the
6460 * upper layers know. If xprt_done_cb() is set, call it,
6461 * otherwise, we should have a mux, so call its wake
6462 * method if we didn't woke a tasklet already.
6463 */
6464 if (ctx->conn->xprt_ctx == ctx) {
6465 if (ctx->conn->xprt_done_cb)
6466 ret = ctx->conn->xprt_done_cb(ctx->conn);
6467 if (ret >= 0 && !woke && ctx->conn->mux && ctx->conn->mux->wake)
6468 ctx->conn->mux->wake(ctx->conn);
6469 return NULL;
6470 }
6471 }
6472 return NULL;
6473}
6474
Emeric Brun46591952012-05-18 15:47:34 +02006475/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01006476 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02006477 * buffer wraps, in which case a second call may be performed. The connection's
6478 * flags are updated with whatever special event is detected (error, read0,
6479 * empty). The caller is responsible for taking care of those events and
6480 * avoiding the call if inappropriate. The function does not call the
6481 * connection's polling update function, so the caller is responsible for this.
6482 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006483static size_t ssl_sock_to_buf(struct connection *conn, void *xprt_ctx, struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02006484{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006485 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreaubfc4d772018-07-18 11:22:03 +02006486 ssize_t ret;
6487 size_t try, done = 0;
Emeric Brun46591952012-05-18 15:47:34 +02006488
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006489 conn_refresh_polling_flags(conn);
6490
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006491 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02006492 goto out_error;
6493
6494 if (conn->flags & CO_FL_HANDSHAKE)
6495 /* a handshake was requested */
6496 return 0;
6497
Emeric Brun46591952012-05-18 15:47:34 +02006498 /* read the largest possible block. For this, we perform only one call
6499 * to recv() unless the buffer wraps and we exactly fill the first hunk,
6500 * in which case we accept to do it once again. A new attempt is made on
6501 * EINTR too.
6502 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01006503 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02006504 int need_out = 0;
6505
Willy Tarreau591d4452018-06-15 17:21:00 +02006506 try = b_contig_space(buf);
6507 if (!try)
6508 break;
6509
Willy Tarreauabf08d92014-01-14 11:31:27 +01006510 if (try > count)
6511 try = count;
Willy Tarreau591d4452018-06-15 17:21:00 +02006512
Olivier Houchardc2aae742017-09-22 18:26:28 +02006513 if (((conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_EARLY_SSL_HS) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006514 ctx->tmp_early_data != -1) {
6515 *b_tail(buf) = ctx->tmp_early_data;
Olivier Houchardc2aae742017-09-22 18:26:28 +02006516 done++;
6517 try--;
6518 count--;
Olivier Houchardacd14032018-06-28 18:17:23 +02006519 b_add(buf, 1);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006520 ctx->tmp_early_data = -1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02006521 continue;
6522 }
Willy Tarreauabf08d92014-01-14 11:31:27 +01006523
Willy Tarreau5db847a2019-05-09 14:13:35 +02006524#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02006525 if (conn->flags & CO_FL_EARLY_SSL_HS) {
6526 size_t read_length;
6527
Olivier Houchard66ab4982019-02-26 18:37:15 +01006528 ret = SSL_read_early_data(ctx->ssl,
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02006529 b_tail(buf), try, &read_length);
Olivier Houchard522eea72017-11-03 16:27:47 +01006530 if (ret == SSL_READ_EARLY_DATA_SUCCESS &&
6531 read_length > 0)
Olivier Houchardc2aae742017-09-22 18:26:28 +02006532 conn->flags |= CO_FL_EARLY_DATA;
6533 if (ret == SSL_READ_EARLY_DATA_SUCCESS ||
6534 ret == SSL_READ_EARLY_DATA_FINISH) {
6535 if (ret == SSL_READ_EARLY_DATA_FINISH) {
6536 /*
6537 * We're done reading the early data,
6538 * let's make the handshake
6539 */
6540 conn->flags &= ~CO_FL_EARLY_SSL_HS;
6541 conn->flags |= CO_FL_SSL_WAIT_HS;
6542 need_out = 1;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006543 /* Now initiate the handshake */
6544 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006545 if (read_length == 0)
6546 break;
6547 }
6548 ret = read_length;
6549 }
6550 } else
6551#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006552 ret = SSL_read(ctx->ssl, b_tail(buf), try);
Emmanuel Hocdetf967c312019-08-05 18:04:16 +02006553
Emeric Brune1f38db2012-09-03 20:36:47 +02006554 if (conn->flags & CO_FL_ERROR) {
6555 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01006556 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02006557 }
Emeric Brun46591952012-05-18 15:47:34 +02006558 if (ret > 0) {
Olivier Houchardacd14032018-06-28 18:17:23 +02006559 b_add(buf, ret);
Emeric Brun46591952012-05-18 15:47:34 +02006560 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02006561 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02006562 }
Emeric Brun46591952012-05-18 15:47:34 +02006563 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006564 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02006565 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01006566 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02006567 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006568 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006569#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006570 /* Async mode can be re-enabled, because we're leaving data state.*/
6571 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006572 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006573#endif
Emeric Brun46591952012-05-18 15:47:34 +02006574 break;
6575 }
6576 else if (ret == SSL_ERROR_WANT_READ) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006577 if (SSL_renegotiate_pending(ctx->ssl)) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006578 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6579 SUB_RETRY_RECV,
6580 &ctx->wait_event);
Emeric Brun282a76a2012-11-08 18:02:56 +01006581 /* handshake is running, and it may need to re-enable read */
6582 conn->flags |= CO_FL_SSL_WAIT_HS;
Willy Tarreau5db847a2019-05-09 14:13:35 +02006583#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006584 /* Async mode can be re-enabled, because we're leaving data state.*/
6585 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006586 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006587#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01006588 break;
6589 }
Emeric Brun46591952012-05-18 15:47:34 +02006590 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02006591 } else if (ret == SSL_ERROR_ZERO_RETURN)
6592 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01006593 /* For SSL_ERROR_SYSCALL, make sure to clear the error
6594 * stack before shutting down the connection for
6595 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01006596 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
6597 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02006598 /* otherwise it's a real error */
6599 goto out_error;
6600 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02006601 if (need_out)
6602 break;
Emeric Brun46591952012-05-18 15:47:34 +02006603 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006604 leave:
Emeric Brun46591952012-05-18 15:47:34 +02006605 return done;
6606
Christopher Faulet4ac77a92018-02-19 14:25:15 +01006607 clear_ssl_error:
6608 /* Clear openssl global errors stack */
6609 ssl_sock_dump_errors(conn);
6610 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02006611 read0:
6612 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006613 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01006614
Emeric Brun46591952012-05-18 15:47:34 +02006615 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01006616 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01006617 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006618 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006619 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006620 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02006621}
6622
6623
Willy Tarreau787db9a2018-06-14 18:31:46 +02006624/* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s
6625 * socket. <flags> may contain some CO_SFL_* flags to hint the system about
6626 * other pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02006627 * Only one call to send() is performed, unless the buffer wraps, in which case
6628 * a second call may be performed. The connection's flags are updated with
6629 * whatever special event is detected (error, empty). The caller is responsible
6630 * for taking care of those events and avoiding the call if inappropriate. The
6631 * function does not call the connection's polling update function, so the caller
Willy Tarreau787db9a2018-06-14 18:31:46 +02006632 * is responsible for this. The buffer's output is not adjusted, it's up to the
6633 * caller to take care of this. It's up to the caller to update the buffer's
6634 * contents based on the return value.
Emeric Brun46591952012-05-18 15:47:34 +02006635 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006636static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02006637{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006638 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreau787db9a2018-06-14 18:31:46 +02006639 ssize_t ret;
6640 size_t try, done;
Emeric Brun46591952012-05-18 15:47:34 +02006641
6642 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006643 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02006644
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006645 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02006646 goto out_error;
6647
Olivier Houchard010941f2019-05-03 20:56:19 +02006648 if (conn->flags & (CO_FL_HANDSHAKE | CO_FL_EARLY_SSL_HS))
Emeric Brun46591952012-05-18 15:47:34 +02006649 /* a handshake was requested */
6650 return 0;
6651
6652 /* send the largest possible block. For this we perform only one call
6653 * to send() unless the buffer wraps and we exactly fill the first hunk,
6654 * in which case we accept to do it once again.
6655 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02006656 while (count) {
Willy Tarreau5db847a2019-05-09 14:13:35 +02006657#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02006658 size_t written_data;
6659#endif
6660
Willy Tarreau787db9a2018-06-14 18:31:46 +02006661 try = b_contig_data(buf, done);
6662 if (try > count)
6663 try = count;
Willy Tarreaubfd59462013-02-21 07:46:09 +01006664
Willy Tarreau7bed9452014-02-02 02:00:24 +01006665 if (!(flags & CO_SFL_STREAMER) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006666 !(ctx->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01006667 global_ssl.max_record && try > global_ssl.max_record) {
6668 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01006669 }
6670 else {
6671 /* we need to keep the information about the fact that
6672 * we're not limiting the upcoming send(), because if it
6673 * fails, we'll have to retry with at least as many data.
6674 */
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006675 ctx->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau518cedd2014-02-17 15:43:01 +01006676 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01006677
Willy Tarreau5db847a2019-05-09 14:13:35 +02006678#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard010941f2019-05-03 20:56:19 +02006679 if (!SSL_is_init_finished(ctx->ssl) && conn_is_back(conn)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02006680 unsigned int max_early;
6681
Olivier Houchard522eea72017-11-03 16:27:47 +01006682 if (objt_listener(conn->target))
Olivier Houchard66ab4982019-02-26 18:37:15 +01006683 max_early = SSL_get_max_early_data(ctx->ssl);
Olivier Houchard522eea72017-11-03 16:27:47 +01006684 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006685 if (SSL_get0_session(ctx->ssl))
6686 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(ctx->ssl));
Olivier Houchard522eea72017-11-03 16:27:47 +01006687 else
6688 max_early = 0;
6689 }
6690
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006691 if (try + ctx->sent_early_data > max_early) {
6692 try -= (try + ctx->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01006693 if (try <= 0) {
Olivier Houchard010941f2019-05-03 20:56:19 +02006694 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006695 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006696 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01006697 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02006698 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01006699 ret = SSL_write_early_data(ctx->ssl, b_peek(buf, done), try, &written_data);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006700 if (ret == 1) {
6701 ret = written_data;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006702 ctx->sent_early_data += ret;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006703 if (objt_server(conn->target)) {
Olivier Houchard522eea72017-11-03 16:27:47 +01006704 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006705 /* Initiate the handshake, now */
6706 tasklet_wakeup(ctx->wait_event.tasklet);
6707 }
Olivier Houchard522eea72017-11-03 16:27:47 +01006708
Olivier Houchardc2aae742017-09-22 18:26:28 +02006709 }
6710
6711 } else
6712#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006713 ret = SSL_write(ctx->ssl, b_peek(buf, done), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01006714
Emeric Brune1f38db2012-09-03 20:36:47 +02006715 if (conn->flags & CO_FL_ERROR) {
6716 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01006717 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02006718 }
Emeric Brun46591952012-05-18 15:47:34 +02006719 if (ret > 0) {
Olivier Houchardf24502b2019-01-17 19:09:11 +01006720 /* A send succeeded, so we can consier ourself connected */
6721 conn->flags |= CO_FL_CONNECTED;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006722 ctx->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau787db9a2018-06-14 18:31:46 +02006723 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02006724 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02006725 }
6726 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006727 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006728
Emeric Brun46591952012-05-18 15:47:34 +02006729 if (ret == SSL_ERROR_WANT_WRITE) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006730 if (SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun282a76a2012-11-08 18:02:56 +01006731 /* handshake is running, and it may need to re-enable write */
6732 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006733 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006734#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006735 /* Async mode can be re-enabled, because we're leaving data state.*/
6736 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006737 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006738#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01006739 break;
6740 }
Olivier Houchardea8dd942019-05-20 14:02:16 +02006741
Emeric Brun46591952012-05-18 15:47:34 +02006742 break;
6743 }
6744 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01006745 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02006746 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006747 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6748 SUB_RETRY_RECV,
6749 &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006750#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006751 /* Async mode can be re-enabled, because we're leaving data state.*/
6752 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006753 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006754#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006755 break;
6756 }
Emeric Brun46591952012-05-18 15:47:34 +02006757 goto out_error;
6758 }
6759 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006760 leave:
Emeric Brun46591952012-05-18 15:47:34 +02006761 return done;
6762
6763 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01006764 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006765 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006766 ERR_clear_error();
6767
Emeric Brun46591952012-05-18 15:47:34 +02006768 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006769 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02006770}
6771
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006772static void ssl_sock_close(struct connection *conn, void *xprt_ctx) {
Emeric Brun46591952012-05-18 15:47:34 +02006773
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006774 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006775
Olivier Houchardea8dd942019-05-20 14:02:16 +02006776
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006777 if (ctx) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006778 if (ctx->wait_event.events != 0)
6779 ctx->xprt->unsubscribe(ctx->conn, ctx->xprt_ctx,
6780 ctx->wait_event.events,
6781 &ctx->wait_event);
6782 if (ctx->send_wait) {
6783 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006784 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006785 }
6786 if (ctx->recv_wait) {
6787 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006788 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006789 }
Olivier Houchard692c1d02019-05-23 18:41:47 +02006790 if (ctx->xprt->close)
6791 ctx->xprt->close(conn, ctx->xprt_ctx);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006792#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02006793 if (global_ssl.async) {
6794 OSSL_ASYNC_FD all_fd[32], afd;
6795 size_t num_all_fds = 0;
6796 int i;
6797
Olivier Houchard66ab4982019-02-26 18:37:15 +01006798 SSL_get_all_async_fds(ctx->ssl, NULL, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006799 if (num_all_fds > 32) {
6800 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
6801 return;
6802 }
6803
Olivier Houchard66ab4982019-02-26 18:37:15 +01006804 SSL_get_all_async_fds(ctx->ssl, all_fd, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006805
6806 /* If an async job is pending, we must try to
6807 to catch the end using polling before calling
6808 SSL_free */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006809 if (num_all_fds && SSL_waiting_for_async(ctx->ssl)) {
Emeric Brun3854e012017-05-17 20:42:48 +02006810 for (i=0 ; i < num_all_fds ; i++) {
6811 /* switch on an handler designed to
6812 * handle the SSL_free
6813 */
6814 afd = all_fd[i];
6815 fdtab[afd].iocb = ssl_async_fd_free;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006816 fdtab[afd].owner = ctx->ssl;
Emeric Brun3854e012017-05-17 20:42:48 +02006817 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00006818 /* To ensure that the fd cache won't be used
6819 * and we'll catch a real RD event.
6820 */
6821 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02006822 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006823 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006824 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006825 _HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006826 return;
6827 }
Emeric Brun3854e012017-05-17 20:42:48 +02006828 /* Else we can remove the fds from the fdtab
6829 * and call SSL_free.
6830 * note: we do a fd_remove and not a delete
6831 * because the fd is owned by the engine.
6832 * the engine is responsible to close
6833 */
6834 for (i=0 ; i < num_all_fds ; i++)
6835 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006836 }
6837#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006838 SSL_free(ctx->ssl);
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006839 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006840 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006841 _HA_ATOMIC_SUB(&sslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006842 }
Emeric Brun46591952012-05-18 15:47:34 +02006843}
6844
6845/* This function tries to perform a clean shutdown on an SSL connection, and in
6846 * any case, flags the connection as reusable if no handshake was in progress.
6847 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006848static void ssl_sock_shutw(struct connection *conn, void *xprt_ctx, int clean)
Emeric Brun46591952012-05-18 15:47:34 +02006849{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006850 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006851
Emeric Brun46591952012-05-18 15:47:34 +02006852 if (conn->flags & CO_FL_HANDSHAKE)
6853 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01006854 if (!clean)
6855 /* don't sent notify on SSL_shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006856 SSL_set_quiet_shutdown(ctx->ssl, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006857 /* no handshake was in progress, try a clean ssl shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006858 if (SSL_shutdown(ctx->ssl) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01006859 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006860 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006861 ERR_clear_error();
6862 }
Emeric Brun46591952012-05-18 15:47:34 +02006863}
6864
William Lallemandd4f946c2019-12-05 10:26:40 +01006865/* fill a buffer with the algorithm and size of a public key */
6866static int cert_get_pkey_algo(X509 *crt, struct buffer *out)
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006867{
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006868 int bits = 0;
6869 int sig = TLSEXT_signature_anonymous;
6870 int len = -1;
Emmanuel Hocdetc3775d22019-11-04 18:19:32 +01006871 EVP_PKEY *pkey;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006872
Emmanuel Hocdetc3775d22019-11-04 18:19:32 +01006873 pkey = X509_get_pubkey(crt);
6874 if (pkey) {
6875 bits = EVP_PKEY_bits(pkey);
6876 switch(EVP_PKEY_base_id(pkey)) {
6877 case EVP_PKEY_RSA:
6878 sig = TLSEXT_signature_rsa;
6879 break;
6880 case EVP_PKEY_EC:
6881 sig = TLSEXT_signature_ecdsa;
6882 break;
6883 case EVP_PKEY_DSA:
6884 sig = TLSEXT_signature_dsa;
6885 break;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006886 }
Emmanuel Hocdetc3775d22019-11-04 18:19:32 +01006887 EVP_PKEY_free(pkey);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006888 }
6889
6890 switch(sig) {
6891 case TLSEXT_signature_rsa:
6892 len = chunk_printf(out, "RSA%d", bits);
6893 break;
6894 case TLSEXT_signature_ecdsa:
6895 len = chunk_printf(out, "EC%d", bits);
6896 break;
6897 case TLSEXT_signature_dsa:
6898 len = chunk_printf(out, "DSA%d", bits);
6899 break;
6900 default:
6901 return 0;
6902 }
6903 if (len < 0)
6904 return 0;
6905 return 1;
6906}
6907
William Lallemandd4f946c2019-12-05 10:26:40 +01006908/* used for ppv2 pkey alog (can be used for logging) */
6909int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
6910{
6911 struct ssl_sock_ctx *ctx;
6912 X509 *crt;
6913
6914 if (!ssl_sock_is_ssl(conn))
6915 return 0;
6916
6917 ctx = conn->xprt_ctx;
6918
6919 crt = SSL_get_certificate(ctx->ssl);
6920 if (!crt)
6921 return 0;
6922
6923 return cert_get_pkey_algo(crt, out);
6924}
6925
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006926/* used for ppv2 cert signature (can be used for logging) */
6927const char *ssl_sock_get_cert_sig(struct connection *conn)
6928{
Christopher Faulet82004142019-09-10 10:12:03 +02006929 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006930
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006931 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
6932 X509 *crt;
6933
6934 if (!ssl_sock_is_ssl(conn))
6935 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006936 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006937 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006938 if (!crt)
6939 return NULL;
6940 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6941 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
6942}
6943
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006944/* used for ppv2 authority */
6945const char *ssl_sock_get_sni(struct connection *conn)
6946{
6947#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet82004142019-09-10 10:12:03 +02006948 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006949
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006950 if (!ssl_sock_is_ssl(conn))
6951 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006952 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006953 return SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006954#else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006955 return NULL;
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006956#endif
6957}
6958
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006959/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006960const char *ssl_sock_get_cipher_name(struct connection *conn)
6961{
Christopher Faulet82004142019-09-10 10:12:03 +02006962 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006963
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006964 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006965 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006966 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006967 return SSL_get_cipher_name(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006968}
6969
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006970/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006971const char *ssl_sock_get_proto_version(struct connection *conn)
6972{
Christopher Faulet82004142019-09-10 10:12:03 +02006973 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006974
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006975 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006976 return NULL;
Christopher Faulet82004142019-09-10 10:12:03 +02006977 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006978 return SSL_get_version(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006979}
6980
Willy Tarreau8d598402012-10-22 17:58:39 +02006981/* Extract a serial from a cert, and copy it to a chunk.
6982 * Returns 1 if serial is found and copied, 0 if no serial found and
6983 * -1 if output is not large enough.
6984 */
6985static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006986ssl_sock_get_serial(X509 *crt, struct buffer *out)
Willy Tarreau8d598402012-10-22 17:58:39 +02006987{
6988 ASN1_INTEGER *serial;
6989
6990 serial = X509_get_serialNumber(crt);
6991 if (!serial)
6992 return 0;
6993
6994 if (out->size < serial->length)
6995 return -1;
6996
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006997 memcpy(out->area, serial->data, serial->length);
6998 out->data = serial->length;
Willy Tarreau8d598402012-10-22 17:58:39 +02006999 return 1;
7000}
7001
Emeric Brun43e79582014-10-29 19:03:26 +01007002/* Extract a cert to der, and copy it to a chunk.
Joseph Herlant017b3da2018-11-15 09:07:59 -08007003 * Returns 1 if the cert is found and copied, 0 on der conversion failure
7004 * and -1 if the output is not large enough.
Emeric Brun43e79582014-10-29 19:03:26 +01007005 */
7006static int
Willy Tarreau83061a82018-07-13 11:56:34 +02007007ssl_sock_crt2der(X509 *crt, struct buffer *out)
Emeric Brun43e79582014-10-29 19:03:26 +01007008{
7009 int len;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007010 unsigned char *p = (unsigned char *) out->area;;
Emeric Brun43e79582014-10-29 19:03:26 +01007011
7012 len =i2d_X509(crt, NULL);
7013 if (len <= 0)
7014 return 1;
7015
7016 if (out->size < len)
7017 return -1;
7018
7019 i2d_X509(crt,&p);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007020 out->data = len;
Emeric Brun43e79582014-10-29 19:03:26 +01007021 return 1;
7022}
7023
Emeric Brunce5ad802012-10-22 14:11:22 +02007024
Willy Tarreau83061a82018-07-13 11:56:34 +02007025/* Copy Date in ASN1_UTCTIME format in struct buffer out.
Emeric Brunce5ad802012-10-22 14:11:22 +02007026 * Returns 1 if serial is found and copied, 0 if no valid time found
7027 * and -1 if output is not large enough.
7028 */
7029static int
Willy Tarreau83061a82018-07-13 11:56:34 +02007030ssl_sock_get_time(ASN1_TIME *tm, struct buffer *out)
Emeric Brunce5ad802012-10-22 14:11:22 +02007031{
7032 if (tm->type == V_ASN1_GENERALIZEDTIME) {
7033 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
7034
7035 if (gentm->length < 12)
7036 return 0;
7037 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
7038 return 0;
7039 if (out->size < gentm->length-2)
7040 return -1;
7041
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007042 memcpy(out->area, gentm->data+2, gentm->length-2);
7043 out->data = gentm->length-2;
Emeric Brunce5ad802012-10-22 14:11:22 +02007044 return 1;
7045 }
7046 else if (tm->type == V_ASN1_UTCTIME) {
7047 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
7048
7049 if (utctm->length < 10)
7050 return 0;
7051 if (utctm->data[0] >= 0x35)
7052 return 0;
7053 if (out->size < utctm->length)
7054 return -1;
7055
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007056 memcpy(out->area, utctm->data, utctm->length);
7057 out->data = utctm->length;
Emeric Brunce5ad802012-10-22 14:11:22 +02007058 return 1;
7059 }
7060
7061 return 0;
7062}
7063
Emeric Brun87855892012-10-17 17:39:35 +02007064/* Extract an entry from a X509_NAME and copy its value to an output chunk.
7065 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
7066 */
7067static int
Willy Tarreau83061a82018-07-13 11:56:34 +02007068ssl_sock_get_dn_entry(X509_NAME *a, const struct buffer *entry, int pos,
7069 struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02007070{
7071 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007072 ASN1_OBJECT *obj;
7073 ASN1_STRING *data;
7074 const unsigned char *data_ptr;
7075 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02007076 int i, j, n;
7077 int cur = 0;
7078 const char *s;
7079 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007080 int name_count;
7081
7082 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02007083
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007084 out->data = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007085 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02007086 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007087 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02007088 else
7089 j = i;
7090
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007091 ne = X509_NAME_get_entry(a, j);
7092 obj = X509_NAME_ENTRY_get_object(ne);
7093 data = X509_NAME_ENTRY_get_data(ne);
7094 data_ptr = ASN1_STRING_get0_data(data);
7095 data_len = ASN1_STRING_length(data);
7096 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02007097 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007098 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02007099 s = tmp;
7100 }
7101
7102 if (chunk_strcasecmp(entry, s) != 0)
7103 continue;
7104
7105 if (pos < 0)
7106 cur--;
7107 else
7108 cur++;
7109
7110 if (cur != pos)
7111 continue;
7112
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007113 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02007114 return -1;
7115
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007116 memcpy(out->area, data_ptr, data_len);
7117 out->data = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02007118 return 1;
7119 }
7120
7121 return 0;
7122
William Lallemandd4f946c2019-12-05 10:26:40 +01007123}
7124
7125/*
7126 * Extract and format the DNS SAN extensions and copy result into a chuink
7127 * Return 0;
7128 */
7129#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
7130static int ssl_sock_get_san_oneline(X509 *cert, struct buffer *out)
7131{
7132 int i;
7133 char *str;
7134 STACK_OF(GENERAL_NAME) *names = NULL;
7135
7136 names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
7137 if (names) {
7138 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
7139 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
7140 if (i > 0)
7141 chunk_appendf(out, ", ");
7142 if (name->type == GEN_DNS) {
7143 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
7144 chunk_appendf(out, "DNS:%s", str);
7145 OPENSSL_free(str);
7146 }
7147 }
7148 }
7149 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
7150 }
7151 return 0;
Emeric Brun87855892012-10-17 17:39:35 +02007152}
William Lallemandd4f946c2019-12-05 10:26:40 +01007153#endif
Emeric Brun87855892012-10-17 17:39:35 +02007154
7155/* Extract and format full DN from a X509_NAME and copy result into a chunk
7156 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
7157 */
7158static int
Willy Tarreau83061a82018-07-13 11:56:34 +02007159ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02007160{
7161 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007162 ASN1_OBJECT *obj;
7163 ASN1_STRING *data;
7164 const unsigned char *data_ptr;
7165 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02007166 int i, n, ln;
7167 int l = 0;
7168 const char *s;
7169 char *p;
7170 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007171 int name_count;
7172
7173
7174 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02007175
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007176 out->data = 0;
7177 p = out->area;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007178 for (i = 0; i < name_count; i++) {
7179 ne = X509_NAME_get_entry(a, i);
7180 obj = X509_NAME_ENTRY_get_object(ne);
7181 data = X509_NAME_ENTRY_get_data(ne);
7182 data_ptr = ASN1_STRING_get0_data(data);
7183 data_len = ASN1_STRING_length(data);
7184 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02007185 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007186 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02007187 s = tmp;
7188 }
7189 ln = strlen(s);
7190
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007191 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02007192 if (l > out->size)
7193 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007194 out->data = l;
Emeric Brun87855892012-10-17 17:39:35 +02007195
7196 *(p++)='/';
7197 memcpy(p, s, ln);
7198 p += ln;
7199 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007200 memcpy(p, data_ptr, data_len);
7201 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02007202 }
7203
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007204 if (!out->data)
Emeric Brun87855892012-10-17 17:39:35 +02007205 return 0;
7206
7207 return 1;
7208}
7209
Olivier Houchardab28a322018-12-21 19:45:40 +01007210void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int len)
7211{
7212#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Christopher Faulet82004142019-09-10 10:12:03 +02007213 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007214
Olivier Houcharde488ea82019-06-28 14:10:33 +02007215 if (!ssl_sock_is_ssl(conn))
7216 return;
Christopher Faulet82004142019-09-10 10:12:03 +02007217 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007218 SSL_set_alpn_protos(ctx->ssl, alpn, len);
Olivier Houchardab28a322018-12-21 19:45:40 +01007219#endif
7220}
7221
Willy Tarreau119a4082016-12-22 21:58:38 +01007222/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
7223 * to disable SNI.
7224 */
Willy Tarreau63076412015-07-10 11:33:32 +02007225void ssl_sock_set_servername(struct connection *conn, const char *hostname)
7226{
7227#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet82004142019-09-10 10:12:03 +02007228 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007229
Willy Tarreau119a4082016-12-22 21:58:38 +01007230 char *prev_name;
7231
Willy Tarreau63076412015-07-10 11:33:32 +02007232 if (!ssl_sock_is_ssl(conn))
7233 return;
Christopher Faulet82004142019-09-10 10:12:03 +02007234 ctx = conn->xprt_ctx;
Willy Tarreau63076412015-07-10 11:33:32 +02007235
Willy Tarreau119a4082016-12-22 21:58:38 +01007236 /* if the SNI changes, we must destroy the reusable context so that a
7237 * new connection will present a new SNI. As an optimization we could
7238 * later imagine having a small cache of ssl_ctx to hold a few SNI per
7239 * server.
7240 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007241 prev_name = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau119a4082016-12-22 21:58:38 +01007242 if ((!prev_name && hostname) ||
7243 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
Olivier Houchard66ab4982019-02-26 18:37:15 +01007244 SSL_set_session(ctx->ssl, NULL);
Willy Tarreau119a4082016-12-22 21:58:38 +01007245
Olivier Houchard66ab4982019-02-26 18:37:15 +01007246 SSL_set_tlsext_host_name(ctx->ssl, hostname);
Willy Tarreau63076412015-07-10 11:33:32 +02007247#endif
7248}
7249
Emeric Brun0abf8362014-06-24 18:26:41 +02007250/* Extract peer certificate's common name into the chunk dest
7251 * Returns
7252 * the len of the extracted common name
7253 * or 0 if no CN found in DN
7254 * or -1 on error case (i.e. no peer certificate)
7255 */
Willy Tarreau83061a82018-07-13 11:56:34 +02007256int ssl_sock_get_remote_common_name(struct connection *conn,
7257 struct buffer *dest)
David Safb76832014-05-08 23:42:08 -04007258{
Christopher Faulet82004142019-09-10 10:12:03 +02007259 struct ssl_sock_ctx *ctx;
David Safb76832014-05-08 23:42:08 -04007260 X509 *crt = NULL;
7261 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04007262 const char find_cn[] = "CN";
Willy Tarreau83061a82018-07-13 11:56:34 +02007263 const struct buffer find_cn_chunk = {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007264 .area = (char *)&find_cn,
7265 .data = sizeof(find_cn)-1
David Safb76832014-05-08 23:42:08 -04007266 };
Emeric Brun0abf8362014-06-24 18:26:41 +02007267 int result = -1;
David Safb76832014-05-08 23:42:08 -04007268
7269 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02007270 goto out;
Christopher Faulet82004142019-09-10 10:12:03 +02007271 ctx = conn->xprt_ctx;
David Safb76832014-05-08 23:42:08 -04007272
7273 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007274 crt = SSL_get_peer_certificate(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04007275 if (!crt)
7276 goto out;
7277
7278 name = X509_get_subject_name(crt);
7279 if (!name)
7280 goto out;
David Safb76832014-05-08 23:42:08 -04007281
Emeric Brun0abf8362014-06-24 18:26:41 +02007282 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
7283out:
David Safb76832014-05-08 23:42:08 -04007284 if (crt)
7285 X509_free(crt);
7286
7287 return result;
7288}
7289
Dave McCowan328fb582014-07-30 10:39:13 -04007290/* returns 1 if client passed a certificate for this session, 0 if not */
7291int ssl_sock_get_cert_used_sess(struct connection *conn)
7292{
Christopher Faulet82004142019-09-10 10:12:03 +02007293 struct ssl_sock_ctx *ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04007294 X509 *crt = NULL;
7295
7296 if (!ssl_sock_is_ssl(conn))
7297 return 0;
Christopher Faulet82004142019-09-10 10:12:03 +02007298 ctx = conn->xprt_ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04007299
7300 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007301 crt = SSL_get_peer_certificate(ctx->ssl);
Dave McCowan328fb582014-07-30 10:39:13 -04007302 if (!crt)
7303 return 0;
7304
7305 X509_free(crt);
7306 return 1;
7307}
7308
7309/* returns 1 if client passed a certificate for this connection, 0 if not */
7310int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04007311{
Christopher Faulet82004142019-09-10 10:12:03 +02007312 struct ssl_sock_ctx *ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007313
David Safb76832014-05-08 23:42:08 -04007314 if (!ssl_sock_is_ssl(conn))
7315 return 0;
Christopher Faulet82004142019-09-10 10:12:03 +02007316 ctx = conn->xprt_ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007317 return SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
David Safb76832014-05-08 23:42:08 -04007318}
7319
7320/* returns result from SSL verify */
7321unsigned int ssl_sock_get_verify_result(struct connection *conn)
7322{
Christopher Faulet82004142019-09-10 10:12:03 +02007323 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007324
David Safb76832014-05-08 23:42:08 -04007325 if (!ssl_sock_is_ssl(conn))
7326 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
Christopher Faulet82004142019-09-10 10:12:03 +02007327 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007328 return (unsigned int)SSL_get_verify_result(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04007329}
7330
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007331/* Returns the application layer protocol name in <str> and <len> when known.
7332 * Zero is returned if the protocol name was not found, otherwise non-zero is
7333 * returned. The string is allocated in the SSL context and doesn't have to be
7334 * freed by the caller. NPN is also checked if available since older versions
7335 * of openssl (1.0.1) which are more common in field only support this one.
7336 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01007337static int ssl_sock_get_alpn(const struct connection *conn, void *xprt_ctx, const char **str, int *len)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007338{
Olivier Houchard66ab4982019-02-26 18:37:15 +01007339#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) || \
7340 defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houcharde179d0e2019-03-21 18:27:17 +01007341 struct ssl_sock_ctx *ctx = xprt_ctx;
7342 if (!ctx)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007343 return 0;
7344
7345 *str = NULL;
7346
7347#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Olivier Houchard66ab4982019-02-26 18:37:15 +01007348 SSL_get0_alpn_selected(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007349 if (*str)
7350 return 1;
7351#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01007352#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007353 SSL_get0_next_proto_negotiated(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007354 if (*str)
7355 return 1;
7356#endif
Olivier Houcharde179d0e2019-03-21 18:27:17 +01007357#endif
Willy Tarreau8743f7e2016-12-04 18:44:29 +01007358 return 0;
7359}
7360
Willy Tarreau7875d092012-09-10 08:20:03 +02007361/***** Below are some sample fetching functions for ACL/patterns *****/
7362
Olivier Houchardccaa7de2017-10-02 11:51:03 +02007363static int
7364smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
7365{
7366 struct connection *conn;
7367
7368 conn = objt_conn(smp->sess->origin);
7369 if (!conn || conn->xprt != &ssl_sock)
7370 return 0;
7371
7372 smp->flags = 0;
7373 smp->data.type = SMP_T_BOOL;
Emmanuel Hocdetc9858012019-08-07 14:44:49 +02007374#ifdef OPENSSL_IS_BORINGSSL
7375 {
7376 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
7377 smp->data.u.sint = (SSL_in_early_data(ctx->ssl) &&
7378 SSL_early_data_accepted(ctx->ssl));
7379 }
7380#else
Olivier Houchard25ae45a2017-11-29 19:51:19 +01007381 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
7382 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_HANDSHAKE))) ? 1 : 0;
Emmanuel Hocdetc9858012019-08-07 14:44:49 +02007383#endif
Olivier Houchardccaa7de2017-10-02 11:51:03 +02007384 return 1;
7385}
7386
Emeric Brune64aef12012-09-21 13:15:06 +02007387/* boolean, returns true if client cert was present */
7388static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007389smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02007390{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007391 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007392 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007393
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007394 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007395 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02007396 return 0;
7397
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007398 ctx = conn->xprt_ctx;
7399
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007400 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02007401 smp->flags |= SMP_F_MAY_CHANGE;
7402 return 0;
7403 }
7404
7405 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007406 smp->data.type = SMP_T_BOOL;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007407 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02007408
7409 return 1;
7410}
7411
Emeric Brun43e79582014-10-29 19:03:26 +01007412/* binary, returns a certificate in a binary chunk (der/raw).
7413 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7414 * should be use.
7415 */
7416static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007417smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01007418{
7419 int cert_peer = (kw[4] == 'c') ? 1 : 0;
7420 X509 *crt = NULL;
7421 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007422 struct buffer *smp_trash;
Emeric Brun43e79582014-10-29 19:03:26 +01007423 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007424 struct ssl_sock_ctx *ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01007425
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007426 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01007427 if (!conn || conn->xprt != &ssl_sock)
7428 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007429 ctx = conn->xprt_ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01007430
7431 if (!(conn->flags & CO_FL_CONNECTED)) {
7432 smp->flags |= SMP_F_MAY_CHANGE;
7433 return 0;
7434 }
7435
7436 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007437 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01007438 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007439 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01007440
7441 if (!crt)
7442 goto out;
7443
7444 smp_trash = get_trash_chunk();
7445 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
7446 goto out;
7447
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007448 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007449 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01007450 ret = 1;
7451out:
7452 /* SSL_get_peer_certificate, it increase X509 * ref count */
7453 if (cert_peer && crt)
7454 X509_free(crt);
7455 return ret;
7456}
7457
Emeric Brunba841a12014-04-30 17:05:08 +02007458/* binary, returns serial of certificate in a binary chunk.
7459 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7460 * should be use.
7461 */
Willy Tarreau8d598402012-10-22 17:58:39 +02007462static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007463smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02007464{
Emeric Brunba841a12014-04-30 17:05:08 +02007465 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02007466 X509 *crt = NULL;
7467 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007468 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007469 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007470 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007471
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007472 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007473 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02007474 return 0;
7475
Olivier Houchard66ab4982019-02-26 18:37:15 +01007476 ctx = conn->xprt_ctx;
7477
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007478 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02007479 smp->flags |= SMP_F_MAY_CHANGE;
7480 return 0;
7481 }
7482
Emeric Brunba841a12014-04-30 17:05:08 +02007483 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007484 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007485 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007486 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007487
Willy Tarreau8d598402012-10-22 17:58:39 +02007488 if (!crt)
7489 goto out;
7490
Willy Tarreau47ca5452012-12-23 20:22:19 +01007491 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02007492 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
7493 goto out;
7494
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007495 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007496 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02007497 ret = 1;
7498out:
Emeric Brunba841a12014-04-30 17:05:08 +02007499 /* SSL_get_peer_certificate, it increase X509 * ref count */
7500 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02007501 X509_free(crt);
7502 return ret;
7503}
Emeric Brune64aef12012-09-21 13:15:06 +02007504
Emeric Brunba841a12014-04-30 17:05:08 +02007505/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
7506 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7507 * should be use.
7508 */
James Votha051b4a2013-05-14 20:37:59 +02007509static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007510smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02007511{
Emeric Brunba841a12014-04-30 17:05:08 +02007512 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02007513 X509 *crt = NULL;
7514 const EVP_MD *digest;
7515 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007516 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007517 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007518 struct ssl_sock_ctx *ctx;
James Votha051b4a2013-05-14 20:37:59 +02007519
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007520 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007521 if (!conn || conn->xprt != &ssl_sock)
7522 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007523 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007524
7525 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02007526 smp->flags |= SMP_F_MAY_CHANGE;
7527 return 0;
7528 }
7529
Emeric Brunba841a12014-04-30 17:05:08 +02007530 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007531 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007532 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007533 crt = SSL_get_certificate(ctx->ssl);
James Votha051b4a2013-05-14 20:37:59 +02007534 if (!crt)
7535 goto out;
7536
7537 smp_trash = get_trash_chunk();
7538 digest = EVP_sha1();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007539 X509_digest(crt, digest, (unsigned char *) smp_trash->area,
7540 (unsigned int *)&smp_trash->data);
James Votha051b4a2013-05-14 20:37:59 +02007541
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007542 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007543 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02007544 ret = 1;
7545out:
Emeric Brunba841a12014-04-30 17:05:08 +02007546 /* SSL_get_peer_certificate, it increase X509 * ref count */
7547 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02007548 X509_free(crt);
7549 return ret;
7550}
7551
Emeric Brunba841a12014-04-30 17:05:08 +02007552/* string, returns certificate's notafter date in ASN1_UTCTIME format.
7553 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7554 * should be use.
7555 */
Emeric Brunce5ad802012-10-22 14:11:22 +02007556static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007557smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02007558{
Emeric Brunba841a12014-04-30 17:05:08 +02007559 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02007560 X509 *crt = NULL;
7561 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007562 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007563 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007564 struct ssl_sock_ctx *ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02007565
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007566 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007567 if (!conn || conn->xprt != &ssl_sock)
7568 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007569 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007570
7571 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02007572 smp->flags |= SMP_F_MAY_CHANGE;
7573 return 0;
7574 }
7575
Emeric Brunba841a12014-04-30 17:05:08 +02007576 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007577 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007578 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007579 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02007580 if (!crt)
7581 goto out;
7582
Willy Tarreau47ca5452012-12-23 20:22:19 +01007583 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08007584 if (ssl_sock_get_time(X509_getm_notAfter(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02007585 goto out;
7586
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007587 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007588 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02007589 ret = 1;
7590out:
Emeric Brunba841a12014-04-30 17:05:08 +02007591 /* SSL_get_peer_certificate, it increase X509 * ref count */
7592 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02007593 X509_free(crt);
7594 return ret;
7595}
7596
Emeric Brunba841a12014-04-30 17:05:08 +02007597/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
7598 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7599 * should be use.
7600 */
Emeric Brun87855892012-10-17 17:39:35 +02007601static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007602smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02007603{
Emeric Brunba841a12014-04-30 17:05:08 +02007604 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02007605 X509 *crt = NULL;
7606 X509_NAME *name;
7607 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007608 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007609 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007610 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02007611
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007612 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007613 if (!conn || conn->xprt != &ssl_sock)
7614 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007615 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007616
7617 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02007618 smp->flags |= SMP_F_MAY_CHANGE;
7619 return 0;
7620 }
7621
Emeric Brunba841a12014-04-30 17:05:08 +02007622 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007623 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007624 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007625 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02007626 if (!crt)
7627 goto out;
7628
7629 name = X509_get_issuer_name(crt);
7630 if (!name)
7631 goto out;
7632
Willy Tarreau47ca5452012-12-23 20:22:19 +01007633 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02007634 if (args && args[0].type == ARGT_STR) {
7635 int pos = 1;
7636
7637 if (args[1].type == ARGT_SINT)
7638 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02007639
7640 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
7641 goto out;
7642 }
7643 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
7644 goto out;
7645
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007646 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007647 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02007648 ret = 1;
7649out:
Emeric Brunba841a12014-04-30 17:05:08 +02007650 /* SSL_get_peer_certificate, it increase X509 * ref count */
7651 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02007652 X509_free(crt);
7653 return ret;
7654}
7655
Emeric Brunba841a12014-04-30 17:05:08 +02007656/* string, returns notbefore date in ASN1_UTCTIME format.
7657 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7658 * should be use.
7659 */
Emeric Brunce5ad802012-10-22 14:11:22 +02007660static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007661smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02007662{
Emeric Brunba841a12014-04-30 17:05:08 +02007663 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02007664 X509 *crt = NULL;
7665 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007666 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007667 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007668 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007669
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007670 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007671 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02007672 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007673 ctx = conn->xprt_ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02007674
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007675 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02007676 smp->flags |= SMP_F_MAY_CHANGE;
7677 return 0;
7678 }
7679
Emeric Brunba841a12014-04-30 17:05:08 +02007680 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007681 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007682 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007683 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02007684 if (!crt)
7685 goto out;
7686
Willy Tarreau47ca5452012-12-23 20:22:19 +01007687 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08007688 if (ssl_sock_get_time(X509_getm_notBefore(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02007689 goto out;
7690
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007691 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007692 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02007693 ret = 1;
7694out:
Emeric Brunba841a12014-04-30 17:05:08 +02007695 /* SSL_get_peer_certificate, it increase X509 * ref count */
7696 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02007697 X509_free(crt);
7698 return ret;
7699}
7700
Emeric Brunba841a12014-04-30 17:05:08 +02007701/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
7702 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7703 * should be use.
7704 */
Emeric Brun87855892012-10-17 17:39:35 +02007705static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007706smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02007707{
Emeric Brunba841a12014-04-30 17:05:08 +02007708 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02007709 X509 *crt = NULL;
7710 X509_NAME *name;
7711 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007712 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007713 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007714 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02007715
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007716 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007717 if (!conn || conn->xprt != &ssl_sock)
7718 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007719 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007720
7721 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02007722 smp->flags |= SMP_F_MAY_CHANGE;
7723 return 0;
7724 }
7725
Emeric Brunba841a12014-04-30 17:05:08 +02007726 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007727 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007728 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007729 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02007730 if (!crt)
7731 goto out;
7732
7733 name = X509_get_subject_name(crt);
7734 if (!name)
7735 goto out;
7736
Willy Tarreau47ca5452012-12-23 20:22:19 +01007737 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02007738 if (args && args[0].type == ARGT_STR) {
7739 int pos = 1;
7740
7741 if (args[1].type == ARGT_SINT)
7742 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02007743
7744 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
7745 goto out;
7746 }
7747 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
7748 goto out;
7749
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007750 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007751 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02007752 ret = 1;
7753out:
Emeric Brunba841a12014-04-30 17:05:08 +02007754 /* SSL_get_peer_certificate, it increase X509 * ref count */
7755 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02007756 X509_free(crt);
7757 return ret;
7758}
Emeric Brun9143d372012-12-20 15:44:16 +01007759
7760/* integer, returns true if current session use a client certificate */
7761static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007762smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01007763{
7764 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007765 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007766 struct ssl_sock_ctx *ctx;
Emeric Brun9143d372012-12-20 15:44:16 +01007767
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007768 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007769 if (!conn || conn->xprt != &ssl_sock)
7770 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007771 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007772
7773 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01007774 smp->flags |= SMP_F_MAY_CHANGE;
7775 return 0;
7776 }
7777
7778 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007779 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun9143d372012-12-20 15:44:16 +01007780 if (crt) {
7781 X509_free(crt);
7782 }
7783
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007784 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007785 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01007786 return 1;
7787}
7788
Emeric Brunba841a12014-04-30 17:05:08 +02007789/* integer, returns the certificate version
7790 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7791 * should be use.
7792 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02007793static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007794smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007795{
Emeric Brunba841a12014-04-30 17:05:08 +02007796 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007797 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007798 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007799 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007800
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007801 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007802 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007803 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007804 ctx = conn->xprt_ctx;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007805
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007806 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02007807 smp->flags |= SMP_F_MAY_CHANGE;
7808 return 0;
7809 }
7810
Emeric Brunba841a12014-04-30 17:05:08 +02007811 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007812 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007813 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007814 crt = SSL_get_certificate(ctx->ssl);
Emeric Bruna7359fd2012-10-17 15:03:11 +02007815 if (!crt)
7816 return 0;
7817
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007818 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02007819 /* SSL_get_peer_certificate increase X509 * ref count */
7820 if (cert_peer)
7821 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007822 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007823
7824 return 1;
7825}
7826
Emeric Brunba841a12014-04-30 17:05:08 +02007827/* string, returns the certificate's signature algorithm.
7828 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7829 * should be use.
7830 */
Emeric Brun7f56e742012-10-19 18:15:40 +02007831static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007832smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02007833{
Emeric Brunba841a12014-04-30 17:05:08 +02007834 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02007835 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007836 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02007837 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007838 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007839 struct ssl_sock_ctx *ctx;
Emeric Brun7f56e742012-10-19 18:15:40 +02007840
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007841 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007842 if (!conn || conn->xprt != &ssl_sock)
7843 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007844 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007845
7846 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02007847 smp->flags |= SMP_F_MAY_CHANGE;
7848 return 0;
7849 }
7850
Emeric Brunba841a12014-04-30 17:05:08 +02007851 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007852 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007853 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007854 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun7f56e742012-10-19 18:15:40 +02007855 if (!crt)
7856 return 0;
7857
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007858 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
7859 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02007860
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007861 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7862 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007863 /* SSL_get_peer_certificate increase X509 * ref count */
7864 if (cert_peer)
7865 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007866 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007867 }
Emeric Brun7f56e742012-10-19 18:15:40 +02007868
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007869 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007870 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007871 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007872 /* SSL_get_peer_certificate increase X509 * ref count */
7873 if (cert_peer)
7874 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007875
7876 return 1;
7877}
7878
Emeric Brunba841a12014-04-30 17:05:08 +02007879/* string, returns the certificate's key algorithm.
7880 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7881 * should be use.
7882 */
Emeric Brun521a0112012-10-22 12:22:55 +02007883static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007884smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02007885{
Emeric Brunba841a12014-04-30 17:05:08 +02007886 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02007887 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007888 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02007889 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007890 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007891 struct ssl_sock_ctx *ctx;
Emeric Brun521a0112012-10-22 12:22:55 +02007892
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007893 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007894 if (!conn || conn->xprt != &ssl_sock)
7895 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007896 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007897
7898 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02007899 smp->flags |= SMP_F_MAY_CHANGE;
7900 return 0;
7901 }
7902
Emeric Brunba841a12014-04-30 17:05:08 +02007903 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007904 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007905 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007906 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun521a0112012-10-22 12:22:55 +02007907 if (!crt)
7908 return 0;
7909
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007910 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
7911 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02007912
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007913 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7914 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007915 /* SSL_get_peer_certificate increase X509 * ref count */
7916 if (cert_peer)
7917 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007918 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007919 }
Emeric Brun521a0112012-10-22 12:22:55 +02007920
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007921 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007922 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007923 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007924 if (cert_peer)
7925 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007926
7927 return 1;
7928}
7929
Emeric Brun645ae792014-04-30 14:21:06 +02007930/* boolean, returns true if front conn. transport layer is SSL.
7931 * This function is also usable on backend conn if the fetch keyword 5th
7932 * char is 'b'.
7933 */
Willy Tarreau7875d092012-09-10 08:20:03 +02007934static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007935smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007936{
Emeric Bruneb8def92018-02-19 15:59:48 +01007937 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7938 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007939
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007940 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007941 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02007942 return 1;
7943}
7944
Emeric Brun2525b6b2012-10-18 15:59:43 +02007945/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02007946static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007947smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007948{
7949#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007950 struct connection *conn = objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007951 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007952
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007953 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007954 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007955 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007956 SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02007957 return 1;
7958#else
7959 return 0;
7960#endif
7961}
7962
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007963/* boolean, returns true if client session has been resumed.
7964 * This function is also usable on backend conn if the fetch keyword 5th
7965 * char is 'b'.
7966 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007967static int
7968smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
7969{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007970 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7971 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007972 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007973
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007974
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007975 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007976 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007977 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007978 SSL_session_reused(ctx->ssl);
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007979 return 1;
7980}
7981
Emeric Brun645ae792014-04-30 14:21:06 +02007982/* string, returns the used cipher if front conn. transport layer is SSL.
7983 * This function is also usable on backend conn if the fetch keyword 5th
7984 * char is 'b'.
7985 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007986static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007987smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007988{
Emeric Bruneb8def92018-02-19 15:59:48 +01007989 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7990 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007991 struct ssl_sock_ctx *ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007992
Willy Tarreaube508f12016-03-10 11:47:01 +01007993 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007994 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007995 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007996 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007997
Olivier Houchard66ab4982019-02-26 18:37:15 +01007998 smp->data.u.str.area = (char *)SSL_get_cipher_name(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007999 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02008000 return 0;
8001
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008002 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008003 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008004 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02008005
8006 return 1;
8007}
8008
Emeric Brun645ae792014-04-30 14:21:06 +02008009/* integer, returns the algoritm's keysize if front conn. transport layer
8010 * is SSL.
8011 * This function is also usable on backend conn if the fetch keyword 5th
8012 * char is 'b'.
8013 */
Emeric Brun589fcad2012-10-16 14:13:26 +02008014static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008015smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02008016{
Emeric Bruneb8def92018-02-19 15:59:48 +01008017 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8018 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008019 struct ssl_sock_ctx *ctx;
Willy Tarreaue237fe12016-03-10 17:05:28 +01008020 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01008021
Emeric Brun589fcad2012-10-16 14:13:26 +02008022 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008023 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02008024 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008025 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02008026
Olivier Houchard66ab4982019-02-26 18:37:15 +01008027 if (!SSL_get_cipher_bits(ctx->ssl, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008028 return 0;
8029
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02008030 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008031 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02008032
8033 return 1;
8034}
8035
Emeric Brun645ae792014-04-30 14:21:06 +02008036/* integer, returns the used keysize if front conn. transport layer is SSL.
8037 * This function is also usable on backend conn if the fetch keyword 5th
8038 * char is 'b'.
8039 */
Emeric Brun589fcad2012-10-16 14:13:26 +02008040static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008041smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02008042{
Emeric Bruneb8def92018-02-19 15:59:48 +01008043 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8044 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008045 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01008046
Emeric Brun589fcad2012-10-16 14:13:26 +02008047 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008048 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8049 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008050 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008051
Olivier Houchard66ab4982019-02-26 18:37:15 +01008052 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(ctx->ssl, NULL);
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02008053 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02008054 return 0;
8055
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008056 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02008057
8058 return 1;
8059}
8060
Bernard Spil13c53f82018-02-15 13:34:58 +01008061#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau7875d092012-09-10 08:20:03 +02008062static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008063smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02008064{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008065 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008066 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008067
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008068 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008069 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02008070
Olivier Houchard6b77f492018-11-22 18:18:29 +01008071 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
8072 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008073 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8074 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008075 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008076
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008077 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008078 SSL_get0_next_proto_negotiated(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008079 (const unsigned char **)&smp->data.u.str.area,
8080 (unsigned *)&smp->data.u.str.data);
Willy Tarreaua33c6542012-10-15 13:19:06 +02008081
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008082 if (!smp->data.u.str.area)
Willy Tarreaua33c6542012-10-15 13:19:06 +02008083 return 0;
8084
8085 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02008086}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008087#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02008088
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008089#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02008090static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008091smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02008092{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008093 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008094 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008095
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008096 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008097 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02008098
Olivier Houchard6b77f492018-11-22 18:18:29 +01008099 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
8100 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
8101
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008102 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02008103 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008104 ctx = conn->xprt_ctx;
Willy Tarreauab861d32013-04-02 02:30:41 +02008105
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008106 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008107 SSL_get0_alpn_selected(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008108 (const unsigned char **)&smp->data.u.str.area,
8109 (unsigned *)&smp->data.u.str.data);
Willy Tarreauab861d32013-04-02 02:30:41 +02008110
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008111 if (!smp->data.u.str.area)
Willy Tarreauab861d32013-04-02 02:30:41 +02008112 return 0;
8113
8114 return 1;
8115}
8116#endif
8117
Emeric Brun645ae792014-04-30 14:21:06 +02008118/* string, returns the used protocol if front conn. transport layer is SSL.
8119 * This function is also usable on backend conn if the fetch keyword 5th
8120 * char is 'b'.
8121 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02008122static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008123smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02008124{
Emeric Bruneb8def92018-02-19 15:59:48 +01008125 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8126 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008127 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01008128
Emeric Brun589fcad2012-10-16 14:13:26 +02008129 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008130 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8131 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008132 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008133
Olivier Houchard66ab4982019-02-26 18:37:15 +01008134 smp->data.u.str.area = (char *)SSL_get_version(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008135 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02008136 return 0;
8137
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008138 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008139 smp->flags = SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008140 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02008141
8142 return 1;
8143}
8144
Willy Tarreau87b09662015-04-03 00:22:06 +02008145/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02008146 * This function is also usable on backend conn if the fetch keyword 5th
8147 * char is 'b'.
8148 */
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008149#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun589fcad2012-10-16 14:13:26 +02008150static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008151smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02008152{
Emeric Bruneb8def92018-02-19 15:59:48 +01008153 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8154 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01008155 SSL_SESSION *ssl_sess;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008156 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01008157
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008158 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008159 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02008160
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008161 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8162 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008163 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008164
Olivier Houchard66ab4982019-02-26 18:37:15 +01008165 ssl_sess = SSL_get_session(ctx->ssl);
Willy Tarreau192252e2015-04-04 01:47:55 +02008166 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02008167 return 0;
8168
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008169 smp->data.u.str.area = (char *)SSL_SESSION_get_id(ssl_sess,
8170 (unsigned int *)&smp->data.u.str.data);
8171 if (!smp->data.u.str.area || !smp->data.u.str.data)
Emeric Brunfe68f682012-10-16 14:59:28 +02008172 return 0;
8173
8174 return 1;
Emeric Brunfe68f682012-10-16 14:59:28 +02008175}
Patrick Hemmer41966772018-04-28 19:15:48 -04008176#endif
8177
Emeric Brunfe68f682012-10-16 14:59:28 +02008178
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008179#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmere0275472018-04-28 19:15:51 -04008180static int
Patrick Hemmer65674662019-06-04 08:13:03 -04008181smp_fetch_ssl_fc_random(const struct arg *args, struct sample *smp, const char *kw, void *private)
8182{
8183 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8184 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
8185 struct buffer *data;
8186 struct ssl_sock_ctx *ctx;
8187
8188 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8189 return 0;
8190 ctx = conn->xprt_ctx;
8191
8192 data = get_trash_chunk();
8193 if (kw[7] == 'c')
8194 data->data = SSL_get_client_random(ctx->ssl,
8195 (unsigned char *) data->area,
8196 data->size);
8197 else
8198 data->data = SSL_get_server_random(ctx->ssl,
8199 (unsigned char *) data->area,
8200 data->size);
8201 if (!data->data)
8202 return 0;
8203
8204 smp->flags = 0;
8205 smp->data.type = SMP_T_BIN;
8206 smp->data.u.str = *data;
8207
8208 return 1;
8209}
8210
8211static int
Patrick Hemmere0275472018-04-28 19:15:51 -04008212smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
8213{
8214 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8215 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
8216 SSL_SESSION *ssl_sess;
Willy Tarreau83061a82018-07-13 11:56:34 +02008217 struct buffer *data;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008218 struct ssl_sock_ctx *ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04008219
8220 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8221 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008222 ctx = conn->xprt_ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04008223
Olivier Houchard66ab4982019-02-26 18:37:15 +01008224 ssl_sess = SSL_get_session(ctx->ssl);
Patrick Hemmere0275472018-04-28 19:15:51 -04008225 if (!ssl_sess)
8226 return 0;
8227
8228 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008229 data->data = SSL_SESSION_get_master_key(ssl_sess,
8230 (unsigned char *) data->area,
8231 data->size);
8232 if (!data->data)
Patrick Hemmere0275472018-04-28 19:15:51 -04008233 return 0;
8234
8235 smp->flags = 0;
8236 smp->data.type = SMP_T_BIN;
8237 smp->data.u.str = *data;
8238
8239 return 1;
8240}
8241#endif
8242
Patrick Hemmer41966772018-04-28 19:15:48 -04008243#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emeric Brunfe68f682012-10-16 14:59:28 +02008244static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008245smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02008246{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008247 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008248 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008249
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008250 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008251 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02008252
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008253 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008254 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8255 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008256 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008257
Olivier Houchard66ab4982019-02-26 18:37:15 +01008258 smp->data.u.str.area = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008259 if (!smp->data.u.str.area)
Willy Tarreau3e394c92012-09-14 23:56:58 +02008260 return 0;
8261
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008262 smp->data.u.str.data = strlen(smp->data.u.str.area);
Willy Tarreau7875d092012-09-10 08:20:03 +02008263 return 1;
Willy Tarreau7875d092012-09-10 08:20:03 +02008264}
Patrick Hemmer41966772018-04-28 19:15:48 -04008265#endif
Willy Tarreau7875d092012-09-10 08:20:03 +02008266
David Sc1ad52e2014-04-08 18:48:47 -04008267static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008268smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
8269{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008270 struct connection *conn;
8271 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008272 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008273
8274 conn = objt_conn(smp->sess->origin);
8275 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8276 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008277 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008278
Olivier Houchard66ab4982019-02-26 18:37:15 +01008279 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008280 if (!capture)
8281 return 0;
8282
8283 smp->flags = SMP_F_CONST;
8284 smp->data.type = SMP_T_BIN;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008285 smp->data.u.str.area = capture->ciphersuite;
8286 smp->data.u.str.data = capture->ciphersuite_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008287 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008288}
8289
8290static int
8291smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
8292{
Willy Tarreau83061a82018-07-13 11:56:34 +02008293 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008294
8295 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
8296 return 0;
8297
8298 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008299 dump_binary(data, smp->data.u.str.area, smp->data.u.str.data);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008300 smp->data.type = SMP_T_BIN;
8301 smp->data.u.str = *data;
8302 return 1;
8303}
8304
8305static int
8306smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
8307{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008308 struct connection *conn;
8309 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008310 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008311
8312 conn = objt_conn(smp->sess->origin);
8313 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8314 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008315 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008316
Olivier Houchard66ab4982019-02-26 18:37:15 +01008317 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008318 if (!capture)
8319 return 0;
8320
8321 smp->data.type = SMP_T_SINT;
8322 smp->data.u.sint = capture->xxh64;
8323 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008324}
8325
8326static int
8327smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
8328{
Willy Tarreau5db847a2019-05-09 14:13:35 +02008329#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL)
Willy Tarreau83061a82018-07-13 11:56:34 +02008330 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008331 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008332
8333 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
8334 return 0;
8335
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008336 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008337 for (i = 0; i + 1 < smp->data.u.str.data; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02008338 const char *str;
8339 const SSL_CIPHER *cipher;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008340 const unsigned char *bin = (const unsigned char *) smp->data.u.str.area + i;
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02008341 uint16_t id = (bin[0] << 8) | bin[1];
8342#if defined(OPENSSL_IS_BORINGSSL)
8343 cipher = SSL_get_cipher_by_value(id);
8344#else
Willy Tarreaub7290772018-10-15 11:01:59 +02008345 struct connection *conn = __objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01008346 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
8347 cipher = SSL_CIPHER_find(ctx->ssl, bin);
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02008348#endif
8349 str = SSL_CIPHER_get_name(cipher);
8350 if (!str || strcmp(str, "(NONE)") == 0)
8351 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008352 else
8353 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
8354 }
8355 smp->data.type = SMP_T_STR;
8356 smp->data.u.str = *data;
8357 return 1;
8358#else
8359 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
8360#endif
8361}
8362
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008363#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008364static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008365smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04008366{
Emeric Bruneb8def92018-02-19 15:59:48 +01008367 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
8368 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04008369 int finished_len;
Willy Tarreau83061a82018-07-13 11:56:34 +02008370 struct buffer *finished_trash;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008371 struct ssl_sock_ctx *ctx;
David Sc1ad52e2014-04-08 18:48:47 -04008372
8373 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04008374 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
8375 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008376 ctx = conn->xprt_ctx;
David Sc1ad52e2014-04-08 18:48:47 -04008377
8378 if (!(conn->flags & CO_FL_CONNECTED)) {
8379 smp->flags |= SMP_F_MAY_CHANGE;
8380 return 0;
8381 }
8382
8383 finished_trash = get_trash_chunk();
Olivier Houchard66ab4982019-02-26 18:37:15 +01008384 if (!SSL_session_reused(ctx->ssl))
8385 finished_len = SSL_get_peer_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008386 finished_trash->area,
8387 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04008388 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01008389 finished_len = SSL_get_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008390 finished_trash->area,
8391 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04008392
8393 if (!finished_len)
8394 return 0;
8395
Willy Tarreau843b7cb2018-07-13 10:54:26 +02008396 finished_trash->data = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02008397 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008398 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04008399
8400 return 1;
David Sc1ad52e2014-04-08 18:48:47 -04008401}
Patrick Hemmer41966772018-04-28 19:15:48 -04008402#endif
David Sc1ad52e2014-04-08 18:48:47 -04008403
Emeric Brun2525b6b2012-10-18 15:59:43 +02008404/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02008405static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008406smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02008407{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008408 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008409 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008410
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008411 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008412 if (!conn || conn->xprt != &ssl_sock)
8413 return 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008414 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008415
8416 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02008417 smp->flags = SMP_F_MAY_CHANGE;
8418 return 0;
8419 }
8420
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008421 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008422 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02008423 smp->flags = 0;
8424
8425 return 1;
8426}
8427
Emeric Brun2525b6b2012-10-18 15:59:43 +02008428/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02008429static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008430smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02008431{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008432 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008433 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008434
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008435 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008436 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02008437 return 0;
8438
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008439 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02008440 smp->flags = SMP_F_MAY_CHANGE;
8441 return 0;
8442 }
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008443 ctx = conn->xprt_ctx;
Emeric Brunf282a812012-09-21 15:27:54 +02008444
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008445 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008446 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02008447 smp->flags = 0;
8448
8449 return 1;
8450}
8451
Emeric Brun2525b6b2012-10-18 15:59:43 +02008452/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02008453static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008454smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02008455{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008456 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008457 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008458
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008459 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008460 if (!conn || conn->xprt != &ssl_sock)
8461 return 0;
8462
8463 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02008464 smp->flags = SMP_F_MAY_CHANGE;
8465 return 0;
8466 }
8467
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008468 ctx = conn->xprt_ctx;
8469
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008470 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01008471 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02008472 smp->flags = 0;
8473
8474 return 1;
8475}
8476
Emeric Brun2525b6b2012-10-18 15:59:43 +02008477/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008478static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02008479smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008480{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008481 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008482 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008483
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02008484 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008485 if (!conn || conn->xprt != &ssl_sock)
8486 return 0;
8487
8488 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008489 smp->flags = SMP_F_MAY_CHANGE;
8490 return 0;
8491 }
8492
Willy Tarreaub363a1f2013-10-01 10:45:07 +02008493 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008494 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008495 ctx = conn->xprt_ctx;
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008496
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02008497 smp->data.type = SMP_T_SINT;
Olivier Houchard66ab4982019-02-26 18:37:15 +01008498 smp->data.u.sint = (long long int)SSL_get_verify_result(ctx->ssl);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02008499 smp->flags = 0;
8500
8501 return 1;
8502}
8503
Emeric Brunfb510ea2012-10-05 12:00:26 +02008504/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008505static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008506{
8507 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008508 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
Emeric Brund94b3fe2012-09-20 18:23:56 +02008509 return ERR_ALERT | ERR_FATAL;
8510 }
8511
Willy Tarreauef934602016-12-22 23:12:01 +01008512 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
8513 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008514 else
8515 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02008516
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +02008517 if (!ssl_store_load_locations_file(conf->ca_file)) {
8518 memprintf(err, "'%s' : unable to load %s", args[cur_arg], conf->ca_file);
8519 return ERR_ALERT | ERR_FATAL;
8520 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02008521 return 0;
8522}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008523static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8524{
8525 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
8526}
Emeric Brund94b3fe2012-09-20 18:23:56 +02008527
Christopher Faulet31af49d2015-06-09 17:29:50 +02008528/* parse the "ca-sign-file" bind keyword */
8529static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8530{
8531 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008532 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02008533 return ERR_ALERT | ERR_FATAL;
8534 }
8535
Willy Tarreauef934602016-12-22 23:12:01 +01008536 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
8537 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02008538 else
8539 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
8540
8541 return 0;
8542}
8543
Bertrand Jacquinff13c062016-11-13 16:37:11 +00008544/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02008545static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8546{
8547 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008548 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02008549 return ERR_ALERT | ERR_FATAL;
8550 }
8551 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
8552 return 0;
8553}
8554
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008555/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008556static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008557{
8558 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02008559 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008560 return ERR_ALERT | ERR_FATAL;
8561 }
8562
Emeric Brun76d88952012-10-05 15:47:31 +02008563 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02008564 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008565 return 0;
8566}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008567static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8568{
8569 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
8570}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008571
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008572#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008573/* parse the "ciphersuites" bind keyword */
8574static int ssl_bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8575{
8576 if (!*args[cur_arg + 1]) {
8577 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
8578 return ERR_ALERT | ERR_FATAL;
8579 }
8580
8581 free(conf->ciphersuites);
8582 conf->ciphersuites = strdup(args[cur_arg + 1]);
8583 return 0;
8584}
8585static int bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8586{
8587 return ssl_bind_parse_ciphersuites(args, cur_arg, px, &conf->ssl_conf, err);
8588}
8589#endif
8590
Willy Tarreaubbc91962019-10-16 16:42:19 +02008591/* parse the "crt" bind keyword. Returns a set of ERR_* flags possibly with an error in <err>. */
Willy Tarreau4348fad2012-09-20 16:48:07 +02008592static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008593{
Willy Tarreau38011032013-08-13 16:59:39 +02008594 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02008595
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008596 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02008597 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008598 return ERR_ALERT | ERR_FATAL;
8599 }
8600
Willy Tarreauef934602016-12-22 23:12:01 +01008601 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
8602 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02008603 memprintf(err, "'%s' : path too long", args[cur_arg]);
8604 return ERR_ALERT | ERR_FATAL;
8605 }
Willy Tarreauef934602016-12-22 23:12:01 +01008606 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreaubbc91962019-10-16 16:42:19 +02008607 return ssl_sock_load_cert(path, conf, err);
Emeric Brunc8e8d122012-10-02 18:42:10 +02008608 }
8609
Willy Tarreaubbc91962019-10-16 16:42:19 +02008610 return ssl_sock_load_cert(args[cur_arg + 1], conf, err);
Emeric Brund94b3fe2012-09-20 18:23:56 +02008611}
8612
Willy Tarreaubbc91962019-10-16 16:42:19 +02008613/* parse the "crt-list" bind keyword. Returns a set of ERR_* flags possibly with an error in <err>. */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008614static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8615{
Willy Tarreaubbc91962019-10-16 16:42:19 +02008616 int err_code;
8617
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008618 if (!*args[cur_arg + 1]) {
8619 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
8620 return ERR_ALERT | ERR_FATAL;
8621 }
8622
Willy Tarreaubbc91962019-10-16 16:42:19 +02008623 err_code = ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err);
8624 if (err_code)
Willy Tarreauad1731d2013-04-02 17:35:58 +02008625 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008626
Willy Tarreaubbc91962019-10-16 16:42:19 +02008627 return err_code;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01008628}
8629
Emeric Brunfb510ea2012-10-05 12:00:26 +02008630/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008631static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008632{
Emeric Brun051cdab2012-10-02 19:25:50 +02008633#ifndef X509_V_FLAG_CRL_CHECK
Tim Duesterhus93128532019-11-23 23:45:10 +01008634 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
Emeric Brun051cdab2012-10-02 19:25:50 +02008635 return ERR_ALERT | ERR_FATAL;
8636#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02008637 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008638 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
Emeric Brund94b3fe2012-09-20 18:23:56 +02008639 return ERR_ALERT | ERR_FATAL;
8640 }
Emeric Brun2b58d042012-09-20 17:10:03 +02008641
Willy Tarreauef934602016-12-22 23:12:01 +01008642 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
8643 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008644 else
8645 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02008646
Emmanuel Hocdetb270e812019-11-21 19:09:31 +01008647 if (!ssl_store_load_locations_file(conf->crl_file)) {
8648 memprintf(err, "'%s' : unable to load %s", args[cur_arg], conf->crl_file);
8649 return ERR_ALERT | ERR_FATAL;
8650 }
Emeric Brun2b58d042012-09-20 17:10:03 +02008651 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02008652#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02008653}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008654static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8655{
8656 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
8657}
Emeric Brun2b58d042012-09-20 17:10:03 +02008658
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008659/* parse the "curves" bind keyword keyword */
8660static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8661{
Lukas Tribusd14b49c2019-11-24 18:20:40 +01008662#if ((HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL) || defined(LIBRESSL_VERSION_NUMBER))
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008663 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008664 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008665 return ERR_ALERT | ERR_FATAL;
8666 }
8667 conf->curves = strdup(args[cur_arg + 1]);
8668 return 0;
8669#else
Tim Duesterhus93128532019-11-23 23:45:10 +01008670 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008671 return ERR_ALERT | ERR_FATAL;
8672#endif
8673}
8674static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8675{
8676 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
8677}
8678
Bertrand Jacquinff13c062016-11-13 16:37:11 +00008679/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008680static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02008681{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008682#if HA_OPENSSL_VERSION_NUMBER < 0x0090800fL
Tim Duesterhus93128532019-11-23 23:45:10 +01008683 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
Emeric Brun2b58d042012-09-20 17:10:03 +02008684 return ERR_ALERT | ERR_FATAL;
8685#elif defined(OPENSSL_NO_ECDH)
Tim Duesterhus93128532019-11-23 23:45:10 +01008686 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
Emeric Brun2b58d042012-09-20 17:10:03 +02008687 return ERR_ALERT | ERR_FATAL;
8688#else
8689 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008690 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
Emeric Brun2b58d042012-09-20 17:10:03 +02008691 return ERR_ALERT | ERR_FATAL;
8692 }
8693
8694 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008695
8696 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02008697#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008698}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008699static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8700{
8701 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
8702}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008703
Bertrand Jacquinff13c062016-11-13 16:37:11 +00008704/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02008705static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8706{
8707 int code;
8708 char *p = args[cur_arg + 1];
8709 unsigned long long *ignerr = &conf->crt_ignerr;
8710
8711 if (!*p) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008712 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
Emeric Brun81c00f02012-09-21 14:31:21 +02008713 return ERR_ALERT | ERR_FATAL;
8714 }
8715
8716 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
8717 ignerr = &conf->ca_ignerr;
8718
8719 if (strcmp(p, "all") == 0) {
8720 *ignerr = ~0ULL;
8721 return 0;
8722 }
8723
8724 while (p) {
8725 code = atoi(p);
8726 if ((code <= 0) || (code > 63)) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008727 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
8728 args[cur_arg], code, args[cur_arg + 1]);
Emeric Brun81c00f02012-09-21 14:31:21 +02008729 return ERR_ALERT | ERR_FATAL;
8730 }
8731 *ignerr |= 1ULL << code;
8732 p = strchr(p, ',');
8733 if (p)
8734 p++;
8735 }
8736
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008737 return 0;
8738}
8739
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008740/* parse tls_method_options "no-xxx" and "force-xxx" */
8741static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008742{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008743 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008744 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008745 p = strchr(arg, '-');
8746 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008747 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008748 p++;
8749 if (!strcmp(p, "sslv3"))
8750 v = CONF_SSLV3;
8751 else if (!strcmp(p, "tlsv10"))
8752 v = CONF_TLSV10;
8753 else if (!strcmp(p, "tlsv11"))
8754 v = CONF_TLSV11;
8755 else if (!strcmp(p, "tlsv12"))
8756 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008757 else if (!strcmp(p, "tlsv13"))
8758 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008759 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008760 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008761 if (!strncmp(arg, "no-", 3))
8762 methods->flags |= methodVersions[v].flag;
8763 else if (!strncmp(arg, "force-", 6))
8764 methods->min = methods->max = v;
8765 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008766 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008767 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008768 fail:
Tim Duesterhus93128532019-11-23 23:45:10 +01008769 memprintf(err, "'%s' : option not implemented", arg);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008770 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008771}
8772
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008773static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008774{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008775 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008776}
8777
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008778static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008779{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008780 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
8781}
8782
8783/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
8784static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
8785{
8786 uint16_t i, v = 0;
8787 char *argv = args[cur_arg + 1];
8788 if (!*argv) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008789 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008790 return ERR_ALERT | ERR_FATAL;
8791 }
8792 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
8793 if (!strcmp(argv, methodVersions[i].name))
8794 v = i;
8795 if (!v) {
Tim Duesterhus93128532019-11-23 23:45:10 +01008796 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008797 return ERR_ALERT | ERR_FATAL;
8798 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008799 if (!strcmp("ssl-min-ver", args[cur_arg]))
8800 methods->min = v;
8801 else if (!strcmp("ssl-max-ver", args[cur_arg]))
8802 methods->max = v;
8803 else {
Tim Duesterhus93128532019-11-23 23:45:10 +01008804 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008805 return ERR_ALERT | ERR_FATAL;
8806 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008807 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008808}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008809
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008810static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8811{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008812#if (HA_OPENSSL_VERSION_NUMBER < 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01008813 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008814#endif
8815 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
8816}
8817
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008818static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8819{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008820 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008821}
8822
8823static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8824{
8825 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
8826}
8827
Emeric Brun2d0c4822012-10-02 13:45:20 +02008828/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008829static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02008830{
Emeric Brun89675492012-10-05 13:48:26 +02008831 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02008832 return 0;
8833}
Emeric Brun2d0c4822012-10-02 13:45:20 +02008834
Olivier Houchardc2aae742017-09-22 18:26:28 +02008835/* parse the "allow-0rtt" bind keyword */
8836static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8837{
8838 conf->early_data = 1;
8839 return 0;
8840}
8841
8842static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8843{
Olivier Houchard9679ac92017-10-27 14:58:08 +02008844 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02008845 return 0;
8846}
8847
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008848/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008849static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008850{
Bernard Spil13c53f82018-02-15 13:34:58 +01008851#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008852 char *p1, *p2;
8853
8854 if (!*args[cur_arg + 1]) {
8855 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
8856 return ERR_ALERT | ERR_FATAL;
8857 }
8858
8859 free(conf->npn_str);
8860
Willy Tarreau3724da12016-02-12 17:11:12 +01008861 /* the NPN string is built as a suite of (<len> <name>)*,
8862 * so we reuse each comma to store the next <len> and need
8863 * one more for the end of the string.
8864 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008865 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01008866 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008867 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
8868
8869 /* replace commas with the name length */
8870 p1 = conf->npn_str;
8871 p2 = p1 + 1;
8872 while (1) {
8873 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
8874 if (!p2)
8875 p2 = p1 + 1 + strlen(p1 + 1);
8876
8877 if (p2 - (p1 + 1) > 255) {
8878 *p2 = '\0';
8879 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8880 return ERR_ALERT | ERR_FATAL;
8881 }
8882
8883 *p1 = p2 - (p1 + 1);
8884 p1 = p2;
8885
8886 if (!*p2)
8887 break;
8888
8889 *(p2++) = '\0';
8890 }
8891 return 0;
8892#else
Tim Duesterhus93128532019-11-23 23:45:10 +01008893 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008894 return ERR_ALERT | ERR_FATAL;
8895#endif
8896}
8897
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008898static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8899{
8900 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
8901}
8902
Willy Tarreauab861d32013-04-02 02:30:41 +02008903/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008904static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02008905{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008906#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02008907 char *p1, *p2;
8908
8909 if (!*args[cur_arg + 1]) {
8910 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
8911 return ERR_ALERT | ERR_FATAL;
8912 }
8913
8914 free(conf->alpn_str);
8915
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008916 /* the ALPN string is built as a suite of (<len> <name>)*,
8917 * so we reuse each comma to store the next <len> and need
8918 * one more for the end of the string.
8919 */
Willy Tarreauab861d32013-04-02 02:30:41 +02008920 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008921 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02008922 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
8923
8924 /* replace commas with the name length */
8925 p1 = conf->alpn_str;
8926 p2 = p1 + 1;
8927 while (1) {
8928 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
8929 if (!p2)
8930 p2 = p1 + 1 + strlen(p1 + 1);
8931
8932 if (p2 - (p1 + 1) > 255) {
8933 *p2 = '\0';
8934 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8935 return ERR_ALERT | ERR_FATAL;
8936 }
8937
8938 *p1 = p2 - (p1 + 1);
8939 p1 = p2;
8940
8941 if (!*p2)
8942 break;
8943
8944 *(p2++) = '\0';
8945 }
8946 return 0;
8947#else
Tim Duesterhus93128532019-11-23 23:45:10 +01008948 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
Willy Tarreauab861d32013-04-02 02:30:41 +02008949 return ERR_ALERT | ERR_FATAL;
8950#endif
8951}
8952
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008953static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8954{
8955 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
8956}
8957
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008958/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02008959static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008960{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01008961 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02008962 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02008963
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008964 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
8965 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008966#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008967 if (global_ssl.listen_default_ciphersuites && !conf->ssl_conf.ciphersuites)
8968 conf->ssl_conf.ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
8969#endif
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008970 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008971 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
8972 if (!conf->ssl_conf.ssl_methods.min)
8973 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
8974 if (!conf->ssl_conf.ssl_methods.max)
8975 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02008976
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008977 return 0;
8978}
8979
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008980/* parse the "prefer-client-ciphers" bind keyword */
8981static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8982{
8983 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
8984 return 0;
8985}
8986
Christopher Faulet31af49d2015-06-09 17:29:50 +02008987/* parse the "generate-certificates" bind keyword */
8988static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8989{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008990#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02008991 conf->generate_certs = 1;
8992#else
8993 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
8994 err && *err ? *err : "");
8995#endif
8996 return 0;
8997}
8998
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008999/* parse the "strict-sni" bind keyword */
9000static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
9001{
9002 conf->strict_sni = 1;
9003 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009004}
9005
9006/* parse the "tls-ticket-keys" bind keyword */
9007static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
9008{
9009#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Christopher Faulete566f3d2019-10-21 09:55:49 +02009010 FILE *f = NULL;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009011 int i = 0;
9012 char thisline[LINESIZE];
Christopher Faulete566f3d2019-10-21 09:55:49 +02009013 struct tls_keys_ref *keys_ref = NULL;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009014
9015 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009016 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009017 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009018 }
9019
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02009020 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02009021 if (keys_ref) {
9022 keys_ref->refcount++;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02009023 conf->keys_ref = keys_ref;
9024 return 0;
9025 }
9026
Christopher Faulete566f3d2019-10-21 09:55:49 +02009027 keys_ref = calloc(1, sizeof(*keys_ref));
Emeric Brun09852f72019-01-10 10:51:13 +01009028 if (!keys_ref) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009029 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009030 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01009031 }
9032
Emeric Brun9e754772019-01-10 17:51:55 +01009033 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(union tls_sess_key));
Emeric Brun09852f72019-01-10 10:51:13 +01009034 if (!keys_ref->tlskeys) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009035 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009036 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01009037 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009038
9039 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009040 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009041 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009042 }
9043
Nenad Merdanovic146defa2015-05-09 08:46:00 +02009044 keys_ref->filename = strdup(args[cur_arg + 1]);
Emeric Brun09852f72019-01-10 10:51:13 +01009045 if (!keys_ref->filename) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009046 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009047 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01009048 }
Nenad Merdanovic146defa2015-05-09 08:46:00 +02009049
Emeric Brun9e754772019-01-10 17:51:55 +01009050 keys_ref->key_size_bits = 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009051 while (fgets(thisline, sizeof(thisline), f) != NULL) {
9052 int len = strlen(thisline);
Emeric Brun9e754772019-01-10 17:51:55 +01009053 int dec_size;
9054
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009055 /* Strip newline characters from the end */
9056 if(thisline[len - 1] == '\n')
9057 thisline[--len] = 0;
9058
9059 if(thisline[len - 1] == '\r')
9060 thisline[--len] = 0;
9061
Emeric Brun9e754772019-01-10 17:51:55 +01009062 dec_size = base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(union tls_sess_key));
9063 if (dec_size < 0) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009064 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009065 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009066 }
Emeric Brun9e754772019-01-10 17:51:55 +01009067 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_128))) {
9068 keys_ref->key_size_bits = 128;
9069 }
9070 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_256))) {
9071 keys_ref->key_size_bits = 256;
9072 }
9073 else if (((dec_size != sizeof(struct tls_sess_key_128)) && (dec_size != sizeof(struct tls_sess_key_256)))
9074 || ((dec_size == sizeof(struct tls_sess_key_128) && (keys_ref->key_size_bits != 128)))
9075 || ((dec_size == sizeof(struct tls_sess_key_256) && (keys_ref->key_size_bits != 256)))) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009076 memprintf(err, "'%s' : wrong sized key on line %d", args[cur_arg+1], i + 1);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009077 goto fail;
Emeric Brun9e754772019-01-10 17:51:55 +01009078 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009079 i++;
9080 }
9081
9082 if (i < TLS_TICKETS_NO) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009083 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
Christopher Faulete566f3d2019-10-21 09:55:49 +02009084 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009085 }
9086
9087 fclose(f);
9088
9089 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01009090 i -= 2;
9091 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02009092 keys_ref->unique_id = -1;
Willy Tarreau17b4aa12018-07-17 10:05:32 +02009093 keys_ref->refcount = 1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01009094 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02009095 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009096
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02009097 LIST_ADD(&tlskeys_reference, &keys_ref->list);
9098
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009099 return 0;
Christopher Faulete566f3d2019-10-21 09:55:49 +02009100
9101 fail:
9102 if (f)
9103 fclose(f);
9104 if (keys_ref) {
9105 free(keys_ref->filename);
9106 free(keys_ref->tlskeys);
9107 free(keys_ref);
9108 }
9109 return ERR_ALERT | ERR_FATAL;
9110
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009111#else
Tim Duesterhus93128532019-11-23 23:45:10 +01009112 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01009113 return ERR_ALERT | ERR_FATAL;
9114#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01009115}
9116
Emeric Brund94b3fe2012-09-20 18:23:56 +02009117/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009118static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02009119{
9120 if (!*args[cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009121 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
Emeric Brund94b3fe2012-09-20 18:23:56 +02009122 return ERR_ALERT | ERR_FATAL;
9123 }
9124
9125 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009126 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02009127 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009128 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02009129 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009130 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02009131 else {
Tim Duesterhus93128532019-11-23 23:45:10 +01009132 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
9133 args[cur_arg], args[cur_arg + 1]);
Emeric Brund94b3fe2012-09-20 18:23:56 +02009134 return ERR_ALERT | ERR_FATAL;
9135 }
9136
9137 return 0;
9138}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009139static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
9140{
9141 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
9142}
Emeric Brund94b3fe2012-09-20 18:23:56 +02009143
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009144/* parse the "no-ca-names" bind keyword */
9145static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
9146{
9147 conf->no_ca_names = 1;
9148 return 0;
9149}
9150static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
9151{
9152 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
9153}
9154
Willy Tarreau92faadf2012-10-10 23:04:25 +02009155/************** "server" keywords ****************/
9156
Olivier Houchardc7566002018-11-20 23:33:50 +01009157/* parse the "npn" bind keyword */
9158static int srv_parse_npn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9159{
9160#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
9161 char *p1, *p2;
9162
9163 if (!*args[*cur_arg + 1]) {
9164 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[*cur_arg]);
9165 return ERR_ALERT | ERR_FATAL;
9166 }
9167
9168 free(newsrv->ssl_ctx.npn_str);
9169
9170 /* the NPN string is built as a suite of (<len> <name>)*,
9171 * so we reuse each comma to store the next <len> and need
9172 * one more for the end of the string.
9173 */
9174 newsrv->ssl_ctx.npn_len = strlen(args[*cur_arg + 1]) + 1;
9175 newsrv->ssl_ctx.npn_str = calloc(1, newsrv->ssl_ctx.npn_len + 1);
9176 memcpy(newsrv->ssl_ctx.npn_str + 1, args[*cur_arg + 1],
9177 newsrv->ssl_ctx.npn_len);
9178
9179 /* replace commas with the name length */
9180 p1 = newsrv->ssl_ctx.npn_str;
9181 p2 = p1 + 1;
9182 while (1) {
9183 p2 = memchr(p1 + 1, ',', newsrv->ssl_ctx.npn_str +
9184 newsrv->ssl_ctx.npn_len - (p1 + 1));
9185 if (!p2)
9186 p2 = p1 + 1 + strlen(p1 + 1);
9187
9188 if (p2 - (p1 + 1) > 255) {
9189 *p2 = '\0';
9190 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
9191 return ERR_ALERT | ERR_FATAL;
9192 }
9193
9194 *p1 = p2 - (p1 + 1);
9195 p1 = p2;
9196
9197 if (!*p2)
9198 break;
9199
9200 *(p2++) = '\0';
9201 }
9202 return 0;
9203#else
Tim Duesterhus93128532019-11-23 23:45:10 +01009204 memprintf(err, "'%s' : library does not support TLS NPN extension", args[*cur_arg]);
Olivier Houchardc7566002018-11-20 23:33:50 +01009205 return ERR_ALERT | ERR_FATAL;
9206#endif
9207}
9208
Olivier Houchard92150142018-12-21 19:47:01 +01009209/* parse the "alpn" or the "check-alpn" server keyword */
Olivier Houchardc7566002018-11-20 23:33:50 +01009210static int srv_parse_alpn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9211{
9212#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
9213 char *p1, *p2;
Olivier Houchard92150142018-12-21 19:47:01 +01009214 char **alpn_str;
9215 int *alpn_len;
Olivier Houchardc7566002018-11-20 23:33:50 +01009216
Olivier Houchard92150142018-12-21 19:47:01 +01009217 if (*args[*cur_arg] == 'c') {
9218 alpn_str = &newsrv->check.alpn_str;
9219 alpn_len = &newsrv->check.alpn_len;
9220 } else {
9221 alpn_str = &newsrv->ssl_ctx.alpn_str;
9222 alpn_len = &newsrv->ssl_ctx.alpn_len;
9223
9224 }
Olivier Houchardc7566002018-11-20 23:33:50 +01009225 if (!*args[*cur_arg + 1]) {
9226 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[*cur_arg]);
9227 return ERR_ALERT | ERR_FATAL;
9228 }
9229
Olivier Houchard92150142018-12-21 19:47:01 +01009230 free(*alpn_str);
Olivier Houchardc7566002018-11-20 23:33:50 +01009231
9232 /* the ALPN string is built as a suite of (<len> <name>)*,
9233 * so we reuse each comma to store the next <len> and need
9234 * one more for the end of the string.
9235 */
Olivier Houchard92150142018-12-21 19:47:01 +01009236 *alpn_len = strlen(args[*cur_arg + 1]) + 1;
9237 *alpn_str = calloc(1, *alpn_len + 1);
9238 memcpy(*alpn_str + 1, args[*cur_arg + 1], *alpn_len);
Olivier Houchardc7566002018-11-20 23:33:50 +01009239
9240 /* replace commas with the name length */
Olivier Houchard92150142018-12-21 19:47:01 +01009241 p1 = *alpn_str;
Olivier Houchardc7566002018-11-20 23:33:50 +01009242 p2 = p1 + 1;
9243 while (1) {
Olivier Houchard92150142018-12-21 19:47:01 +01009244 p2 = memchr(p1 + 1, ',', *alpn_str + *alpn_len - (p1 + 1));
Olivier Houchardc7566002018-11-20 23:33:50 +01009245 if (!p2)
9246 p2 = p1 + 1 + strlen(p1 + 1);
9247
9248 if (p2 - (p1 + 1) > 255) {
9249 *p2 = '\0';
9250 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
9251 return ERR_ALERT | ERR_FATAL;
9252 }
9253
9254 *p1 = p2 - (p1 + 1);
9255 p1 = p2;
9256
9257 if (!*p2)
9258 break;
9259
9260 *(p2++) = '\0';
9261 }
9262 return 0;
9263#else
Tim Duesterhus93128532019-11-23 23:45:10 +01009264 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[*cur_arg]);
Olivier Houchardc7566002018-11-20 23:33:50 +01009265 return ERR_ALERT | ERR_FATAL;
9266#endif
9267}
9268
Emeric Brunef42d922012-10-11 16:11:36 +02009269/* parse the "ca-file" server keyword */
9270static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9271{
9272 if (!*args[*cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009273 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
Emeric Brunef42d922012-10-11 16:11:36 +02009274 return ERR_ALERT | ERR_FATAL;
9275 }
9276
Willy Tarreauef934602016-12-22 23:12:01 +01009277 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
9278 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02009279 else
9280 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
9281
Emmanuel Hocdetd4f9a602019-10-24 11:32:47 +02009282 if (!ssl_store_load_locations_file(newsrv->ssl_ctx.ca_file)) {
9283 memprintf(err, "'%s' : unable to load %s", args[*cur_arg], newsrv->ssl_ctx.ca_file);
9284 return ERR_ALERT | ERR_FATAL;
9285 }
Emeric Brunef42d922012-10-11 16:11:36 +02009286 return 0;
9287}
9288
Olivier Houchard9130a962017-10-17 17:33:43 +02009289/* parse the "check-sni" server keyword */
9290static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9291{
9292 if (!*args[*cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009293 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
Olivier Houchard9130a962017-10-17 17:33:43 +02009294 return ERR_ALERT | ERR_FATAL;
9295 }
9296
9297 newsrv->check.sni = strdup(args[*cur_arg + 1]);
9298 if (!newsrv->check.sni) {
9299 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
9300 return ERR_ALERT | ERR_FATAL;
9301 }
9302 return 0;
9303
9304}
9305
Willy Tarreau92faadf2012-10-10 23:04:25 +02009306/* parse the "check-ssl" server keyword */
9307static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9308{
9309 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01009310 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
9311 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009312#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009313 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
9314 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
9315#endif
Willy Tarreauef934602016-12-22 23:12:01 +01009316 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009317 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
9318 if (!newsrv->ssl_ctx.methods.min)
9319 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
9320 if (!newsrv->ssl_ctx.methods.max)
9321 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
9322
Willy Tarreau92faadf2012-10-10 23:04:25 +02009323 return 0;
9324}
9325
9326/* parse the "ciphers" server keyword */
9327static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9328{
9329 if (!*args[*cur_arg + 1]) {
9330 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
9331 return ERR_ALERT | ERR_FATAL;
9332 }
9333
9334 free(newsrv->ssl_ctx.ciphers);
9335 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
9336 return 0;
9337}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009338
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009339#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009340/* parse the "ciphersuites" server keyword */
9341static int srv_parse_ciphersuites(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9342{
9343 if (!*args[*cur_arg + 1]) {
9344 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
9345 return ERR_ALERT | ERR_FATAL;
9346 }
9347
9348 free(newsrv->ssl_ctx.ciphersuites);
9349 newsrv->ssl_ctx.ciphersuites = strdup(args[*cur_arg + 1]);
9350 return 0;
9351}
9352#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02009353
Emeric Brunef42d922012-10-11 16:11:36 +02009354/* parse the "crl-file" server keyword */
9355static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9356{
9357#ifndef X509_V_FLAG_CRL_CHECK
Tim Duesterhus93128532019-11-23 23:45:10 +01009358 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
Emeric Brunef42d922012-10-11 16:11:36 +02009359 return ERR_ALERT | ERR_FATAL;
9360#else
9361 if (!*args[*cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009362 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
Emeric Brunef42d922012-10-11 16:11:36 +02009363 return ERR_ALERT | ERR_FATAL;
9364 }
9365
Willy Tarreauef934602016-12-22 23:12:01 +01009366 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
9367 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02009368 else
9369 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
9370
Emmanuel Hocdetb270e812019-11-21 19:09:31 +01009371 if (!ssl_store_load_locations_file(newsrv->ssl_ctx.crl_file)) {
9372 memprintf(err, "'%s' : unable to load %s", args[*cur_arg], newsrv->ssl_ctx.crl_file);
9373 return ERR_ALERT | ERR_FATAL;
9374 }
Emeric Brunef42d922012-10-11 16:11:36 +02009375 return 0;
9376#endif
9377}
9378
Emeric Bruna7aa3092012-10-26 12:58:00 +02009379/* parse the "crt" server keyword */
9380static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9381{
9382 if (!*args[*cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009383 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02009384 return ERR_ALERT | ERR_FATAL;
9385 }
9386
Willy Tarreauef934602016-12-22 23:12:01 +01009387 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01009388 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02009389 else
9390 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
9391
9392 return 0;
9393}
Emeric Brunef42d922012-10-11 16:11:36 +02009394
Frédéric Lécaille340ae602017-03-13 10:38:04 +01009395/* parse the "no-check-ssl" server keyword */
9396static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9397{
9398 newsrv->check.use_ssl = 0;
9399 free(newsrv->ssl_ctx.ciphers);
9400 newsrv->ssl_ctx.ciphers = NULL;
9401 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
9402 return 0;
9403}
9404
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01009405/* parse the "no-send-proxy-v2-ssl" server keyword */
9406static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9407{
9408 newsrv->pp_opts &= ~SRV_PP_V2;
9409 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
9410 return 0;
9411}
9412
9413/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
9414static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9415{
9416 newsrv->pp_opts &= ~SRV_PP_V2;
9417 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
9418 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
9419 return 0;
9420}
9421
Frédéric Lécaillee381d762017-03-13 11:54:17 +01009422/* parse the "no-ssl" server keyword */
9423static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9424{
9425 newsrv->use_ssl = 0;
9426 free(newsrv->ssl_ctx.ciphers);
9427 newsrv->ssl_ctx.ciphers = NULL;
9428 return 0;
9429}
9430
Olivier Houchard522eea72017-11-03 16:27:47 +01009431/* parse the "allow-0rtt" server keyword */
9432static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9433{
9434 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
9435 return 0;
9436}
9437
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01009438/* parse the "no-ssl-reuse" server keyword */
9439static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9440{
9441 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
9442 return 0;
9443}
9444
Emeric Brunf9c5c472012-10-11 15:28:34 +02009445/* parse the "no-tls-tickets" server keyword */
9446static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9447{
9448 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
9449 return 0;
9450}
David Safb76832014-05-08 23:42:08 -04009451/* parse the "send-proxy-v2-ssl" server keyword */
9452static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9453{
9454 newsrv->pp_opts |= SRV_PP_V2;
9455 newsrv->pp_opts |= SRV_PP_V2_SSL;
9456 return 0;
9457}
9458
9459/* parse the "send-proxy-v2-ssl-cn" server keyword */
9460static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9461{
9462 newsrv->pp_opts |= SRV_PP_V2;
9463 newsrv->pp_opts |= SRV_PP_V2_SSL;
9464 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
9465 return 0;
9466}
Emeric Brunf9c5c472012-10-11 15:28:34 +02009467
Willy Tarreau732eac42015-07-09 11:40:25 +02009468/* parse the "sni" server keyword */
9469static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9470{
9471#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
9472 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
9473 return ERR_ALERT | ERR_FATAL;
9474#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01009475 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02009476
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01009477 arg = args[*cur_arg + 1];
9478 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02009479 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
9480 return ERR_ALERT | ERR_FATAL;
9481 }
9482
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01009483 free(newsrv->sni_expr);
9484 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02009485
Willy Tarreau732eac42015-07-09 11:40:25 +02009486 return 0;
9487#endif
9488}
9489
Willy Tarreau92faadf2012-10-10 23:04:25 +02009490/* parse the "ssl" server keyword */
9491static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9492{
9493 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01009494 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
9495 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009496#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009497 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
9498 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
9499#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02009500 return 0;
9501}
9502
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01009503/* parse the "ssl-reuse" server keyword */
9504static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9505{
9506 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
9507 return 0;
9508}
9509
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01009510/* parse the "tls-tickets" server keyword */
9511static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9512{
9513 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
9514 return 0;
9515}
9516
Emeric Brunef42d922012-10-11 16:11:36 +02009517/* parse the "verify" server keyword */
9518static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9519{
9520 if (!*args[*cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009521 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
Emeric Brunef42d922012-10-11 16:11:36 +02009522 return ERR_ALERT | ERR_FATAL;
9523 }
9524
9525 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009526 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02009527 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01009528 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02009529 else {
Tim Duesterhus93128532019-11-23 23:45:10 +01009530 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
9531 args[*cur_arg], args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02009532 return ERR_ALERT | ERR_FATAL;
9533 }
9534
Evan Broderbe554312013-06-27 00:05:25 -07009535 return 0;
9536}
9537
9538/* parse the "verifyhost" server keyword */
9539static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
9540{
9541 if (!*args[*cur_arg + 1]) {
Tim Duesterhus93128532019-11-23 23:45:10 +01009542 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
Evan Broderbe554312013-06-27 00:05:25 -07009543 return ERR_ALERT | ERR_FATAL;
9544 }
9545
Frédéric Lécaille273f3212017-03-13 15:52:01 +01009546 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07009547 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
9548
Emeric Brunef42d922012-10-11 16:11:36 +02009549 return 0;
9550}
9551
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009552/* parse the "ssl-default-bind-options" keyword in global section */
9553static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
9554 struct proxy *defpx, const char *file, int line,
9555 char **err) {
9556 int i = 1;
9557
9558 if (*(args[i]) == 0) {
9559 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
9560 return -1;
9561 }
9562 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009563 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01009564 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00009565 else if (!strcmp(args[i], "prefer-client-ciphers"))
9566 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009567 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
9568 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
9569 i++;
9570 else {
9571 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
9572 return -1;
9573 }
9574 }
9575 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009576 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
9577 return -1;
9578 }
9579 i++;
9580 }
9581 return 0;
9582}
9583
9584/* parse the "ssl-default-server-options" keyword in global section */
9585static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
9586 struct proxy *defpx, const char *file, int line,
9587 char **err) {
9588 int i = 1;
9589
9590 if (*(args[i]) == 0) {
9591 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
9592 return -1;
9593 }
9594 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009595 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01009596 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009597 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
9598 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
9599 i++;
9600 else {
9601 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
9602 return -1;
9603 }
9604 }
9605 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009606 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
9607 return -1;
9608 }
9609 i++;
9610 }
9611 return 0;
9612}
9613
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009614/* parse the "ca-base" / "crt-base" keywords in global section.
9615 * Returns <0 on alert, >0 on warning, 0 on success.
9616 */
9617static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
9618 struct proxy *defpx, const char *file, int line,
9619 char **err)
9620{
9621 char **target;
9622
Willy Tarreauef934602016-12-22 23:12:01 +01009623 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009624
9625 if (too_many_args(1, args, err, NULL))
9626 return -1;
9627
9628 if (*target) {
9629 memprintf(err, "'%s' already specified.", args[0]);
9630 return -1;
9631 }
9632
9633 if (*(args[1]) == 0) {
9634 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
9635 return -1;
9636 }
9637 *target = strdup(args[1]);
9638 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009639}
9640
9641/* parse the "ssl-mode-async" keyword in global section.
9642 * Returns <0 on alert, >0 on warning, 0 on success.
9643 */
9644static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
9645 struct proxy *defpx, const char *file, int line,
9646 char **err)
9647{
Willy Tarreau5db847a2019-05-09 14:13:35 +02009648#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009649 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01009650 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009651 return 0;
9652#else
9653 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
9654 return -1;
9655#endif
9656}
9657
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009658#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009659static int ssl_check_async_engine_count(void) {
9660 int err_code = 0;
9661
Emeric Brun3854e012017-05-17 20:42:48 +02009662 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01009663 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009664 err_code = ERR_ABORT;
9665 }
9666 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009667}
9668
Grant Zhang872f9c22017-01-21 01:10:18 +00009669/* parse the "ssl-engine" keyword in global section.
9670 * Returns <0 on alert, >0 on warning, 0 on success.
9671 */
9672static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
9673 struct proxy *defpx, const char *file, int line,
9674 char **err)
9675{
9676 char *algo;
9677 int ret = -1;
9678
9679 if (*(args[1]) == 0) {
9680 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
9681 return ret;
9682 }
9683
9684 if (*(args[2]) == 0) {
9685 /* if no list of algorithms is given, it defaults to ALL */
9686 algo = strdup("ALL");
9687 goto add_engine;
9688 }
9689
9690 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
9691 if (strcmp(args[2], "algo") != 0) {
9692 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
9693 return ret;
9694 }
9695
9696 if (*(args[3]) == 0) {
9697 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
9698 return ret;
9699 }
9700 algo = strdup(args[3]);
9701
9702add_engine:
9703 if (ssl_init_single_engine(args[1], algo)==0) {
9704 openssl_engines_initialized++;
9705 ret = 0;
9706 }
9707 free(algo);
9708 return ret;
9709}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009710#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00009711
Willy Tarreauf22e9682016-12-21 23:23:19 +01009712/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
9713 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
9714 */
9715static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
9716 struct proxy *defpx, const char *file, int line,
9717 char **err)
9718{
9719 char **target;
9720
Willy Tarreauef934602016-12-22 23:12:01 +01009721 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01009722
9723 if (too_many_args(1, args, err, NULL))
9724 return -1;
9725
9726 if (*(args[1]) == 0) {
9727 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
9728 return -1;
9729 }
9730
9731 free(*target);
9732 *target = strdup(args[1]);
9733 return 0;
9734}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009735
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009736#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009737/* parse the "ssl-default-bind-ciphersuites" / "ssl-default-server-ciphersuites" keywords
9738 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
9739 */
9740static int ssl_parse_global_ciphersuites(char **args, int section_type, struct proxy *curpx,
9741 struct proxy *defpx, const char *file, int line,
9742 char **err)
9743{
9744 char **target;
9745
9746 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphersuites : &global_ssl.connect_default_ciphersuites;
9747
9748 if (too_many_args(1, args, err, NULL))
9749 return -1;
9750
9751 if (*(args[1]) == 0) {
9752 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
9753 return -1;
9754 }
9755
9756 free(*target);
9757 *target = strdup(args[1]);
9758 return 0;
9759}
9760#endif
Willy Tarreauf22e9682016-12-21 23:23:19 +01009761
Willy Tarreau9ceda382016-12-21 23:13:03 +01009762/* parse various global tune.ssl settings consisting in positive integers.
9763 * Returns <0 on alert, >0 on warning, 0 on success.
9764 */
9765static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
9766 struct proxy *defpx, const char *file, int line,
9767 char **err)
9768{
9769 int *target;
9770
9771 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
9772 target = &global.tune.sslcachesize;
9773 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009774 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009775 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009776 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009777 else if (strcmp(args[0], "maxsslconn") == 0)
9778 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009779 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
9780 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009781 else {
9782 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
9783 return -1;
9784 }
9785
9786 if (too_many_args(1, args, err, NULL))
9787 return -1;
9788
9789 if (*(args[1]) == 0) {
9790 memprintf(err, "'%s' expects an integer argument.", args[0]);
9791 return -1;
9792 }
9793
9794 *target = atoi(args[1]);
9795 if (*target < 0) {
9796 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
9797 return -1;
9798 }
9799 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009800}
9801
9802static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
9803 struct proxy *defpx, const char *file, int line,
9804 char **err)
9805{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009806 int ret;
9807
9808 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
9809 if (ret != 0)
9810 return ret;
9811
Willy Tarreaubafbe012017-11-24 17:34:44 +01009812 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009813 memprintf(err, "'%s' is already configured.", args[0]);
9814 return -1;
9815 }
9816
Willy Tarreaubafbe012017-11-24 17:34:44 +01009817 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
9818 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009819 memprintf(err, "Out of memory error.");
9820 return -1;
9821 }
9822 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009823}
9824
9825/* parse "ssl.force-private-cache".
9826 * Returns <0 on alert, >0 on warning, 0 on success.
9827 */
9828static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
9829 struct proxy *defpx, const char *file, int line,
9830 char **err)
9831{
9832 if (too_many_args(0, args, err, NULL))
9833 return -1;
9834
Willy Tarreauef934602016-12-22 23:12:01 +01009835 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009836 return 0;
9837}
9838
9839/* parse "ssl.lifetime".
9840 * Returns <0 on alert, >0 on warning, 0 on success.
9841 */
9842static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
9843 struct proxy *defpx, const char *file, int line,
9844 char **err)
9845{
9846 const char *res;
9847
9848 if (too_many_args(1, args, err, NULL))
9849 return -1;
9850
9851 if (*(args[1]) == 0) {
9852 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
9853 return -1;
9854 }
9855
Willy Tarreauef934602016-12-22 23:12:01 +01009856 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9faebe32019-06-07 19:00:37 +02009857 if (res == PARSE_TIME_OVER) {
9858 memprintf(err, "timer overflow in argument '%s' to <%s> (maximum value is 2147483647 s or ~68 years).",
9859 args[1], args[0]);
9860 return -1;
9861 }
9862 else if (res == PARSE_TIME_UNDER) {
9863 memprintf(err, "timer underflow in argument '%s' to <%s> (minimum non-null value is 1 s).",
9864 args[1], args[0]);
9865 return -1;
9866 }
9867 else if (res) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009868 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
9869 return -1;
9870 }
9871 return 0;
9872}
9873
9874#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01009875/* parse "ssl-dh-param-file".
9876 * Returns <0 on alert, >0 on warning, 0 on success.
9877 */
9878static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
9879 struct proxy *defpx, const char *file, int line,
9880 char **err)
9881{
9882 if (too_many_args(1, args, err, NULL))
9883 return -1;
9884
9885 if (*(args[1]) == 0) {
9886 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
9887 return -1;
9888 }
9889
9890 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
9891 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
9892 return -1;
9893 }
9894 return 0;
9895}
9896
Willy Tarreau9ceda382016-12-21 23:13:03 +01009897/* parse "ssl.default-dh-param".
9898 * Returns <0 on alert, >0 on warning, 0 on success.
9899 */
9900static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
9901 struct proxy *defpx, const char *file, int line,
9902 char **err)
9903{
9904 if (too_many_args(1, args, err, NULL))
9905 return -1;
9906
9907 if (*(args[1]) == 0) {
9908 memprintf(err, "'%s' expects an integer argument.", args[0]);
9909 return -1;
9910 }
9911
Willy Tarreauef934602016-12-22 23:12:01 +01009912 global_ssl.default_dh_param = atoi(args[1]);
9913 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009914 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
9915 return -1;
9916 }
9917 return 0;
9918}
9919#endif
9920
9921
William Lallemand32af2032016-10-29 18:09:35 +02009922/* This function is used with TLS ticket keys management. It permits to browse
9923 * each reference. The variable <getnext> must contain the current node,
9924 * <end> point to the root node.
9925 */
9926#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9927static inline
9928struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
9929{
9930 struct tls_keys_ref *ref = getnext;
9931
9932 while (1) {
9933
9934 /* Get next list entry. */
9935 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
9936
9937 /* If the entry is the last of the list, return NULL. */
9938 if (&ref->list == end)
9939 return NULL;
9940
9941 return ref;
9942 }
9943}
9944
9945static inline
9946struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
9947{
9948 int id;
9949 char *error;
9950
9951 /* If the reference starts by a '#', this is numeric id. */
9952 if (reference[0] == '#') {
9953 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
9954 id = strtol(reference + 1, &error, 10);
9955 if (*error != '\0')
9956 return NULL;
9957
9958 /* Perform the unique id lookup. */
9959 return tlskeys_ref_lookupid(id);
9960 }
9961
9962 /* Perform the string lookup. */
9963 return tlskeys_ref_lookup(reference);
9964}
9965#endif
9966
9967
9968#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9969
9970static int cli_io_handler_tlskeys_files(struct appctx *appctx);
9971
9972static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
9973 return cli_io_handler_tlskeys_files(appctx);
9974}
9975
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009976/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
9977 * (next index to be dumped), and cli.p0 (next key reference).
9978 */
William Lallemand32af2032016-10-29 18:09:35 +02009979static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
9980
9981 struct stream_interface *si = appctx->owner;
9982
9983 switch (appctx->st2) {
9984 case STAT_ST_INIT:
9985 /* Display the column headers. If the message cannot be sent,
Joseph Herlant017b3da2018-11-15 09:07:59 -08009986 * quit the function with returning 0. The function is called
William Lallemand32af2032016-10-29 18:09:35 +02009987 * later and restart at the state "STAT_ST_INIT".
9988 */
9989 chunk_reset(&trash);
9990
9991 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
9992 chunk_appendf(&trash, "# id secret\n");
9993 else
9994 chunk_appendf(&trash, "# id (file)\n");
9995
Willy Tarreau06d80a92017-10-19 14:32:15 +02009996 if (ci_putchk(si_ic(si), &trash) == -1) {
Willy Tarreaudb398432018-11-15 11:08:52 +01009997 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009998 return 0;
9999 }
10000
William Lallemand32af2032016-10-29 18:09:35 +020010001 /* Now, we start the browsing of the references lists.
10002 * Note that the following call to LIST_ELEM return bad pointer. The only
10003 * available field of this pointer is <list>. It is used with the function
10004 * tlskeys_list_get_next() for retruning the first available entry
10005 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010006 if (appctx->ctx.cli.p0 == NULL) {
10007 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
10008 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +020010009 }
10010
10011 appctx->st2 = STAT_ST_LIST;
10012 /* fall through */
10013
10014 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010015 while (appctx->ctx.cli.p0) {
10016 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +020010017
10018 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010019 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +020010020 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010021
10022 if (appctx->ctx.cli.i1 == 0)
10023 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
10024
William Lallemand32af2032016-10-29 18:09:35 +020010025 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +010010026 int head;
10027
10028 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
10029 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010030 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
Willy Tarreau83061a82018-07-13 11:56:34 +020010031 struct buffer *t2 = get_trash_chunk();
William Lallemand32af2032016-10-29 18:09:35 +020010032
10033 chunk_reset(t2);
10034 /* should never fail here because we dump only a key in the t2 buffer */
Emeric Brun9e754772019-01-10 17:51:55 +010010035 if (ref->key_size_bits == 128) {
10036 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
10037 sizeof(struct tls_sess_key_128),
10038 t2->area, t2->size);
10039 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
10040 t2->area);
10041 }
10042 else if (ref->key_size_bits == 256) {
10043 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
10044 sizeof(struct tls_sess_key_256),
10045 t2->area, t2->size);
10046 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
10047 t2->area);
10048 }
10049 else {
10050 /* This case should never happen */
10051 chunk_appendf(&trash, "%d.%d <unknown>\n", ref->unique_id, appctx->ctx.cli.i1);
10052 }
William Lallemand32af2032016-10-29 18:09:35 +020010053
Willy Tarreau06d80a92017-10-19 14:32:15 +020010054 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +020010055 /* let's try again later from this stream. We add ourselves into
10056 * this stream's users so that it can remove us upon termination.
10057 */
Christopher Faulet16f45c82018-02-16 11:23:49 +010010058 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreaudb398432018-11-15 11:08:52 +010010059 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +020010060 return 0;
10061 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010062 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +020010063 }
Christopher Faulet16f45c82018-02-16 11:23:49 +010010064 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010065 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +020010066 }
Willy Tarreau06d80a92017-10-19 14:32:15 +020010067 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +020010068 /* let's try again later from this stream. We add ourselves into
10069 * this stream's users so that it can remove us upon termination.
10070 */
Willy Tarreaudb398432018-11-15 11:08:52 +010010071 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +020010072 return 0;
10073 }
10074
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010075 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +020010076 break;
10077
10078 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010079 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +020010080 }
10081
10082 appctx->st2 = STAT_ST_FIN;
10083 /* fall through */
10084
10085 default:
10086 appctx->st2 = STAT_ST_FIN;
10087 return 1;
10088 }
10089 return 0;
10090}
10091
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010092/* sets cli.i0 to non-zero if only file lists should be dumped */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +020010093static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +020010094{
William Lallemand32af2032016-10-29 18:09:35 +020010095 /* no parameter, shows only file list */
10096 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010097 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +020010098 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +010010099 return 0;
William Lallemand32af2032016-10-29 18:09:35 +020010100 }
10101
10102 if (args[2][0] == '*') {
10103 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010104 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +020010105 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010106 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
Willy Tarreau9d008692019-08-09 11:21:01 +020010107 if (!appctx->ctx.cli.p0)
10108 return cli_err(appctx, "'show tls-keys' unable to locate referenced filename\n");
William Lallemand32af2032016-10-29 18:09:35 +020010109 }
William Lallemand32af2032016-10-29 18:09:35 +020010110 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +010010111 return 0;
William Lallemand32af2032016-10-29 18:09:35 +020010112}
10113
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +020010114static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +020010115{
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010116 struct tls_keys_ref *ref;
Willy Tarreau1c913e42018-08-22 05:26:57 +020010117 int ret;
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010118
William Lallemand32af2032016-10-29 18:09:35 +020010119 /* Expect two parameters: the filename and the new new TLS key in encoding */
Willy Tarreau9d008692019-08-09 11:21:01 +020010120 if (!*args[3] || !*args[4])
10121 return cli_err(appctx, "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010122
Willy Tarreauf5f26e82016-12-16 18:47:27 +010010123 ref = tlskeys_ref_lookup_ref(args[3]);
Willy Tarreau9d008692019-08-09 11:21:01 +020010124 if (!ref)
10125 return cli_err(appctx, "'set ssl tls-key' unable to locate referenced filename\n");
William Lallemand32af2032016-10-29 18:09:35 +020010126
Willy Tarreau1c913e42018-08-22 05:26:57 +020010127 ret = base64dec(args[4], strlen(args[4]), trash.area, trash.size);
Willy Tarreau9d008692019-08-09 11:21:01 +020010128 if (ret < 0)
10129 return cli_err(appctx, "'set ssl tls-key' received invalid base64 encoded TLS key.\n");
Emeric Brun9e754772019-01-10 17:51:55 +010010130
Willy Tarreau1c913e42018-08-22 05:26:57 +020010131 trash.data = ret;
Willy Tarreau9d008692019-08-09 11:21:01 +020010132 if (ssl_sock_update_tlskey_ref(ref, &trash) < 0)
10133 return cli_err(appctx, "'set ssl tls-key' received a key of wrong size.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010134
Willy Tarreau9d008692019-08-09 11:21:01 +020010135 return cli_msg(appctx, LOG_INFO, "TLS ticket key updated!\n");
William Lallemand32af2032016-10-29 18:09:35 +020010136}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +010010137#endif
William Lallemand32af2032016-10-29 18:09:35 +020010138
William Lallemand44b35322019-10-17 16:28:40 +020010139
10140/* Type of SSL payloads that can be updated over the CLI */
10141
10142enum {
10143 CERT_TYPE_PEM = 0,
Emmanuel Hocdetf6ac4fa2019-10-30 17:41:27 +010010144#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
William Lallemand44b35322019-10-17 16:28:40 +020010145 CERT_TYPE_OCSP,
Emmanuel Hocdetf6ac4fa2019-10-30 17:41:27 +010010146#endif
William Lallemand44b35322019-10-17 16:28:40 +020010147 CERT_TYPE_ISSUER,
Emmanuel Hocdetf6ac4fa2019-10-30 17:41:27 +010010148#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
William Lallemand44b35322019-10-17 16:28:40 +020010149 CERT_TYPE_SCTL,
Emmanuel Hocdetf6ac4fa2019-10-30 17:41:27 +010010150#endif
William Lallemand44b35322019-10-17 16:28:40 +020010151 CERT_TYPE_MAX,
10152};
10153
10154struct {
10155 const char *ext;
10156 int type;
10157 int (*load)(const char *path, char *payload, struct cert_key_and_chain *ckch, char **err);
10158 /* add a parsing callback */
William Lallemandf29cdef2019-10-23 15:00:52 +020010159} cert_exts[CERT_TYPE_MAX+1] = {
William Lallemand44b35322019-10-17 16:28:40 +020010160 [CERT_TYPE_PEM] = { "", CERT_TYPE_PEM, &ssl_sock_load_pem_into_ckch }, /* default mode, no extensions */
William Lallemand541a5342019-10-23 14:11:54 +020010161#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
William Lallemand44b35322019-10-17 16:28:40 +020010162 [CERT_TYPE_OCSP] = { "ocsp", CERT_TYPE_OCSP, &ssl_sock_load_ocsp_response_from_file },
William Lallemand541a5342019-10-23 14:11:54 +020010163#endif
10164#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
William Lallemand44b35322019-10-17 16:28:40 +020010165 [CERT_TYPE_SCTL] = { "sctl", CERT_TYPE_SCTL, &ssl_sock_load_sctl_from_file },
William Lallemand541a5342019-10-23 14:11:54 +020010166#endif
William Lallemand44b35322019-10-17 16:28:40 +020010167 [CERT_TYPE_ISSUER] = { "issuer", CERT_TYPE_ISSUER, &ssl_sock_load_issuer_file_into_ckch },
William Lallemandf29cdef2019-10-23 15:00:52 +020010168 [CERT_TYPE_MAX] = { NULL, CERT_TYPE_MAX, NULL },
William Lallemand44b35322019-10-17 16:28:40 +020010169};
10170
William Lallemand430413e2019-10-28 14:30:47 +010010171/* states of the CLI IO handler for 'set ssl cert' */
10172enum {
10173 SETCERT_ST_INIT = 0,
10174 SETCERT_ST_GEN,
10175 SETCERT_ST_INSERT,
10176 SETCERT_ST_FIN,
10177};
William Lallemand8f840d72019-10-23 10:53:05 +020010178
William Lallemandd4f946c2019-12-05 10:26:40 +010010179/* release function of the `show ssl cert' command */
10180static void cli_release_show_cert(struct appctx *appctx)
10181{
10182 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10183}
10184
10185/* IO handler of "show ssl cert <filename>" */
10186static int cli_io_handler_show_cert(struct appctx *appctx)
10187{
10188 struct buffer *trash = alloc_trash_chunk();
10189 struct ebmb_node *node;
10190 struct stream_interface *si = appctx->owner;
10191 struct ckch_store *ckchs;
10192 int n;
10193
10194 if (trash == NULL)
10195 return 1;
10196
10197 if (!appctx->ctx.ssl.old_ckchs) {
10198 if (ckchs_transaction.old_ckchs) {
10199 ckchs = ckchs_transaction.old_ckchs;
10200 chunk_appendf(trash, "# transaction\n");
10201 if (!ckchs->multi) {
10202 chunk_appendf(trash, "*%s\n", ckchs->path);
William Lallemandba22e902019-12-18 20:36:01 +010010203#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
William Lallemandd4f946c2019-12-05 10:26:40 +010010204 } else {
10205 chunk_appendf(trash, "*%s:", ckchs->path);
10206 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
10207 if (ckchs->ckch[n].cert)
10208 chunk_appendf(trash, " %s.%s\n", ckchs->path, SSL_SOCK_KEYTYPE_NAMES[n]);
10209 }
10210 chunk_appendf(trash, "\n");
William Lallemandba22e902019-12-18 20:36:01 +010010211#endif
William Lallemandd4f946c2019-12-05 10:26:40 +010010212 }
10213 }
10214 }
10215
10216 if (!appctx->ctx.cli.p0) {
10217 chunk_appendf(trash, "# filename\n");
10218 node = ebmb_first(&ckchs_tree);
10219 } else {
10220 node = &((struct ckch_store *)appctx->ctx.cli.p0)->node;
10221 }
10222 while (node) {
10223 ckchs = ebmb_entry(node, struct ckch_store, node);
10224 if (!ckchs->multi) {
10225 chunk_appendf(trash, "%s\n", ckchs->path);
William Lallemandba22e902019-12-18 20:36:01 +010010226#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
William Lallemandd4f946c2019-12-05 10:26:40 +010010227 } else {
10228 chunk_appendf(trash, "%s:", ckchs->path);
10229 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
10230 if (ckchs->ckch[n].cert)
10231 chunk_appendf(trash, " %s.%s", ckchs->path, SSL_SOCK_KEYTYPE_NAMES[n]);
10232 }
10233 chunk_appendf(trash, "\n");
William Lallemandba22e902019-12-18 20:36:01 +010010234#endif
William Lallemandd4f946c2019-12-05 10:26:40 +010010235 }
10236
10237 node = ebmb_next(node);
10238 if (ci_putchk(si_ic(si), trash) == -1) {
10239 si_rx_room_blk(si);
10240 goto yield;
10241 }
10242 }
10243
10244 appctx->ctx.cli.p0 = NULL;
10245 free_trash_chunk(trash);
10246 return 1;
10247yield:
10248
10249 free_trash_chunk(trash);
10250 appctx->ctx.cli.p0 = ckchs;
10251 return 0; /* should come back */
10252}
10253
10254/* IO handler of the details "show ssl cert <filename>" */
10255static int cli_io_handler_show_cert_detail(struct appctx *appctx)
10256{
10257 struct stream_interface *si = appctx->owner;
10258 struct ckch_store *ckchs = appctx->ctx.cli.p0;
10259 struct buffer *out = alloc_trash_chunk();
10260 struct buffer *tmp = alloc_trash_chunk();
10261 X509_NAME *name = NULL;
10262 int write = -1;
10263 BIO *bio = NULL;
10264
10265 if (!tmp || !out)
10266 goto end;
10267
10268 if (!ckchs->multi) {
10269 chunk_appendf(out, "Filename: ");
10270 if (ckchs == ckchs_transaction.new_ckchs)
10271 chunk_appendf(out, "*");
10272 chunk_appendf(out, "%s\n", ckchs->path);
10273 chunk_appendf(out, "Serial: ");
10274 if (ssl_sock_get_serial(ckchs->ckch->cert, tmp) == -1)
10275 goto end;
10276 dump_binary(out, tmp->area, tmp->data);
10277 chunk_appendf(out, "\n");
10278
10279 chunk_appendf(out, "notBefore: ");
10280 chunk_reset(tmp);
10281 if ((bio = BIO_new(BIO_s_mem())) == NULL)
10282 goto end;
10283 if (ASN1_TIME_print(bio, X509_getm_notBefore(ckchs->ckch->cert)) == 0)
10284 goto end;
10285 write = BIO_read(bio, tmp->area, tmp->size-1);
10286 tmp->area[write] = '\0';
10287 BIO_free(bio);
10288 chunk_appendf(out, "%s\n", tmp->area);
10289
10290 chunk_appendf(out, "notAfter: ");
10291 chunk_reset(tmp);
10292 if ((bio = BIO_new(BIO_s_mem())) == NULL)
10293 goto end;
10294 if (ASN1_TIME_print(bio, X509_getm_notAfter(ckchs->ckch->cert)) == 0)
10295 goto end;
10296 if ((write = BIO_read(bio, tmp->area, tmp->size-1)) <= 0)
10297 goto end;
10298 tmp->area[write] = '\0';
10299 BIO_free(bio);
10300 chunk_appendf(out, "%s\n", tmp->area);
10301
10302
10303 chunk_appendf(out, "Issuer: ");
10304 if ((name = X509_get_issuer_name(ckchs->ckch->cert)) == NULL)
10305 goto end;
10306 if ((ssl_sock_get_dn_oneline(name, tmp)) == -1)
10307 goto end;
10308 *(tmp->area + tmp->data) = '\0';
10309 chunk_appendf(out, "%s\n", tmp->area);
10310
10311 chunk_appendf(out, "Subject: ");
10312 if ((name = X509_get_subject_name(ckchs->ckch->cert)) == NULL)
10313 goto end;
10314 if ((ssl_sock_get_dn_oneline(name, tmp)) == -1)
10315 goto end;
10316 *(tmp->area + tmp->data) = '\0';
10317 chunk_appendf(out, "%s\n", tmp->area);
10318
10319
10320#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
10321 chunk_appendf(out, "Subject Alternative Name: ");
10322 if (ssl_sock_get_san_oneline(ckchs->ckch->cert, out) == -1)
10323 goto end;
10324 *(out->area + out->data) = '\0';
10325 chunk_appendf(out, "\n");
10326#endif
10327 chunk_reset(tmp);
10328 chunk_appendf(out, "Algorithm: ");
10329 if (cert_get_pkey_algo(ckchs->ckch->cert, tmp) == 0)
10330 goto end;
10331 chunk_appendf(out, "%s\n", tmp->area);
10332
10333 chunk_reset(tmp);
10334 chunk_appendf(out, "SHA1 FingerPrint: ");
10335 if (X509_digest(ckchs->ckch->cert, EVP_sha1(), (unsigned char *) tmp->area,
10336 (unsigned int *)&tmp->data) == 0)
10337 goto end;
10338 dump_binary(out, tmp->area, tmp->data);
10339 chunk_appendf(out, "\n");
10340 }
10341
10342 if (ci_putchk(si_ic(si), out) == -1) {
10343 si_rx_room_blk(si);
10344 goto yield;
10345 }
10346
10347end:
10348 free_trash_chunk(tmp);
10349 free_trash_chunk(out);
10350 return 1;
10351yield:
10352 free_trash_chunk(tmp);
10353 free_trash_chunk(out);
10354 return 0; /* should come back */
10355}
10356
10357/* parsing function for 'show ssl cert [certfile]' */
10358static int cli_parse_show_cert(char **args, char *payload, struct appctx *appctx, void *private)
10359{
10360 struct ckch_store *ckchs;
10361
10362 if (!cli_has_level(appctx, ACCESS_LVL_OPER))
10363 return cli_err(appctx, "Can't allocate memory!\n");
10364
10365 /* The operations on the CKCH architecture are locked so we can
10366 * manipulate ckch_store and ckch_inst */
10367 if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
10368 return cli_err(appctx, "Can't show!\nOperations on certificates are currently locked!\n");
10369
10370 /* check if there is a certificate to lookup */
10371 if (*args[3]) {
10372 if (*args[3] == '*') {
10373 if (!ckchs_transaction.new_ckchs)
10374 goto error;
10375
10376 ckchs = ckchs_transaction.new_ckchs;
10377
10378 if (strcmp(args[3] + 1, ckchs->path))
10379 goto error;
10380
10381 } else {
10382 if ((ckchs = ckchs_lookup(args[3])) == NULL)
10383 goto error;
10384
10385 }
10386
10387 if (ckchs->multi)
10388 goto error;
10389
10390 appctx->ctx.cli.p0 = ckchs;
10391 /* use the IO handler that shows details */
10392 appctx->io_handler = cli_io_handler_show_cert_detail;
10393 }
10394
10395 return 0;
10396
10397error:
10398 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10399 return cli_err(appctx, "Can't display the certificate: Not found or the certificate is a bundle!\n");
10400}
10401
William Lallemand430413e2019-10-28 14:30:47 +010010402/* release function of the `set ssl cert' command, free things and unlock the spinlock */
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010403static void cli_release_commit_cert(struct appctx *appctx)
William Lallemand8f840d72019-10-23 10:53:05 +020010404{
10405 struct ckch_store *new_ckchs;
10406 struct ckch_inst *ckchi, *ckchis;
William Lallemand8f840d72019-10-23 10:53:05 +020010407
William Lallemand430413e2019-10-28 14:30:47 +010010408 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
William Lallemand8f840d72019-10-23 10:53:05 +020010409
William Lallemand430413e2019-10-28 14:30:47 +010010410 if (appctx->st2 != SETCERT_ST_FIN) {
William Lallemand8f840d72019-10-23 10:53:05 +020010411 /* free every new sni_ctx and the new store, which are not in the trees so no spinlock there */
William Lallemandbeea2a42019-10-30 17:45:33 +010010412 new_ckchs = appctx->ctx.ssl.new_ckchs;
William Lallemand8f840d72019-10-23 10:53:05 +020010413
William Lallemandbeea2a42019-10-30 17:45:33 +010010414 if (!new_ckchs)
10415 return;
William Lallemand8f840d72019-10-23 10:53:05 +020010416
William Lallemandbeea2a42019-10-30 17:45:33 +010010417 /* if the allocation failed, we need to free everything from the temporary list */
10418 list_for_each_entry_safe(ckchi, ckchis, &new_ckchs->ckch_inst, by_ckchs) {
10419 struct sni_ctx *sc0, *sc0s;
William Lallemand8f840d72019-10-23 10:53:05 +020010420
William Lallemandbeea2a42019-10-30 17:45:33 +010010421 list_for_each_entry_safe(sc0, sc0s, &ckchi->sni_ctx, by_ckch_inst) {
10422 if (sc0->order == 0) /* we only free if it's the first inserted */
10423 SSL_CTX_free(sc0->ctx);
10424 LIST_DEL(&sc0->by_ckch_inst);
10425 free(sc0);
William Lallemand8f840d72019-10-23 10:53:05 +020010426 }
William Lallemandbeea2a42019-10-30 17:45:33 +010010427 LIST_DEL(&ckchi->by_ckchs);
10428 free(ckchi);
William Lallemand8f840d72019-10-23 10:53:05 +020010429 }
William Lallemandbeea2a42019-10-30 17:45:33 +010010430 ckchs_free(new_ckchs);
William Lallemand8f840d72019-10-23 10:53:05 +020010431 }
10432}
10433
10434
10435/*
10436 * This function tries to create the new ckch_inst and their SNIs
10437 */
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010438static int cli_io_handler_commit_cert(struct appctx *appctx)
William Lallemand8f840d72019-10-23 10:53:05 +020010439{
10440 struct stream_interface *si = appctx->owner;
10441 int y = 0;
10442 char *err = NULL;
10443 int errcode = 0;
10444 struct ckch_store *old_ckchs, *new_ckchs = NULL;
10445 struct ckch_inst *ckchi, *ckchis;
William Lallemand8f840d72019-10-23 10:53:05 +020010446 struct buffer *trash = alloc_trash_chunk();
William Lallemand8ef0c2a2019-11-21 16:30:34 +010010447 struct sni_ctx *sc0, *sc0s;
William Lallemand8f840d72019-10-23 10:53:05 +020010448
William Lallemand33cc76f2019-10-31 11:43:45 +010010449 if (trash == NULL)
10450 goto error;
10451
William Lallemand8f840d72019-10-23 10:53:05 +020010452 if (unlikely(si_ic(si)->flags & (CF_WRITE_ERROR|CF_SHUTW)))
10453 goto error;
10454
William Lallemand430413e2019-10-28 14:30:47 +010010455 while (1) {
10456 switch (appctx->st2) {
10457 case SETCERT_ST_INIT:
10458 /* This state just print the update message */
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010459 chunk_printf(trash, "Committing %s", ckchs_transaction.path);
William Lallemand430413e2019-10-28 14:30:47 +010010460 if (ci_putchk(si_ic(si), trash) == -1) {
10461 si_rx_room_blk(si);
William Lallemand8f840d72019-10-23 10:53:05 +020010462 goto yield;
William Lallemand430413e2019-10-28 14:30:47 +010010463 }
10464 appctx->st2 = SETCERT_ST_GEN;
10465 /* fallthrough */
10466 case SETCERT_ST_GEN:
10467 /*
10468 * This state generates the ckch instances with their
10469 * sni_ctxs and SSL_CTX.
10470 *
William Lallemand430413e2019-10-28 14:30:47 +010010471 * Since the SSL_CTX generation can be CPU consumer, we
10472 * yield every 10 instances.
10473 */
William Lallemand8f840d72019-10-23 10:53:05 +020010474
William Lallemandbeea2a42019-10-30 17:45:33 +010010475 old_ckchs = appctx->ctx.ssl.old_ckchs;
10476 new_ckchs = appctx->ctx.ssl.new_ckchs;
William Lallemand8f840d72019-10-23 10:53:05 +020010477
William Lallemandbeea2a42019-10-30 17:45:33 +010010478 if (!new_ckchs)
10479 continue;
William Lallemand8f840d72019-10-23 10:53:05 +020010480
William Lallemandbeea2a42019-10-30 17:45:33 +010010481 /* get the next ckchi to regenerate */
10482 ckchi = appctx->ctx.ssl.next_ckchi;
10483 /* we didn't start yet, set it to the first elem */
10484 if (ckchi == NULL)
10485 ckchi = LIST_ELEM(old_ckchs->ckch_inst.n, typeof(ckchi), by_ckchs);
William Lallemand8f840d72019-10-23 10:53:05 +020010486
William Lallemandbeea2a42019-10-30 17:45:33 +010010487 /* walk through the old ckch_inst and creates new ckch_inst using the updated ckchs */
10488 list_for_each_entry_from(ckchi, &old_ckchs->ckch_inst, by_ckchs) {
10489 struct ckch_inst *new_inst;
William Lallemand8ef0c2a2019-11-21 16:30:34 +010010490 int verify = 0;
William Lallemand8f840d72019-10-23 10:53:05 +020010491
William Lallemandbeea2a42019-10-30 17:45:33 +010010492 /* it takes a lot of CPU to creates SSL_CTXs, so we yield every 10 CKCH instances */
10493 if (y >= 10) {
10494 /* save the next ckchi to compute */
10495 appctx->ctx.ssl.next_ckchi = ckchi;
10496 goto yield;
10497 }
William Lallemand8f840d72019-10-23 10:53:05 +020010498
William Lallemand8ef0c2a2019-11-21 16:30:34 +010010499 /* prevent ssl_sock_prepare_ctx() to do file access which is only for verify (crl/ca file) */
10500 verify = (ckchi->ssl_conf && ckchi->ssl_conf->verify) ? ckchi->ssl_conf->verify : ckchi->bind_conf->ssl_conf.verify;
10501 if (verify & SSL_VERIFY_PEER) {
10502 memprintf(&err, "%sCan't commit a certificate which use the 'verify' bind SSL option [%s:%d]\n", err ? err : "", ckchi->bind_conf->file, ckchi->bind_conf->line);
10503 errcode |= ERR_FATAL | ERR_ABORT;
10504 goto error;
10505 }
10506
10507
William Lallemandbeea2a42019-10-30 17:45:33 +010010508 if (new_ckchs->multi)
10509 errcode |= ckch_inst_new_load_multi_store(new_ckchs->path, new_ckchs, ckchi->bind_conf, ckchi->ssl_conf, NULL, 0, &new_inst, &err);
10510 else
10511 errcode |= ckch_inst_new_load_store(new_ckchs->path, new_ckchs, ckchi->bind_conf, ckchi->ssl_conf, NULL, 0, &new_inst, &err);
William Lallemand8f840d72019-10-23 10:53:05 +020010512
William Lallemandbeea2a42019-10-30 17:45:33 +010010513 if (errcode & ERR_CODE)
10514 goto error;
William Lallemand8f840d72019-10-23 10:53:05 +020010515
William Lallemand21724f02019-11-04 17:56:13 +010010516 /* if the previous ckchi was used as the default */
10517 if (ckchi->is_default)
10518 new_inst->is_default = 1;
10519
William Lallemand8ef0c2a2019-11-21 16:30:34 +010010520 /* we need to initialize the SSL_CTX generated */
10521 /* TODO: the prepare_ctx function need to be reworked to be safer there */
10522 list_for_each_entry_safe(sc0, sc0s, &ckchi->sni_ctx, by_ckch_inst) {
10523 if (!sc0->order) { /* we initiliazed only the first SSL_CTX because it's the same in the other sni_ctx's */
10524 errcode |= ssl_sock_prepare_ctx(ckchi->bind_conf, ckchi->ssl_conf, sc0->ctx, &err);
10525 if (errcode & ERR_CODE)
10526 goto error;
10527 }
10528 }
10529
10530
William Lallemandbeea2a42019-10-30 17:45:33 +010010531 /* display one dot per new instance */
10532 chunk_appendf(trash, ".");
10533 /* link the new ckch_inst to the duplicate */
10534 LIST_ADDQ(&new_ckchs->ckch_inst, &new_inst->by_ckchs);
10535 y++;
10536 }
William Lallemand430413e2019-10-28 14:30:47 +010010537 appctx->st2 = SETCERT_ST_INSERT;
10538 /* fallthrough */
10539 case SETCERT_ST_INSERT:
10540 /* The generation is finished, we can insert everything */
William Lallemand8f840d72019-10-23 10:53:05 +020010541
William Lallemandbeea2a42019-10-30 17:45:33 +010010542 old_ckchs = appctx->ctx.ssl.old_ckchs;
10543 new_ckchs = appctx->ctx.ssl.new_ckchs;
William Lallemand8f840d72019-10-23 10:53:05 +020010544
William Lallemandbeea2a42019-10-30 17:45:33 +010010545 if (!new_ckchs)
10546 continue;
William Lallemand430413e2019-10-28 14:30:47 +010010547
William Lallemand21724f02019-11-04 17:56:13 +010010548 /* First, we insert every new SNIs in the trees, also replace the default_ctx */
William Lallemandbeea2a42019-10-30 17:45:33 +010010549 list_for_each_entry_safe(ckchi, ckchis, &new_ckchs->ckch_inst, by_ckchs) {
10550 HA_RWLOCK_WRLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10551 ssl_sock_load_cert_sni(ckchi, ckchi->bind_conf);
10552 HA_RWLOCK_WRUNLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10553 }
William Lallemand8f840d72019-10-23 10:53:05 +020010554
William Lallemandbeea2a42019-10-30 17:45:33 +010010555 /* delete the old sni_ctx, the old ckch_insts and the ckch_store */
10556 list_for_each_entry_safe(ckchi, ckchis, &old_ckchs->ckch_inst, by_ckchs) {
William Lallemand430413e2019-10-28 14:30:47 +010010557
William Lallemandbeea2a42019-10-30 17:45:33 +010010558 HA_RWLOCK_WRLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10559 list_for_each_entry_safe(sc0, sc0s, &ckchi->sni_ctx, by_ckch_inst) {
10560 ebmb_delete(&sc0->name);
10561 LIST_DEL(&sc0->by_ckch_inst);
10562 free(sc0);
William Lallemand430413e2019-10-28 14:30:47 +010010563 }
William Lallemandbeea2a42019-10-30 17:45:33 +010010564 HA_RWLOCK_WRUNLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
10565 LIST_DEL(&ckchi->by_ckchs);
10566 free(ckchi);
10567 }
William Lallemand8f840d72019-10-23 10:53:05 +020010568
William Lallemandbeea2a42019-10-30 17:45:33 +010010569 /* Replace the old ckchs by the new one */
10570 ebmb_delete(&old_ckchs->node);
10571 ckchs_free(old_ckchs);
10572 ebst_insert(&ckchs_tree, &new_ckchs->node);
William Lallemand430413e2019-10-28 14:30:47 +010010573 appctx->st2 = SETCERT_ST_FIN;
10574 /* fallthrough */
10575 case SETCERT_ST_FIN:
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010576 /* we achieved the transaction, we can set everything to NULL */
10577 free(ckchs_transaction.path);
10578 ckchs_transaction.path = NULL;
10579 ckchs_transaction.new_ckchs = NULL;
10580 ckchs_transaction.old_ckchs = NULL;
William Lallemand430413e2019-10-28 14:30:47 +010010581 goto end;
10582 }
William Lallemand8f840d72019-10-23 10:53:05 +020010583 }
William Lallemand430413e2019-10-28 14:30:47 +010010584end:
William Lallemand8f840d72019-10-23 10:53:05 +020010585
William Lallemanded442432019-11-21 16:41:07 +010010586 chunk_appendf(trash, "\n");
10587 if (errcode & ERR_WARN)
Tim Duesterhusc0e820c2019-11-23 23:52:30 +010010588 chunk_appendf(trash, "%s", err);
William Lallemanded442432019-11-21 16:41:07 +010010589 chunk_appendf(trash, "Success!\n");
William Lallemand430413e2019-10-28 14:30:47 +010010590 if (ci_putchk(si_ic(si), trash) == -1)
10591 si_rx_room_blk(si);
10592 free_trash_chunk(trash);
10593 /* success: call the release function and don't come back */
10594 return 1;
William Lallemand8f840d72019-10-23 10:53:05 +020010595yield:
10596 /* store the state */
10597 if (ci_putchk(si_ic(si), trash) == -1)
10598 si_rx_room_blk(si);
10599 free_trash_chunk(trash);
10600 si_rx_endp_more(si); /* let's come back later */
William Lallemand8f840d72019-10-23 10:53:05 +020010601 return 0; /* should come back */
10602
10603error:
10604 /* spin unlock and free are done in the release function */
William Lallemand33cc76f2019-10-31 11:43:45 +010010605 if (trash) {
10606 chunk_appendf(trash, "\n%sFailed!\n", err);
10607 if (ci_putchk(si_ic(si), trash) == -1)
10608 si_rx_room_blk(si);
10609 free_trash_chunk(trash);
10610 }
William Lallemand430413e2019-10-28 14:30:47 +010010611 /* error: call the release function and don't come back */
10612 return 1;
William Lallemand8f840d72019-10-23 10:53:05 +020010613}
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010614
10615/*
10616 * Parsing function of 'commit ssl cert'
10617 */
10618static int cli_parse_commit_cert(char **args, char *payload, struct appctx *appctx, void *private)
10619{
10620 char *err = NULL;
10621
William Lallemand230662a2019-12-03 13:32:54 +010010622 if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
10623 return 1;
10624
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010625 if (!*args[3])
10626 return cli_err(appctx, "'commit ssl cert expects a filename\n");
10627
10628 /* The operations on the CKCH architecture are locked so we can
10629 * manipulate ckch_store and ckch_inst */
10630 if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
10631 return cli_err(appctx, "Can't commit the certificate!\nOperations on certificates are currently locked!\n");
10632
10633 if (!ckchs_transaction.path) {
10634 memprintf(&err, "No ongoing transaction! !\n");
10635 goto error;
10636 }
10637
10638 if (strcmp(ckchs_transaction.path, args[3]) != 0) {
10639 memprintf(&err, "The ongoing transaction is about '%s' but you are trying to set '%s'\n", ckchs_transaction.path, args[3]);
10640 goto error;
10641 }
10642
10643 /* init the appctx structure */
10644 appctx->st2 = SETCERT_ST_INIT;
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010645 appctx->ctx.ssl.next_ckchi = NULL;
10646 appctx->ctx.ssl.new_ckchs = ckchs_transaction.new_ckchs;
10647 appctx->ctx.ssl.old_ckchs = ckchs_transaction.old_ckchs;
10648
10649 /* we don't unlock there, it will be unlock after the IO handler, in the release handler */
10650 return 0;
10651
10652error:
10653
10654 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10655 err = memprintf(&err, "%sCan't commit %s!\n", err ? err : "", args[3]);
10656
10657 return cli_dynerr(appctx, err);
10658}
10659
10660
William Lallemand8f840d72019-10-23 10:53:05 +020010661/*
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010662 * Parsing function of `set ssl cert`, it updates or creates a temporary ckch.
William Lallemand8f840d72019-10-23 10:53:05 +020010663 */
William Lallemand150bfa82019-09-19 17:12:49 +020010664static int cli_parse_set_cert(char **args, char *payload, struct appctx *appctx, void *private)
10665{
William Lallemand0c3b7d92019-10-18 11:27:07 +020010666 struct ckch_store *new_ckchs = NULL;
William Lallemand8f840d72019-10-23 10:53:05 +020010667 struct ckch_store *old_ckchs = NULL;
William Lallemand150bfa82019-09-19 17:12:49 +020010668 char *err = NULL;
William Lallemand963b2e72019-10-14 11:38:36 +020010669 int i;
William Lallemand849eed62019-10-17 16:23:50 +020010670 int bundle = -1; /* TRUE if >= 0 (ckch index) */
Emeric Brunf69ed1d2019-10-17 11:56:56 +020010671 int errcode = 0;
William Lallemand44b35322019-10-17 16:28:40 +020010672 char *end;
10673 int type = CERT_TYPE_PEM;
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010674 struct cert_key_and_chain *ckch;
10675 struct buffer *buf;
William Lallemand8f840d72019-10-23 10:53:05 +020010676
William Lallemand230662a2019-12-03 13:32:54 +010010677 if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
10678 return 1;
10679
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010680 if ((buf = alloc_trash_chunk()) == NULL)
10681 return cli_err(appctx, "Can't allocate memory\n");
William Lallemand150bfa82019-09-19 17:12:49 +020010682
10683 if (!*args[3] || !payload)
10684 return cli_err(appctx, "'set ssl cert expects a filename and a certificat as a payload\n");
10685
10686 /* The operations on the CKCH architecture are locked so we can
10687 * manipulate ckch_store and ckch_inst */
10688 if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
10689 return cli_err(appctx, "Can't update the certificate!\nOperations on certificates are currently locked!\n");
10690
William Lallemand8f840d72019-10-23 10:53:05 +020010691 if (!chunk_strcpy(buf, args[3])) {
10692 memprintf(&err, "%sCan't allocate memory\n", err ? err : "");
10693 errcode |= ERR_ALERT | ERR_FATAL;
10694 goto end;
10695 }
10696
William Lallemand44b35322019-10-17 16:28:40 +020010697 /* check which type of file we want to update */
William Lallemandf29cdef2019-10-23 15:00:52 +020010698 for (i = 0; cert_exts[i].type < CERT_TYPE_MAX; i++) {
William Lallemand8f840d72019-10-23 10:53:05 +020010699 end = strrchr(buf->area, '.');
William Lallemand44b35322019-10-17 16:28:40 +020010700 if (end && *cert_exts[i].ext && (!strcmp(end + 1, cert_exts[i].ext))) {
10701 *end = '\0';
10702 type = cert_exts[i].type;
10703 break;
10704 }
10705 }
10706
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010707 appctx->ctx.ssl.old_ckchs = NULL;
10708 appctx->ctx.ssl.new_ckchs = NULL;
William Lallemand849eed62019-10-17 16:23:50 +020010709
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010710 /* if there is an ongoing transaction */
10711 if (ckchs_transaction.path) {
10712 /* if the ongoing transaction is a bundle, we need to find which part of the bundle need to be updated */
William Lallemand963b2e72019-10-14 11:38:36 +020010713#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010714 if (ckchs_transaction.new_ckchs->multi) {
Emmanuel Hocdet40f2f1e2019-10-30 17:31:28 +010010715 char *end;
William Lallemand963b2e72019-10-14 11:38:36 +020010716 int j;
William Lallemand150bfa82019-09-19 17:12:49 +020010717
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010718 /* check if it was used in a bundle by removing the
William Lallemand963b2e72019-10-14 11:38:36 +020010719 * .dsa/.rsa/.ecdsa at the end of the filename */
William Lallemand8f840d72019-10-23 10:53:05 +020010720 end = strrchr(buf->area, '.');
Emmanuel Hocdet40f2f1e2019-10-30 17:31:28 +010010721 for (j = 0; end && j < SSL_SOCK_NUM_KEYTYPES; j++) {
William Lallemand963b2e72019-10-14 11:38:36 +020010722 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
10723 bundle = j; /* keep the type of certificate so we insert it at the right place */
10724 *end = '\0'; /* it's a bundle let's end the string*/
10725 break;
10726 }
William Lallemand150bfa82019-09-19 17:12:49 +020010727 }
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010728 if (bundle < 0) {
10729 memprintf(&err, "The ongoing transaction is the '%s' bundle. You need to specify which part of the bundle you want to update ('%s.{rsa,ecdsa,dsa}')\n", ckchs_transaction.path, buf->area);
10730 errcode |= ERR_ALERT | ERR_FATAL;
10731 goto end;
10732 }
10733 }
10734#endif
10735
10736 /* if there is an ongoing transaction, check if this is the same file */
10737 if (strcmp(ckchs_transaction.path, buf->area) != 0) {
10738 memprintf(&err, "The ongoing transaction is about '%s' but you are trying to set '%s'\n", ckchs_transaction.path, buf->area);
10739 errcode |= ERR_ALERT | ERR_FATAL;
10740 goto end;
William Lallemand150bfa82019-09-19 17:12:49 +020010741 }
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010742
10743 appctx->ctx.ssl.old_ckchs = ckchs_transaction.new_ckchs;
10744
10745 } else {
10746 struct ckch_store *find_ckchs[2] = { NULL, NULL };
10747
10748 /* lookup for the certificate in the tree:
10749 * check if this is used as a bundle AND as a unique certificate */
10750 for (i = 0; i < 2; i++) {
10751
10752 if ((find_ckchs[i] = ckchs_lookup(buf->area)) != NULL) {
10753 /* only the bundle name is in the tree and you should
10754 * never update a bundle name, only a filename */
10755 if (bundle < 0 && find_ckchs[i]->multi) {
10756 /* we tried to look for a non-bundle and we found a bundle */
10757 memprintf(&err, "%s%s is a multi-cert bundle. Try updating %s.{dsa,rsa,ecdsa}\n",
10758 err ? err : "", args[3], args[3]);
10759 errcode |= ERR_ALERT | ERR_FATAL;
10760 goto end;
10761 }
William Lallemand3246d942019-11-04 14:02:11 +010010762 /* If we want a bundle but this is not a bundle
10763 * example: When you try to update <file>.rsa, but
10764 * <file> is a regular file */
10765 if (bundle >= 0 && find_ckchs[i]->multi == 0) {
10766 find_ckchs[i] = NULL;
10767 break;
10768 }
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010769 }
10770#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
10771 {
Emmanuel Hocdet40f2f1e2019-10-30 17:31:28 +010010772 char *end;
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010773 int j;
10774
10775 /* check if it was used in a bundle by removing the
10776 * .dsa/.rsa/.ecdsa at the end of the filename */
10777 end = strrchr(buf->area, '.');
Emmanuel Hocdet40f2f1e2019-10-30 17:31:28 +010010778 for (j = 0; end && j < SSL_SOCK_NUM_KEYTYPES; j++) {
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010779 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
10780 bundle = j; /* keep the type of certificate so we insert it at the right place */
10781 *end = '\0'; /* it's a bundle let's end the string*/
10782 break;
10783 }
10784 }
William Lallemand37031b82019-11-04 13:38:53 +010010785 if (bundle < 0) /* we didn't find a bundle extension */
10786 break;
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010787 }
William Lallemand963b2e72019-10-14 11:38:36 +020010788#else
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010789 /* bundles are not supported here, so we don't need to lookup again */
10790 break;
William Lallemand963b2e72019-10-14 11:38:36 +020010791#endif
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010792 }
10793
10794 if (find_ckchs[0] && find_ckchs[1]) {
10795 memprintf(&err, "%sUpdating a certificate which is used in the HAProxy configuration as a bundle and as a unique certificate is not supported. ('%s' and '%s')\n",
10796 err ? err : "", find_ckchs[0]->path, find_ckchs[1]->path);
10797 errcode |= ERR_ALERT | ERR_FATAL;
10798 goto end;
10799 }
10800
10801 appctx->ctx.ssl.old_ckchs = find_ckchs[0] ? find_ckchs[0] : find_ckchs[1];
William Lallemand150bfa82019-09-19 17:12:49 +020010802 }
10803
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010804 if (!appctx->ctx.ssl.old_ckchs) {
10805 memprintf(&err, "%sCan't replace a certificate which is not referenced by the configuration!\n",
William Lallemand150bfa82019-09-19 17:12:49 +020010806 err ? err : "");
Emeric Brunf69ed1d2019-10-17 11:56:56 +020010807 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand8f840d72019-10-23 10:53:05 +020010808 goto end;
William Lallemand150bfa82019-09-19 17:12:49 +020010809 }
10810
William Lallemand8a7fdf02019-11-04 10:59:32 +010010811 if (!appctx->ctx.ssl.path) {
10812 /* this is a new transaction, set the path of the transaction */
10813 appctx->ctx.ssl.path = strdup(appctx->ctx.ssl.old_ckchs->path);
10814 if (!appctx->ctx.ssl.path) {
10815 memprintf(&err, "%sCan't allocate memory\n", err ? err : "");
10816 errcode |= ERR_ALERT | ERR_FATAL;
10817 goto end;
10818 }
10819 }
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010820
10821 old_ckchs = appctx->ctx.ssl.old_ckchs;
10822
10823 /* TODO: handle filters */
10824 if (old_ckchs->filters) {
10825 memprintf(&err, "%sCertificates used in crt-list with filters are not supported!\n",
10826 err ? err : "");
10827 errcode |= ERR_ALERT | ERR_FATAL;
10828 goto end;
10829 }
10830
10831 /* duplicate the ckch store */
10832 new_ckchs = ckchs_dup(old_ckchs);
10833 if (!new_ckchs) {
10834 memprintf(&err, "%sCannot allocate memory!\n",
10835 err ? err : "");
10836 errcode |= ERR_ALERT | ERR_FATAL;
10837 goto end;
10838 }
10839
10840 if (!new_ckchs->multi)
10841 ckch = new_ckchs->ckch;
10842 else
10843 ckch = &new_ckchs->ckch[bundle];
10844
10845 /* appply the change on the duplicate */
10846 if (cert_exts[type].load(buf->area, payload, ckch, &err) != 0) {
10847 memprintf(&err, "%sCan't load the payload\n", err ? err : "");
10848 errcode |= ERR_ALERT | ERR_FATAL;
10849 goto end;
10850 }
10851
10852 appctx->ctx.ssl.new_ckchs = new_ckchs;
10853
10854 /* we succeed, we can save the ckchs in the transaction */
10855
10856 /* if there wasn't a transaction, update the old ckchs */
William Dauchyc8bb1532019-11-24 15:04:20 +010010857 if (!ckchs_transaction.old_ckchs) {
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010858 ckchs_transaction.old_ckchs = appctx->ctx.ssl.old_ckchs;
10859 ckchs_transaction.path = appctx->ctx.ssl.path;
10860 err = memprintf(&err, "Transaction created for certificate %s!\n", ckchs_transaction.path);
10861 } else {
10862 err = memprintf(&err, "Transaction updated for certificate %s!\n", ckchs_transaction.path);
10863
10864 }
10865
10866 /* free the previous ckchs if there was a transaction */
10867 ckchs_free(ckchs_transaction.new_ckchs);
10868
10869 ckchs_transaction.new_ckchs = appctx->ctx.ssl.new_ckchs;
10870
10871
William Lallemand8f840d72019-10-23 10:53:05 +020010872 /* creates the SNI ctxs later in the IO handler */
William Lallemand150bfa82019-09-19 17:12:49 +020010873
William Lallemand8f840d72019-10-23 10:53:05 +020010874end:
10875 free_trash_chunk(buf);
William Lallemand150bfa82019-09-19 17:12:49 +020010876
Emeric Brunf69ed1d2019-10-17 11:56:56 +020010877 if (errcode & ERR_CODE) {
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010878
10879 ckchs_free(appctx->ctx.ssl.new_ckchs);
10880 appctx->ctx.ssl.new_ckchs = NULL;
10881
10882 appctx->ctx.ssl.old_ckchs = NULL;
10883
10884 free(appctx->ctx.ssl.path);
10885 appctx->ctx.ssl.path = NULL;
10886
10887 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
William Lallemand44b35322019-10-17 16:28:40 +020010888 return cli_dynerr(appctx, memprintf(&err, "%sCan't update %s!\n", err ? err : "", args[3]));
William Lallemand430413e2019-10-28 14:30:47 +010010889 } else {
William Lallemandbc6ca7c2019-10-29 23:48:19 +010010890
10891 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10892 return cli_dynmsg(appctx, LOG_NOTICE, err);
William Lallemand430413e2019-10-28 14:30:47 +010010893 }
William Lallemand8f840d72019-10-23 10:53:05 +020010894 /* TODO: handle the ERR_WARN which are not handled because of the io_handler */
William Lallemand150bfa82019-09-19 17:12:49 +020010895}
10896
William Lallemand0bc9c8a2019-11-19 15:51:51 +010010897/* parsing function of 'abort ssl cert' */
10898static int cli_parse_abort_cert(char **args, char *payload, struct appctx *appctx, void *private)
10899{
10900 char *err = NULL;
10901
William Lallemand230662a2019-12-03 13:32:54 +010010902 if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
10903 return 1;
10904
William Lallemand0bc9c8a2019-11-19 15:51:51 +010010905 if (!*args[3])
10906 return cli_err(appctx, "'abort ssl cert' expects a filename\n");
10907
10908 /* The operations on the CKCH architecture are locked so we can
10909 * manipulate ckch_store and ckch_inst */
10910 if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
10911 return cli_err(appctx, "Can't abort!\nOperations on certificates are currently locked!\n");
10912
10913 if (!ckchs_transaction.path) {
10914 memprintf(&err, "No ongoing transaction!\n");
10915 goto error;
10916 }
10917
10918 if (strcmp(ckchs_transaction.path, args[3]) != 0) {
10919 memprintf(&err, "The ongoing transaction is about '%s' but you are trying to abort a transaction for '%s'\n", ckchs_transaction.path, args[3]);
10920 goto error;
10921 }
10922
10923 /* Only free the ckchs there, because the SNI and instances were not generated yet */
10924 ckchs_free(ckchs_transaction.new_ckchs);
10925 ckchs_transaction.new_ckchs = NULL;
10926 ckchs_free(ckchs_transaction.old_ckchs);
10927 ckchs_transaction.old_ckchs = NULL;
10928 free(ckchs_transaction.path);
10929 ckchs_transaction.path = NULL;
10930
10931 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10932
10933 err = memprintf(&err, "Transaction aborted for certificate '%s'!\n", args[3]);
10934 return cli_dynmsg(appctx, LOG_NOTICE, err);
10935
10936error:
10937 HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
10938
10939 return cli_dynerr(appctx, err);
10940}
10941
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +020010942static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +020010943{
10944#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
10945 char *err = NULL;
Willy Tarreau1c913e42018-08-22 05:26:57 +020010946 int i, j, ret;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +020010947
10948 if (!payload)
10949 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +020010950
10951 /* Expect one parameter: the new response in base64 encoding */
Willy Tarreau9d008692019-08-09 11:21:01 +020010952 if (!*payload)
10953 return cli_err(appctx, "'set ssl ocsp-response' expects response in base64 encoding.\n");
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +020010954
10955 /* remove \r and \n from the payload */
10956 for (i = 0, j = 0; payload[i]; i++) {
10957 if (payload[i] == '\r' || payload[i] == '\n')
10958 continue;
10959 payload[j++] = payload[i];
10960 }
10961 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +020010962
Willy Tarreau1c913e42018-08-22 05:26:57 +020010963 ret = base64dec(payload, j, trash.area, trash.size);
Willy Tarreau9d008692019-08-09 11:21:01 +020010964 if (ret < 0)
10965 return cli_err(appctx, "'set ssl ocsp-response' received invalid base64 encoded response.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010966
Willy Tarreau1c913e42018-08-22 05:26:57 +020010967 trash.data = ret;
William Lallemand32af2032016-10-29 18:09:35 +020010968 if (ssl_sock_update_ocsp_response(&trash, &err)) {
Willy Tarreau9d008692019-08-09 11:21:01 +020010969 if (err)
10970 return cli_dynerr(appctx, memprintf(&err, "%s.\n", err));
10971 else
10972 return cli_err(appctx, "Failed to update OCSP response.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010973 }
Willy Tarreau9d008692019-08-09 11:21:01 +020010974
10975 return cli_msg(appctx, LOG_INFO, "OCSP Response updated!\n");
William Lallemand32af2032016-10-29 18:09:35 +020010976#else
Willy Tarreau9d008692019-08-09 11:21:01 +020010977 return cli_err(appctx, "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n");
William Lallemand32af2032016-10-29 18:09:35 +020010978#endif
10979
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010980}
10981
Willy Tarreau86a394e2019-05-09 14:15:32 +020010982#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010983static inline int sample_conv_var2smp_str(const struct arg *arg, struct sample *smp)
10984{
10985 switch (arg->type) {
10986 case ARGT_STR:
10987 smp->data.type = SMP_T_STR;
10988 smp->data.u.str = arg->data.str;
10989 return 1;
10990 case ARGT_VAR:
10991 if (!vars_get_by_desc(&arg->data.var, smp))
10992 return 0;
10993 if (!sample_casts[smp->data.type][SMP_T_STR])
10994 return 0;
10995 if (!sample_casts[smp->data.type][SMP_T_STR](smp))
10996 return 0;
10997 return 1;
10998 default:
10999 return 0;
11000 }
11001}
11002
11003static int check_aes_gcm(struct arg *args, struct sample_conv *conv,
11004 const char *file, int line, char **err)
11005{
11006 switch(args[0].data.sint) {
11007 case 128:
11008 case 192:
11009 case 256:
11010 break;
11011 default:
11012 memprintf(err, "key size must be 128, 192 or 256 (bits).");
11013 return 0;
11014 }
11015 /* Try to decode a variable. */
11016 vars_check_arg(&args[1], NULL);
11017 vars_check_arg(&args[2], NULL);
11018 vars_check_arg(&args[3], NULL);
11019 return 1;
11020}
11021
11022/* Arguements: AES size in bits, nonce, key, tag. The last three arguments are base64 encoded */
11023static int sample_conv_aes_gcm_dec(const struct arg *arg_p, struct sample *smp, void *private)
11024{
11025 struct sample nonce, key, aead_tag;
11026 struct buffer *smp_trash, *smp_trash_alloc;
11027 EVP_CIPHER_CTX *ctx;
11028 int dec_size, ret;
11029
11030 smp_set_owner(&nonce, smp->px, smp->sess, smp->strm, smp->opt);
11031 if (!sample_conv_var2smp_str(&arg_p[1], &nonce))
11032 return 0;
11033
11034 smp_set_owner(&key, smp->px, smp->sess, smp->strm, smp->opt);
11035 if (!sample_conv_var2smp_str(&arg_p[2], &key))
11036 return 0;
11037
11038 smp_set_owner(&aead_tag, smp->px, smp->sess, smp->strm, smp->opt);
11039 if (!sample_conv_var2smp_str(&arg_p[3], &aead_tag))
11040 return 0;
11041
11042 smp_trash = get_trash_chunk();
11043 smp_trash_alloc = alloc_trash_chunk();
11044 if (!smp_trash_alloc)
11045 return 0;
11046
11047 ctx = EVP_CIPHER_CTX_new();
11048
11049 if (!ctx)
11050 goto err;
11051
11052 dec_size = base64dec(nonce.data.u.str.area, nonce.data.u.str.data, smp_trash->area, smp_trash->size);
11053 if (dec_size < 0)
11054 goto err;
11055 smp_trash->data = dec_size;
11056
11057 /* Set cipher type and mode */
11058 switch(arg_p[0].data.sint) {
11059 case 128:
11060 EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
11061 break;
11062 case 192:
11063 EVP_DecryptInit_ex(ctx, EVP_aes_192_gcm(), NULL, NULL, NULL);
11064 break;
11065 case 256:
11066 EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
11067 break;
11068 }
11069
11070 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, smp_trash->data, NULL);
11071
11072 /* Initialise IV */
11073 if(!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, (unsigned char *) smp_trash->area))
11074 goto err;
11075
11076 dec_size = base64dec(key.data.u.str.area, key.data.u.str.data, smp_trash->area, smp_trash->size);
11077 if (dec_size < 0)
11078 goto err;
11079 smp_trash->data = dec_size;
11080
11081 /* Initialise key */
11082 if (!EVP_DecryptInit_ex(ctx, NULL, NULL, (unsigned char *) smp_trash->area, NULL))
11083 goto err;
11084
11085 if (!EVP_DecryptUpdate(ctx, (unsigned char *) smp_trash->area, (int *) &smp_trash->data,
11086 (unsigned char *) smp->data.u.str.area, (int) smp->data.u.str.data))
11087 goto err;
11088
11089 dec_size = base64dec(aead_tag.data.u.str.area, aead_tag.data.u.str.data, smp_trash_alloc->area, smp_trash_alloc->size);
11090 if (dec_size < 0)
11091 goto err;
11092 smp_trash_alloc->data = dec_size;
11093 dec_size = smp_trash->data;
11094
11095 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, smp_trash_alloc->data, (void *) smp_trash_alloc->area);
11096 ret = EVP_DecryptFinal_ex(ctx, (unsigned char *) smp_trash->area + smp_trash->data, (int *) &smp_trash->data);
11097
11098 if (ret <= 0)
11099 goto err;
11100
11101 smp->data.u.str.data = dec_size + smp_trash->data;
11102 smp->data.u.str.area = smp_trash->area;
11103 smp->data.type = SMP_T_BIN;
11104 smp->flags &= ~SMP_F_CONST;
11105 free_trash_chunk(smp_trash_alloc);
11106 return 1;
11107
11108err:
11109 free_trash_chunk(smp_trash_alloc);
11110 return 0;
William Lallemand32af2032016-10-29 18:09:35 +020011111}
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010011112# endif
William Lallemand32af2032016-10-29 18:09:35 +020011113
11114/* register cli keywords */
11115static struct cli_kw_list cli_kws = {{ },{
11116#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
11117 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +020011118 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +020011119#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +010011120 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemandbc6ca7c2019-10-29 23:48:19 +010011121 { { "set", "ssl", "cert", NULL }, "set ssl cert <certfile> <payload> : replace a certificate file", cli_parse_set_cert, NULL, NULL },
11122 { { "commit", "ssl", "cert", NULL }, "commit ssl cert <certfile> : commit a certificate file", cli_parse_commit_cert, cli_io_handler_commit_cert, cli_release_commit_cert },
William Lallemand0bc9c8a2019-11-19 15:51:51 +010011123 { { "abort", "ssl", "cert", NULL }, "abort ssl cert <certfile> : abort a transaction for a certificate file", cli_parse_abort_cert, NULL, NULL },
William Lallemandd4f946c2019-12-05 10:26:40 +010011124 { { "show", "ssl", "cert", NULL }, "show ssl cert [<certfile>] : display the SSL certificates used in memory, or the details of a <certfile>", cli_parse_show_cert, cli_io_handler_show_cert, cli_release_show_cert },
William Lallemand32af2032016-10-29 18:09:35 +020011125 { { NULL }, NULL, NULL, NULL }
11126}};
11127
Willy Tarreau0108d902018-11-25 19:14:37 +010011128INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);
William Lallemand32af2032016-10-29 18:09:35 +020011129
Willy Tarreau7875d092012-09-10 08:20:03 +020011130/* Note: must not be declared <const> as its list will be overwritten.
11131 * Please take care of keeping this list alphabetically sorted.
11132 */
Willy Tarreaudc13c112013-06-21 23:16:39 +020011133static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +020011134 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020011135 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +010011136#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Jérôme Magnine064a802018-12-03 22:21:04 +010011137 { "ssl_bc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +010011138#endif
Emeric Brun645ae792014-04-30 14:21:06 +020011139 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +010011140#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
11141 { "ssl_bc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
11142#endif
Emeric Brun74f7ffa2018-02-19 16:14:12 +010011143 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +020011144 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +020011145 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020011146 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Willy Tarreau9a1ab082019-05-09 13:26:41 +020011147#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +020011148 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -040011149#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +020011150#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -040011151 { "ssl_bc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
11152 { "ssl_bc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmere0275472018-04-28 19:15:51 -040011153 { "ssl_bc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
11154#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020011155 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
11156 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +010011157 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020011158 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +020011159 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
11160 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11161 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11162 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11163 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11164 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
11165 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
11166 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010011167 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020011168 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
11169 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +010011170 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +020011171 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
11172 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11173 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11174 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11175 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11176 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
11177 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +020011178 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020011179 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010011180 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020011181 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011182 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010011183 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +020011184 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +010011185 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +020011186 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Bernard Spil13c53f82018-02-15 13:34:58 +010011187#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011188 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +020011189#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +010011190#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011191 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +020011192#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011193 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +020011194#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brunb73a9b02014-04-30 18:49:19 +020011195 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -040011196#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +020011197 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +020011198#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011199 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -040011200#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +020011201#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -040011202 { "ssl_fc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
11203 { "ssl_fc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmere0275472018-04-28 19:15:51 -040011204 { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
11205#endif
Patrick Hemmer41966772018-04-28 19:15:48 -040011206#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +010011207 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -040011208#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +010011209 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11210 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
11211 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
11212 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +020011213 { NULL, NULL, 0, 0, 0 },
11214}};
11215
Willy Tarreau0108d902018-11-25 19:14:37 +010011216INITCALL1(STG_REGISTER, sample_register_fetches, &sample_fetch_keywords);
11217
Willy Tarreau7875d092012-09-10 08:20:03 +020011218/* Note: must not be declared <const> as its list will be overwritten.
11219 * Please take care of keeping this list alphabetically sorted.
11220 */
Willy Tarreaudc13c112013-06-21 23:16:39 +020011221static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +010011222 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
11223 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +010011224 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +020011225}};
11226
Willy Tarreau0108d902018-11-25 19:14:37 +010011227INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
11228
Willy Tarreau79eeafa2012-09-14 07:53:05 +020011229/* Note: must not be declared <const> as its list will be overwritten.
11230 * Please take care of keeping this list alphabetically sorted, doing so helps
11231 * all code contributors.
11232 * Optional keywords are also declared with a NULL ->parse() function so that
11233 * the config parser can report an appropriate error when a known keyword was
11234 * not enabled.
11235 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010011236static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +020011237 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010011238 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
11239 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
11240 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +020011241#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020011242 { "ciphersuites", ssl_bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
11243#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +010011244 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +010011245 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010011246 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +020011247 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010011248 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +020011249 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
11250 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +010011251 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
11252 { NULL, NULL, 0 },
11253};
11254
Willy Tarreau0108d902018-11-25 19:14:37 +010011255/* no initcall for ssl_bind_kws, these ones are parsed in the parser loop */
11256
Willy Tarreau51fb7652012-09-18 18:24:39 +020011257static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +020011258 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020011259 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
11260 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
11261 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
11262 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
11263 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
11264 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +020011265#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020011266 { "ciphersuites", bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
11267#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020011268 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
11269 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
11270 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
11271 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
11272 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
11273 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
11274 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
11275 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
11276 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
11277 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +020011278 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020011279 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +020011280 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020011281 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
11282 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
11283 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
11284 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +020011285 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020011286 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
11287 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020011288 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
11289 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +020011290 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
11291 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
11292 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
11293 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
11294 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +020011295 { NULL, NULL, 0 },
11296}};
Emeric Brun46591952012-05-18 15:47:34 +020011297
Willy Tarreau0108d902018-11-25 19:14:37 +010011298INITCALL1(STG_REGISTER, bind_register_keywords, &bind_kws);
11299
Willy Tarreau92faadf2012-10-10 23:04:25 +020011300/* Note: must not be declared <const> as its list will be overwritten.
11301 * Please take care of keeping this list alphabetically sorted, doing so helps
11302 * all code contributors.
11303 * Optional keywords are also declared with a NULL ->parse() function so that
11304 * the config parser can report an appropriate error when a known keyword was
11305 * not enabled.
11306 */
11307static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +010011308 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Olivier Houchardc7566002018-11-20 23:33:50 +010011309 { "alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020011310 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard92150142018-12-21 19:47:01 +010011311 { "check-alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN used for checks */
Olivier Houchard9130a962017-10-17 17:33:43 +020011312 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020011313 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
11314 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +020011315#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020011316 { "ciphersuites", srv_parse_ciphersuites, 1, 1 }, /* select the cipher suite */
11317#endif
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020011318 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
11319 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
11320 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
11321 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
11322 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
11323 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
11324 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
11325 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
11326 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
11327 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
11328 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
11329 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
11330 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
11331 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
11332 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
11333 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
11334 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
11335 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
Olivier Houchardc7566002018-11-20 23:33:50 +010011336 { "npn", srv_parse_npn, 1, 1 }, /* Set NPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020011337 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
11338 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
11339 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
11340 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
11341 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
11342 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
11343 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
11344 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
11345 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
11346 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +020011347 { NULL, NULL, 0, 0 },
11348}};
11349
Willy Tarreau0108d902018-11-25 19:14:37 +010011350INITCALL1(STG_REGISTER, srv_register_keywords, &srv_kws);
11351
Emeric Brun2c86cbf2014-10-30 15:56:50 +010011352static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +010011353 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
11354 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +010011355 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +010011356 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
11357 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +010011358#ifndef OPENSSL_NO_DH
11359 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
11360#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000011361 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011362#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000011363 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011364#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +010011365 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
11366#ifndef OPENSSL_NO_DH
11367 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
11368#endif
11369 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
11370 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
11371 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
11372 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +010011373 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +010011374 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
11375 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Emmanuel Hocdet839af572019-05-14 16:27:35 +020011376#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020011377 { CFG_GLOBAL, "ssl-default-bind-ciphersuites", ssl_parse_global_ciphersuites },
11378 { CFG_GLOBAL, "ssl-default-server-ciphersuites", ssl_parse_global_ciphersuites },
11379#endif
Emeric Brun2c86cbf2014-10-30 15:56:50 +010011380 { 0, NULL, NULL },
11381}};
11382
Willy Tarreau0108d902018-11-25 19:14:37 +010011383INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws);
11384
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010011385/* Note: must not be declared <const> as its list will be overwritten */
11386static struct sample_conv_kw_list conv_kws = {ILH, {
Willy Tarreau86a394e2019-05-09 14:15:32 +020011387#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010011388 { "aes_gcm_dec", sample_conv_aes_gcm_dec, ARG4(4,SINT,STR,STR,STR), check_aes_gcm, SMP_T_BIN, SMP_T_BIN },
11389#endif
11390 { NULL, NULL, 0, 0, 0 },
11391}};
11392
11393INITCALL1(STG_REGISTER, sample_register_convs, &conv_kws);
11394
Willy Tarreauf7bc57c2012-10-03 00:19:48 +020011395/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +010011396static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +020011397 .snd_buf = ssl_sock_from_buf,
11398 .rcv_buf = ssl_sock_to_buf,
Olivier Houcharddf357842019-03-21 16:30:07 +010011399 .subscribe = ssl_subscribe,
11400 .unsubscribe = ssl_unsubscribe,
Olivier Houchard5149b592019-05-23 17:47:36 +020011401 .remove_xprt = ssl_remove_xprt,
Olivier Houchard2e055482019-05-27 19:50:12 +020011402 .add_xprt = ssl_add_xprt,
Emeric Brun46591952012-05-18 15:47:34 +020011403 .rcv_pipe = NULL,
11404 .snd_pipe = NULL,
11405 .shutr = NULL,
11406 .shutw = ssl_sock_shutw,
11407 .close = ssl_sock_close,
11408 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +010011409 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +010011410 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +010011411 .prepare_srv = ssl_sock_prepare_srv_ctx,
11412 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +010011413 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +010011414 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +020011415};
11416
Olivier Houchardccaa7de2017-10-02 11:51:03 +020011417enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
11418 struct session *sess, struct stream *s, int flags)
11419{
11420 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +010011421 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +020011422
11423 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +010011424 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +020011425
Olivier Houchard6fa63d92017-11-27 18:41:32 +010011426 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +020011427 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +010011428 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +020011429 s->req.flags |= CF_READ_NULL;
11430 return ACT_RET_YIELD;
11431 }
11432 }
11433 return (ACT_RET_CONT);
11434}
11435
11436static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
11437{
11438 rule->action_ptr = ssl_action_wait_for_hs;
11439
11440 return ACT_RET_PRS_OK;
11441}
11442
11443static struct action_kw_list http_req_actions = {ILH, {
11444 { "wait-for-handshake", ssl_parse_wait_for_hs },
11445 { /* END */ }
11446}};
11447
Willy Tarreau0108d902018-11-25 19:14:37 +010011448INITCALL1(STG_REGISTER, http_req_keywords_register, &http_req_actions);
11449
Willy Tarreau5db847a2019-05-09 14:13:35 +020011450#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010011451
11452static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
11453{
11454 if (ptr) {
11455 chunk_destroy(ptr);
11456 free(ptr);
11457 }
11458}
11459
11460#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +010011461static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
11462{
Willy Tarreaubafbe012017-11-24 17:34:44 +010011463 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +010011464}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010011465
Emeric Brun46591952012-05-18 15:47:34 +020011466__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +020011467static void __ssl_sock_init(void)
11468{
Ilya Shipitsin0590f442019-05-25 19:30:50 +050011469#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +020011470 STACK_OF(SSL_COMP)* cm;
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050011471 int n;
Ilya Shipitsin0590f442019-05-25 19:30:50 +050011472#endif
Emeric Brun46591952012-05-18 15:47:34 +020011473
Willy Tarreauef934602016-12-22 23:12:01 +010011474 if (global_ssl.listen_default_ciphers)
11475 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
11476 if (global_ssl.connect_default_ciphers)
11477 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +020011478#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020011479 if (global_ssl.listen_default_ciphersuites)
11480 global_ssl.listen_default_ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
11481 if (global_ssl.connect_default_ciphersuites)
11482 global_ssl.connect_default_ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
11483#endif
Willy Tarreau610f04b2014-02-13 11:36:41 +010011484
Willy Tarreau13e14102016-12-22 20:25:26 +010011485 xprt_register(XPRT_SSL, &ssl_sock);
Willy Tarreau9a1ab082019-05-09 13:26:41 +020011486#if HA_OPENSSL_VERSION_NUMBER < 0x10100000L
Emeric Brun46591952012-05-18 15:47:34 +020011487 SSL_library_init();
Rosen Penev68185952018-12-14 08:47:02 -080011488#endif
Ilya Shipitsin0590f442019-05-25 19:30:50 +050011489#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +020011490 cm = SSL_COMP_get_compression_methods();
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050011491 n = sk_SSL_COMP_num(cm);
11492 while (n--) {
11493 (void) sk_SSL_COMP_pop(cm);
11494 }
Ilya Shipitsin0590f442019-05-25 19:30:50 +050011495#endif
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050011496
Willy Tarreau5db847a2019-05-09 14:13:35 +020011497#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Emeric Brun821bb9b2017-06-15 16:37:39 +020011498 ssl_locking_init();
11499#endif
Willy Tarreau5db847a2019-05-09 14:13:35 +020011500#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010011501 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
11502#endif
Thierry FOURNIER28962c92018-06-17 21:37:05 +020011503 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +020011504 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011505#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000011506 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000011507 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011508#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +010011509#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
11510 hap_register_post_check(tlskeys_finalize_config);
11511#endif
Willy Tarreau80713382018-11-26 10:19:54 +010011512
11513 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
11514 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
11515
11516#ifndef OPENSSL_NO_DH
11517 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
11518 hap_register_post_deinit(ssl_free_dh);
11519#endif
11520#ifndef OPENSSL_NO_ENGINE
11521 hap_register_post_deinit(ssl_free_engines);
11522#endif
11523 /* Load SSL string for the verbose & debug mode. */
11524 ERR_load_SSL_strings();
Olivier Houcharda8955d52019-04-07 22:00:38 +020011525 ha_meth = BIO_meth_new(0x666, "ha methods");
11526 BIO_meth_set_write(ha_meth, ha_ssl_write);
11527 BIO_meth_set_read(ha_meth, ha_ssl_read);
11528 BIO_meth_set_ctrl(ha_meth, ha_ssl_ctrl);
11529 BIO_meth_set_create(ha_meth, ha_ssl_new);
11530 BIO_meth_set_destroy(ha_meth, ha_ssl_free);
11531 BIO_meth_set_puts(ha_meth, ha_ssl_puts);
11532 BIO_meth_set_gets(ha_meth, ha_ssl_gets);
William Lallemand150bfa82019-09-19 17:12:49 +020011533
11534 HA_SPIN_INIT(&ckch_lock);
Willy Tarreau80713382018-11-26 10:19:54 +010011535}
Willy Tarreaud92aa5c2015-01-15 21:34:39 +010011536
Willy Tarreau80713382018-11-26 10:19:54 +010011537/* Compute and register the version string */
11538static void ssl_register_build_options()
11539{
11540 char *ptr = NULL;
11541 int i;
11542
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011543 memprintf(&ptr, "Built with OpenSSL version : "
11544#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010011545 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011546#else /* OPENSSL_IS_BORINGSSL */
11547 OPENSSL_VERSION_TEXT
11548 "\nRunning on OpenSSL version : %s%s",
Rosen Penev68185952018-12-14 08:47:02 -080011549 OpenSSL_version(OPENSSL_VERSION),
Willy Tarreau1d158ab2019-05-09 13:41:45 +020011550 ((OPENSSL_VERSION_NUMBER ^ OpenSSL_version_num()) >> 8) ? " (VERSIONS DIFFER!)" : "");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011551#endif
11552 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
Willy Tarreau9a1ab082019-05-09 13:26:41 +020011553#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011554 "no (library version too old)"
11555#elif defined(OPENSSL_NO_TLSEXT)
11556 "no (disabled via OPENSSL_NO_TLSEXT)"
11557#else
11558 "yes"
11559#endif
11560 "", ptr);
11561
11562 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
11563#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
11564 "yes"
11565#else
11566#ifdef OPENSSL_NO_TLSEXT
11567 "no (because of OPENSSL_NO_TLSEXT)"
11568#else
11569 "no (version might be too old, 0.9.8f min needed)"
11570#endif
11571#endif
11572 "", ptr);
11573
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +020011574 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
11575 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
11576 if (methodVersions[i].option)
11577 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010011578
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011579 hap_register_build_opts(ptr, 1);
Willy Tarreau80713382018-11-26 10:19:54 +010011580}
Willy Tarreauc2c0b612016-12-21 19:23:20 +010011581
Willy Tarreau80713382018-11-26 10:19:54 +010011582INITCALL0(STG_REGISTER, ssl_register_build_options);
Remi Gacogne4f902b82015-05-28 16:23:00 +020011583
Emeric Brun46591952012-05-18 15:47:34 +020011584
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011585#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000011586void ssl_free_engines(void) {
11587 struct ssl_engine_list *wl, *wlb;
11588 /* free up engine list */
11589 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
11590 ENGINE_finish(wl->e);
11591 ENGINE_free(wl->e);
11592 LIST_DEL(&wl->list);
11593 free(wl);
11594 }
11595}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020011596#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +020011597
Remi Gacogned3a23c32015-05-28 16:39:47 +020011598#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +000011599void ssl_free_dh(void) {
11600 if (local_dh_1024) {
11601 DH_free(local_dh_1024);
11602 local_dh_1024 = NULL;
11603 }
11604 if (local_dh_2048) {
11605 DH_free(local_dh_2048);
11606 local_dh_2048 = NULL;
11607 }
11608 if (local_dh_4096) {
11609 DH_free(local_dh_4096);
11610 local_dh_4096 = NULL;
11611 }
Remi Gacogne47783ef2015-05-29 15:53:22 +020011612 if (global_dh) {
11613 DH_free(global_dh);
11614 global_dh = NULL;
11615 }
Grant Zhang872f9c22017-01-21 01:10:18 +000011616}
11617#endif
11618
11619__attribute__((destructor))
11620static void __ssl_sock_deinit(void)
11621{
11622#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +020011623 if (ssl_ctx_lru_tree) {
11624 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +010011625 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +020011626 }
Remi Gacogned3a23c32015-05-28 16:39:47 +020011627#endif
11628
Willy Tarreau5db847a2019-05-09 14:13:35 +020011629#if (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020011630 ERR_remove_state(0);
11631 ERR_free_strings();
11632
11633 EVP_cleanup();
Rosen Penev68185952018-12-14 08:47:02 -080011634#endif
Remi Gacogned3a23c32015-05-28 16:39:47 +020011635
Willy Tarreau5db847a2019-05-09 14:13:35 +020011636#if (HA_OPENSSL_VERSION_NUMBER >= 0x00907000L) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020011637 CRYPTO_cleanup_all_ex_data();
11638#endif
Olivier Houcharda8955d52019-04-07 22:00:38 +020011639 BIO_meth_free(ha_meth);
Remi Gacogned3a23c32015-05-28 16:39:47 +020011640}
11641
11642
Emeric Brun46591952012-05-18 15:47:34 +020011643/*
11644 * Local variables:
11645 * c-indent-level: 8
11646 * c-basic-offset: 8
11647 * End:
11648 */