blob: 97a1b781b329c3452e2a517476cc40737e2b0377 [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
Willy Tarreau8d164dc2019-05-10 09:35:00 +020026/* Note: do NOT include openssl/xxx.h here, do it in openssl-compat.h */
Emeric Brun46591952012-05-18 15:47:34 +020027#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020028#include <ctype.h>
29#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020030#include <errno.h>
31#include <fcntl.h>
32#include <stdio.h>
33#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020034#include <string.h>
35#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020036
37#include <sys/socket.h>
38#include <sys/stat.h>
39#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020040#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020041#include <netinet/tcp.h>
42
Christopher Faulet31af49d2015-06-09 17:29:50 +020043#include <import/lru.h>
44#include <import/xxhash.h>
45
Emeric Brun46591952012-05-18 15:47:34 +020046#include <common/buffer.h>
Willy Tarreau843b7cb2018-07-13 10:54:26 +020047#include <common/chunk.h>
Emeric Brun46591952012-05-18 15:47:34 +020048#include <common/compat.h>
49#include <common/config.h>
50#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020051#include <common/errors.h>
Willy Tarreau0108d902018-11-25 19:14:37 +010052#include <common/initcall.h>
Willy Tarreau55994562019-05-09 14:52:44 +020053#include <common/openssl-compat.h>
Emeric Brun46591952012-05-18 15:47:34 +020054#include <common/standard.h>
55#include <common/ticks.h>
56#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010057#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010058#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020059
Emeric Brunfc0421f2012-09-07 17:30:07 +020060#include <ebsttree.h>
61
William Lallemand32af2032016-10-29 18:09:35 +020062#include <types/applet.h>
63#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020064#include <types/global.h>
65#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +020066#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020067
Willy Tarreau7875d092012-09-10 08:20:03 +020068#include <proto/acl.h>
69#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +020070#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +020071#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +020072#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +020073#include <proto/fd.h>
74#include <proto/freq_ctr.h>
75#include <proto/frontend.h>
Willy Tarreau61c112a2018-10-02 16:43:32 +020076#include <proto/http_rules.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020077#include <proto/listener.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010078#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020079#include <proto/proto_tcp.h>
Olivier Houchardccaa7de2017-10-02 11:51:03 +020080#include <proto/proto_http.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +020081#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +020082#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +020083#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +020084#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020085#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +020086#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +020087#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +020088#include <proto/task.h>
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010089#include <proto/vars.h>
Emeric Brun46591952012-05-18 15:47:34 +020090
Willy Tarreau9356dac2019-05-10 09:22:53 +020091/* ***** READ THIS before adding code here! *****
92 *
93 * Due to API incompatibilities between multiple OpenSSL versions and their
94 * derivatives, it's often tempting to add macros to (re-)define certain
95 * symbols. Please do not do this here, and do it in common/openssl-compat.h
96 * exclusively so that the whole code consistently uses the same macros.
97 *
98 * Whenever possible if a macro is missing in certain versions, it's better
99 * to conditionally define it in openssl-compat.h than using lots of ifdefs.
100 */
101
Willy Tarreau518cedd2014-02-17 15:43:01 +0100102/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200103#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100104#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100105#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200106#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
107
Emeric Brunf282a812012-09-21 15:27:54 +0200108/* bits 0xFFFF0000 are reserved to store verify errors */
109
110/* Verify errors macros */
111#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
112#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
113#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
114
115#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
116#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
117#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200118
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200119/* ssl_methods flags for ssl options */
120#define MC_SSL_O_ALL 0x0000
121#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
122#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
123#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
124#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200125#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200126
127/* ssl_methods versions */
128enum {
129 CONF_TLSV_NONE = 0,
130 CONF_TLSV_MIN = 1,
131 CONF_SSLV3 = 1,
132 CONF_TLSV10 = 2,
133 CONF_TLSV11 = 3,
134 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200135 CONF_TLSV13 = 5,
136 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200137};
138
Emeric Brun850efd52014-01-29 12:24:34 +0100139/* server and bind verify method, it uses a global value as default */
140enum {
141 SSL_SOCK_VERIFY_DEFAULT = 0,
142 SSL_SOCK_VERIFY_REQUIRED = 1,
143 SSL_SOCK_VERIFY_OPTIONAL = 2,
144 SSL_SOCK_VERIFY_NONE = 3,
145};
146
William Lallemand3f85c9a2017-10-09 16:30:50 +0200147
Willy Tarreau71b734c2014-01-28 15:19:44 +0100148int sslconns = 0;
149int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100150static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100151int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200152
Willy Tarreauef934602016-12-22 23:12:01 +0100153static struct {
154 char *crt_base; /* base directory path for certificates */
155 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000156 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100157
158 char *listen_default_ciphers;
159 char *connect_default_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200160#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200161 char *listen_default_ciphersuites;
162 char *connect_default_ciphersuites;
163#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100164 int listen_default_ssloptions;
165 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200166 struct tls_version_filter listen_default_sslmethods;
167 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100168
169 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
170 unsigned int life_time; /* SSL session lifetime in seconds */
171 unsigned int max_record; /* SSL max record size */
172 unsigned int default_dh_param; /* SSL maximum DH parameter size */
173 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100174 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100175} global_ssl = {
176#ifdef LISTEN_DEFAULT_CIPHERS
177 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
178#endif
179#ifdef CONNECT_DEFAULT_CIPHERS
180 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
181#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200182#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200183#ifdef LISTEN_DEFAULT_CIPHERSUITES
184 .listen_default_ciphersuites = LISTEN_DEFAULT_CIPHERSUITES,
185#endif
186#ifdef CONNECT_DEFAULT_CIPHERSUITES
187 .connect_default_ciphersuites = CONNECT_DEFAULT_CIPHERSUITES,
188#endif
189#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100190 .listen_default_ssloptions = BC_SSL_O_NONE,
191 .connect_default_ssloptions = SRV_SSL_O_NONE,
192
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200193 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
194 .listen_default_sslmethods.min = CONF_TLSV_NONE,
195 .listen_default_sslmethods.max = CONF_TLSV_NONE,
196 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
197 .connect_default_sslmethods.min = CONF_TLSV_NONE,
198 .connect_default_sslmethods.max = CONF_TLSV_NONE,
199
Willy Tarreauef934602016-12-22 23:12:01 +0100200#ifdef DEFAULT_SSL_MAX_RECORD
201 .max_record = DEFAULT_SSL_MAX_RECORD,
202#endif
203 .default_dh_param = SSL_DEFAULT_DH_PARAM,
204 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100205 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100206};
207
Olivier Houcharda8955d52019-04-07 22:00:38 +0200208static BIO_METHOD *ha_meth;
209
Olivier Houchard66ab4982019-02-26 18:37:15 +0100210struct ssl_sock_ctx {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200211 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100212 SSL *ssl;
Olivier Houcharda8955d52019-04-07 22:00:38 +0200213 BIO *bio;
Olivier Houchard5149b592019-05-23 17:47:36 +0200214 const struct xprt_ops *xprt;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100215 void *xprt_ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +0200216 struct wait_event wait_event;
217 struct wait_event *recv_wait;
218 struct wait_event *send_wait;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +0100219 int xprt_st; /* transport layer state, initialized to zero */
220 int tmp_early_data; /* 1st byte of early data, if any */
221 int sent_early_data; /* Amount of early data we sent so far */
222
Olivier Houchard66ab4982019-02-26 18:37:15 +0100223};
224
225DECLARE_STATIC_POOL(ssl_sock_ctx_pool, "ssl_sock_ctx_pool", sizeof(struct ssl_sock_ctx));
226
Olivier Houchardea8dd942019-05-20 14:02:16 +0200227static struct task *ssl_sock_io_cb(struct task *, void *, unsigned short);
Olivier Houchard000694c2019-05-23 14:45:12 +0200228static int ssl_sock_handshake(struct connection *conn, unsigned int flag);
Olivier Houchardea8dd942019-05-20 14:02:16 +0200229
Olivier Houcharda8955d52019-04-07 22:00:38 +0200230/* Methods to implement OpenSSL BIO */
231static int ha_ssl_write(BIO *h, const char *buf, int num)
232{
233 struct buffer tmpbuf;
234 struct ssl_sock_ctx *ctx;
235 int ret;
236
237 ctx = BIO_get_data(h);
238 tmpbuf.size = num;
239 tmpbuf.area = (void *)(uintptr_t)buf;
240 tmpbuf.data = num;
241 tmpbuf.head = 0;
242 ret = ctx->xprt->snd_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, num, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200243 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_WR_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200244 BIO_set_retry_write(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200245 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200246 } else if (ret == 0)
247 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200248 return ret;
249}
250
251static int ha_ssl_gets(BIO *h, char *buf, int size)
252{
253
254 return 0;
255}
256
257static int ha_ssl_puts(BIO *h, const char *str)
258{
259
260 return ha_ssl_write(h, str, strlen(str));
261}
262
263static int ha_ssl_read(BIO *h, char *buf, int size)
264{
265 struct buffer tmpbuf;
266 struct ssl_sock_ctx *ctx;
267 int ret;
268
269 ctx = BIO_get_data(h);
270 tmpbuf.size = size;
271 tmpbuf.area = buf;
272 tmpbuf.data = 0;
273 tmpbuf.head = 0;
274 ret = ctx->xprt->rcv_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, size, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200275 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_RD_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200276 BIO_set_retry_read(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200277 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200278 } else if (ret == 0)
279 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200280
281 return ret;
282}
283
284static long ha_ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2)
285{
286 int ret = 0;
287 switch (cmd) {
288 case BIO_CTRL_DUP:
289 case BIO_CTRL_FLUSH:
290 ret = 1;
291 break;
292 }
293 return ret;
294}
295
296static int ha_ssl_new(BIO *h)
297{
298 BIO_set_init(h, 1);
299 BIO_set_data(h, NULL);
300 BIO_clear_flags(h, ~0);
301 return 1;
302}
303
304static int ha_ssl_free(BIO *data)
305{
306
307 return 1;
308}
309
310
Willy Tarreau5db847a2019-05-09 14:13:35 +0200311#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100312
Emeric Brun821bb9b2017-06-15 16:37:39 +0200313static HA_RWLOCK_T *ssl_rwlocks;
314
315
316unsigned long ssl_id_function(void)
317{
318 return (unsigned long)tid;
319}
320
321void ssl_locking_function(int mode, int n, const char * file, int line)
322{
323 if (mode & CRYPTO_LOCK) {
324 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100325 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200326 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100327 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200328 }
329 else {
330 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100331 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200332 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100333 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200334 }
335}
336
337static int ssl_locking_init(void)
338{
339 int i;
340
341 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
342 if (!ssl_rwlocks)
343 return -1;
344
345 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100346 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200347
348 CRYPTO_set_id_callback(ssl_id_function);
349 CRYPTO_set_locking_callback(ssl_locking_function);
350
351 return 0;
352}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100353
Emeric Brun821bb9b2017-06-15 16:37:39 +0200354#endif
355
356
357
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100358/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100359struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100360 unsigned long long int xxh64;
361 unsigned char ciphersuite_len;
362 char ciphersuite[0];
363};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100364struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100365static int ssl_capture_ptr_index = -1;
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200366static int ssl_app_data_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100367
Emmanuel Hocdet96b78342017-10-31 15:46:07 +0100368static int ssl_pkey_info_index = -1;
369
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200370#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
371struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
372#endif
373
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200374#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000375static unsigned int openssl_engines_initialized;
376struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
377struct ssl_engine_list {
378 struct list list;
379 ENGINE *e;
380};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200381#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000382
Remi Gacogne8de54152014-07-15 11:36:40 +0200383#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200384static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200385static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200386static DH *local_dh_1024 = NULL;
387static DH *local_dh_2048 = NULL;
388static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100389static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200390#endif /* OPENSSL_NO_DH */
391
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100392#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200393/* X509V3 Extensions that will be added on generated certificates */
394#define X509V3_EXT_SIZE 5
395static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
396 "basicConstraints",
397 "nsComment",
398 "subjectKeyIdentifier",
399 "authorityKeyIdentifier",
400 "keyUsage",
401};
402static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
403 "CA:FALSE",
404 "\"OpenSSL Generated Certificate\"",
405 "hash",
406 "keyid,issuer:always",
407 "nonRepudiation,digitalSignature,keyEncipherment"
408};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200409/* LRU cache to store generated certificate */
410static struct lru64_head *ssl_ctx_lru_tree = NULL;
411static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200412static unsigned int ssl_ctx_serial;
Willy Tarreau86abe442018-11-25 20:12:18 +0100413__decl_rwlock(ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200414
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200415#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
416
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100417static struct ssl_bind_kw ssl_bind_kws[];
418
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200419#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhube2774d2015-12-10 15:07:30 -0500420/* The order here matters for picking a default context,
421 * keep the most common keytype at the bottom of the list
422 */
423const char *SSL_SOCK_KEYTYPE_NAMES[] = {
424 "dsa",
425 "ecdsa",
426 "rsa"
427};
428#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100429#else
430#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500431#endif
432
William Lallemandc3cd35f2017-11-28 11:04:43 +0100433static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100434static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
435
436#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
437
438#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
439 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
440
441#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
442 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200443
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100444/*
445 * This function gives the detail of the SSL error. It is used only
446 * if the debug mode and the verbose mode are activated. It dump all
447 * the SSL error until the stack was empty.
448 */
449static forceinline void ssl_sock_dump_errors(struct connection *conn)
450{
451 unsigned long ret;
452
453 if (unlikely(global.mode & MODE_DEBUG)) {
454 while(1) {
455 ret = ERR_get_error();
456 if (ret == 0)
457 return;
458 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200459 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100460 ERR_func_error_string(ret), ERR_reason_error_string(ret));
461 }
462 }
463}
464
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200465#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
yanbzhube2774d2015-12-10 15:07:30 -0500466/*
467 * struct alignment works here such that the key.key is the same as key_data
468 * Do not change the placement of key_data
469 */
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200470struct certificate_ocsp {
471 struct ebmb_node key;
472 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
Willy Tarreau83061a82018-07-13 11:56:34 +0200473 struct buffer response;
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200474 long expire;
475};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200476
yanbzhube2774d2015-12-10 15:07:30 -0500477struct ocsp_cbk_arg {
478 int is_single;
479 int single_kt;
480 union {
481 struct certificate_ocsp *s_ocsp;
482 /*
483 * m_ocsp will have multiple entries dependent on key type
484 * Entry 0 - DSA
485 * Entry 1 - ECDSA
486 * Entry 2 - RSA
487 */
488 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
489 };
490};
491
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200492#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000493static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
494{
495 int err_code = ERR_ABORT;
496 ENGINE *engine;
497 struct ssl_engine_list *el;
498
499 /* grab the structural reference to the engine */
500 engine = ENGINE_by_id(engine_id);
501 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100502 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000503 goto fail_get;
504 }
505
506 if (!ENGINE_init(engine)) {
507 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100508 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000509 goto fail_init;
510 }
511
512 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100513 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000514 goto fail_set_method;
515 }
516
517 el = calloc(1, sizeof(*el));
518 el->e = engine;
519 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100520 nb_engines++;
521 if (global_ssl.async)
522 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000523 return 0;
524
525fail_set_method:
526 /* release the functional reference from ENGINE_init() */
527 ENGINE_finish(engine);
528
529fail_init:
530 /* release the structural reference from ENGINE_by_id() */
531 ENGINE_free(engine);
532
533fail_get:
534 return err_code;
535}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200536#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000537
Willy Tarreau5db847a2019-05-09 14:13:35 +0200538#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200539/*
540 * openssl async fd handler
541 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200542void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000543{
Olivier Houchardea8dd942019-05-20 14:02:16 +0200544 struct ssl_sock_ctx *ctx = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000545
Emeric Brun3854e012017-05-17 20:42:48 +0200546 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000547 * to poll this fd until it is requested
548 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000549 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000550 fd_cant_recv(fd);
551
552 /* crypto engine is available, let's notify the associated
553 * connection that it can pursue its processing.
554 */
Olivier Houchard03abf2d2019-05-28 10:12:02 +0200555 ssl_sock_io_cb(NULL, ctx, 0);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000556}
557
Emeric Brun3854e012017-05-17 20:42:48 +0200558/*
559 * openssl async delayed SSL_free handler
560 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200561void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000562{
563 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200564 OSSL_ASYNC_FD all_fd[32];
565 size_t num_all_fds = 0;
566 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000567
Emeric Brun3854e012017-05-17 20:42:48 +0200568 /* We suppose that the async job for a same SSL *
569 * are serialized. So if we are awake it is
570 * because the running job has just finished
571 * and we can remove all async fds safely
572 */
573 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
574 if (num_all_fds > 32) {
575 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
576 return;
577 }
578
579 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
580 for (i=0 ; i < num_all_fds ; i++)
581 fd_remove(all_fd[i]);
582
583 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000584 SSL_free(ssl);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +0100585 _HA_ATOMIC_SUB(&sslconns, 1);
586 _HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000587}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000588/*
Emeric Brun3854e012017-05-17 20:42:48 +0200589 * function used to manage a returned SSL_ERROR_WANT_ASYNC
590 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000591 */
Olivier Houchardea8dd942019-05-20 14:02:16 +0200592static inline void ssl_async_process_fds(struct ssl_sock_ctx *ctx)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000593{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100594 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200595 OSSL_ASYNC_FD del_fd[32];
Olivier Houchardea8dd942019-05-20 14:02:16 +0200596 SSL *ssl = ctx->ssl;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000597 size_t num_add_fds = 0;
598 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200599 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000600
601 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
602 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200603 if (num_add_fds > 32 || num_del_fds > 32) {
604 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000605 return;
606 }
607
Emeric Brun3854e012017-05-17 20:42:48 +0200608 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000609
Emeric Brun3854e012017-05-17 20:42:48 +0200610 /* We remove unused fds from the fdtab */
611 for (i=0 ; i < num_del_fds ; i++)
612 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000613
Emeric Brun3854e012017-05-17 20:42:48 +0200614 /* We add new fds to the fdtab */
615 for (i=0 ; i < num_add_fds ; i++) {
Olivier Houchardea8dd942019-05-20 14:02:16 +0200616 fd_insert(add_fd[i], ctx, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000617 }
618
Emeric Brun3854e012017-05-17 20:42:48 +0200619 num_add_fds = 0;
620 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
621 if (num_add_fds > 32) {
622 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
623 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000624 }
Emeric Brun3854e012017-05-17 20:42:48 +0200625
626 /* We activate the polling for all known async fds */
627 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000628 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200629 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000630 /* To ensure that the fd cache won't be used
631 * We'll prefer to catch a real RD event
632 * because handling an EAGAIN on this fd will
633 * result in a context switch and also
634 * some engines uses a fd in blocking mode.
635 */
636 fd_cant_recv(add_fd[i]);
637 }
Emeric Brun3854e012017-05-17 20:42:48 +0200638
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000639}
640#endif
641
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200642/*
643 * This function returns the number of seconds elapsed
644 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
645 * date presented un ASN1_GENERALIZEDTIME.
646 *
647 * In parsing error case, it returns -1.
648 */
649static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
650{
651 long epoch;
652 char *p, *end;
653 const unsigned short month_offset[12] = {
654 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
655 };
656 int year, month;
657
658 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
659
660 p = (char *)d->data;
661 end = p + d->length;
662
663 if (end - p < 4) return -1;
664 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
665 p += 4;
666 if (end - p < 2) return -1;
667 month = 10 * (p[0] - '0') + p[1] - '0';
668 if (month < 1 || month > 12) return -1;
669 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
670 We consider leap years and the current month (<marsh or not) */
671 epoch = ( ((year - 1970) * 365)
672 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
673 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
674 + month_offset[month-1]
675 ) * 24 * 60 * 60;
676 p += 2;
677 if (end - p < 2) return -1;
678 /* Add the number of seconds of completed days of current month */
679 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
680 p += 2;
681 if (end - p < 2) return -1;
682 /* Add the completed hours of the current day */
683 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
684 p += 2;
685 if (end - p < 2) return -1;
686 /* Add the completed minutes of the current hour */
687 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
688 p += 2;
689 if (p == end) return -1;
690 /* Test if there is available seconds */
691 if (p[0] < '0' || p[0] > '9')
692 goto nosec;
693 if (end - p < 2) return -1;
694 /* Add the seconds of the current minute */
695 epoch += 10 * (p[0] - '0') + p[1] - '0';
696 p += 2;
697 if (p == end) return -1;
698 /* Ignore seconds float part if present */
699 if (p[0] == '.') {
700 do {
701 if (++p == end) return -1;
702 } while (p[0] >= '0' && p[0] <= '9');
703 }
704
705nosec:
706 if (p[0] == 'Z') {
707 if (end - p != 1) return -1;
708 return epoch;
709 }
710 else if (p[0] == '+') {
711 if (end - p != 5) return -1;
712 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700713 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200714 }
715 else if (p[0] == '-') {
716 if (end - p != 5) return -1;
717 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700718 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200719 }
720
721 return -1;
722}
723
Emeric Brun1d3865b2014-06-20 15:37:32 +0200724static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200725
726/* This function starts to check if the OCSP response (in DER format) contained
727 * in chunk 'ocsp_response' is valid (else exits on error).
728 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
729 * contained in the OCSP Response and exits on error if no match.
730 * If it's a valid OCSP Response:
731 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
732 * pointed by 'ocsp'.
733 * If 'ocsp' is NULL, the function looks up into the OCSP response's
734 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
735 * from the response) and exits on error if not found. Finally, If an OCSP response is
736 * already present in the container, it will be overwritten.
737 *
738 * Note: OCSP response containing more than one OCSP Single response is not
739 * considered valid.
740 *
741 * Returns 0 on success, 1 in error case.
742 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200743static int ssl_sock_load_ocsp_response(struct buffer *ocsp_response,
744 struct certificate_ocsp *ocsp,
745 OCSP_CERTID *cid, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200746{
747 OCSP_RESPONSE *resp;
748 OCSP_BASICRESP *bs = NULL;
749 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200750 OCSP_CERTID *id;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200751 unsigned char *p = (unsigned char *) ocsp_response->area;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200752 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200753 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200754 int reason;
755 int ret = 1;
756
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200757 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p,
758 ocsp_response->data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200759 if (!resp) {
760 memprintf(err, "Unable to parse OCSP response");
761 goto out;
762 }
763
764 rc = OCSP_response_status(resp);
765 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
766 memprintf(err, "OCSP response status not successful");
767 goto out;
768 }
769
770 bs = OCSP_response_get1_basic(resp);
771 if (!bs) {
772 memprintf(err, "Failed to get basic response from OCSP Response");
773 goto out;
774 }
775
776 count_sr = OCSP_resp_count(bs);
777 if (count_sr > 1) {
778 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
779 goto out;
780 }
781
782 sr = OCSP_resp_get0(bs, 0);
783 if (!sr) {
784 memprintf(err, "Failed to get OCSP single response");
785 goto out;
786 }
787
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200788 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
789
Emeric Brun4147b2e2014-06-16 18:36:30 +0200790 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200791 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200792 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200793 goto out;
794 }
795
Emeric Brun13a6b482014-06-20 15:44:34 +0200796 if (!nextupd) {
797 memprintf(err, "OCSP single response: missing nextupdate");
798 goto out;
799 }
800
Emeric Brunc8b27b62014-06-19 14:16:17 +0200801 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200802 if (!rc) {
803 memprintf(err, "OCSP single response: no longer valid.");
804 goto out;
805 }
806
807 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200808 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200809 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
810 goto out;
811 }
812 }
813
814 if (!ocsp) {
815 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
816 unsigned char *p;
817
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200818 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200819 if (!rc) {
820 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
821 goto out;
822 }
823
824 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
825 memprintf(err, "OCSP single response: Certificate ID too long");
826 goto out;
827 }
828
829 p = key;
830 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200831 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200832 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
833 if (!ocsp) {
834 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
835 goto out;
836 }
837 }
838
839 /* According to comments on "chunk_dup", the
840 previous chunk buffer will be freed */
841 if (!chunk_dup(&ocsp->response, ocsp_response)) {
842 memprintf(err, "OCSP response: Memory allocation error");
843 goto out;
844 }
845
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200846 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
847
Emeric Brun4147b2e2014-06-16 18:36:30 +0200848 ret = 0;
849out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +0100850 ERR_clear_error();
851
Emeric Brun4147b2e2014-06-16 18:36:30 +0200852 if (bs)
853 OCSP_BASICRESP_free(bs);
854
855 if (resp)
856 OCSP_RESPONSE_free(resp);
857
858 return ret;
859}
860/*
861 * External function use to update the OCSP response in the OCSP response's
862 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
863 * to update in DER format.
864 *
865 * Returns 0 on success, 1 in error case.
866 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200867int ssl_sock_update_ocsp_response(struct buffer *ocsp_response, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200868{
869 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
870}
871
872/*
873 * This function load the OCSP Resonse in DER format contained in file at
874 * path 'ocsp_path' and call 'ssl_sock_load_ocsp_response'
875 *
876 * Returns 0 on success, 1 in error case.
877 */
878static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
879{
880 int fd = -1;
881 int r = 0;
882 int ret = 1;
883
884 fd = open(ocsp_path, O_RDONLY);
885 if (fd == -1) {
886 memprintf(err, "Error opening OCSP response file");
887 goto end;
888 }
889
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200890 trash.data = 0;
891 while (trash.data < trash.size) {
892 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200893 if (r < 0) {
894 if (errno == EINTR)
895 continue;
896
897 memprintf(err, "Error reading OCSP response from file");
898 goto end;
899 }
900 else if (r == 0) {
901 break;
902 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200903 trash.data += r;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200904 }
905
906 close(fd);
907 fd = -1;
908
909 ret = ssl_sock_load_ocsp_response(&trash, ocsp, cid, err);
910end:
911 if (fd != -1)
912 close(fd);
913
914 return ret;
915}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100916#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +0200917
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100918#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
919static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
920{
Christopher Faulet16f45c82018-02-16 11:23:49 +0100921 struct tls_keys_ref *ref;
Emeric Brun9e754772019-01-10 17:51:55 +0100922 union tls_sess_key *keys;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100923 struct connection *conn;
924 int head;
925 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100926 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100927
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200928 conn = SSL_get_ex_data(s, ssl_app_data_index);
Willy Tarreau07d94e42018-09-20 10:57:52 +0200929 ref = __objt_listener(conn->target)->bind_conf->keys_ref;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100930 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
931
932 keys = ref->tlskeys;
933 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100934
935 if (enc) {
936 memcpy(key_name, keys[head].name, 16);
937
938 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100939 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100940
Emeric Brun9e754772019-01-10 17:51:55 +0100941 if (ref->key_size_bits == 128) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100942
Emeric Brun9e754772019-01-10 17:51:55 +0100943 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].key_128.aes_key, iv))
944 goto end;
945
Willy Tarreau9356dac2019-05-10 09:22:53 +0200946 HMAC_Init_ex(hctx, keys[head].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100947 ret = 1;
948 }
949 else if (ref->key_size_bits == 256 ) {
950
951 if(!EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[head].key_256.aes_key, iv))
952 goto end;
953
Willy Tarreau9356dac2019-05-10 09:22:53 +0200954 HMAC_Init_ex(hctx, keys[head].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100955 ret = 1;
956 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100957 } else {
958 for (i = 0; i < TLS_TICKETS_NO; i++) {
959 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
960 goto found;
961 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100962 ret = 0;
963 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100964
Christopher Faulet16f45c82018-02-16 11:23:49 +0100965 found:
Emeric Brun9e754772019-01-10 17:51:55 +0100966 if (ref->key_size_bits == 128) {
Willy Tarreau9356dac2019-05-10 09:22:53 +0200967 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100968 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_128.aes_key, iv))
969 goto end;
970 /* 2 for key renewal, 1 if current key is still valid */
971 ret = i ? 2 : 1;
972 }
973 else if (ref->key_size_bits == 256) {
Willy Tarreau9356dac2019-05-10 09:22:53 +0200974 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100975 if(!EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_256.aes_key, iv))
976 goto end;
977 /* 2 for key renewal, 1 if current key is still valid */
978 ret = i ? 2 : 1;
979 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100980 }
Emeric Brun9e754772019-01-10 17:51:55 +0100981
Christopher Faulet16f45c82018-02-16 11:23:49 +0100982 end:
983 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
984 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200985}
986
987struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
988{
989 struct tls_keys_ref *ref;
990
991 list_for_each_entry(ref, &tlskeys_reference, list)
992 if (ref->filename && strcmp(filename, ref->filename) == 0)
993 return ref;
994 return NULL;
995}
996
997struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
998{
999 struct tls_keys_ref *ref;
1000
1001 list_for_each_entry(ref, &tlskeys_reference, list)
1002 if (ref->unique_id == unique_id)
1003 return ref;
1004 return NULL;
1005}
1006
Emeric Brun9e754772019-01-10 17:51:55 +01001007/* Update the key into ref: if keysize doesnt
1008 * match existing ones, this function returns -1
1009 * else it returns 0 on success.
1010 */
1011int ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref,
Willy Tarreau83061a82018-07-13 11:56:34 +02001012 struct buffer *tlskey)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001013{
Emeric Brun9e754772019-01-10 17:51:55 +01001014 if (ref->key_size_bits == 128) {
1015 if (tlskey->data != sizeof(struct tls_sess_key_128))
1016 return -1;
1017 }
1018 else if (ref->key_size_bits == 256) {
1019 if (tlskey->data != sizeof(struct tls_sess_key_256))
1020 return -1;
1021 }
1022 else
1023 return -1;
1024
Christopher Faulet16f45c82018-02-16 11:23:49 +01001025 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001026 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)),
1027 tlskey->area, tlskey->data);
Christopher Faulet16f45c82018-02-16 11:23:49 +01001028 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
1029 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Emeric Brun9e754772019-01-10 17:51:55 +01001030
1031 return 0;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001032}
1033
Willy Tarreau83061a82018-07-13 11:56:34 +02001034int ssl_sock_update_tlskey(char *filename, struct buffer *tlskey, char **err)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001035{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001036 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
1037
1038 if(!ref) {
1039 memprintf(err, "Unable to locate the referenced filename: %s", filename);
1040 return 1;
1041 }
Emeric Brun9e754772019-01-10 17:51:55 +01001042 if (ssl_sock_update_tlskey_ref(ref, tlskey) < 0) {
1043 memprintf(err, "Invalid key size");
1044 return 1;
1045 }
1046
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001047 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001048}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001049
1050/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +01001051 * automatic ids. It's called just after the basic checks. It returns
1052 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001053 */
Willy Tarreaud1c57502016-12-22 22:46:15 +01001054static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001055{
1056 int i = 0;
1057 struct tls_keys_ref *ref, *ref2, *ref3;
1058 struct list tkr = LIST_HEAD_INIT(tkr);
1059
1060 list_for_each_entry(ref, &tlskeys_reference, list) {
1061 if (ref->unique_id == -1) {
1062 /* Look for the first free id. */
1063 while (1) {
1064 list_for_each_entry(ref2, &tlskeys_reference, list) {
1065 if (ref2->unique_id == i) {
1066 i++;
1067 break;
1068 }
1069 }
1070 if (&ref2->list == &tlskeys_reference)
1071 break;
1072 }
1073
1074 /* Uses the unique id and increment it for the next entry. */
1075 ref->unique_id = i;
1076 i++;
1077 }
1078 }
1079
1080 /* This sort the reference list by id. */
1081 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
1082 LIST_DEL(&ref->list);
1083 list_for_each_entry(ref3, &tkr, list) {
1084 if (ref->unique_id < ref3->unique_id) {
1085 LIST_ADDQ(&ref3->list, &ref->list);
1086 break;
1087 }
1088 }
1089 if (&ref3->list == &tkr)
1090 LIST_ADDQ(&tkr, &ref->list);
1091 }
1092
1093 /* swap root */
1094 LIST_ADD(&tkr, &tlskeys_reference);
1095 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +01001096 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001097}
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001098#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
1099
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001100#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -05001101int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
1102{
1103 switch (evp_keytype) {
1104 case EVP_PKEY_RSA:
1105 return 2;
1106 case EVP_PKEY_DSA:
1107 return 0;
1108 case EVP_PKEY_EC:
1109 return 1;
1110 }
1111
1112 return -1;
1113}
1114
Emeric Brun4147b2e2014-06-16 18:36:30 +02001115/*
1116 * Callback used to set OCSP status extension content in server hello.
1117 */
1118int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
1119{
yanbzhube2774d2015-12-10 15:07:30 -05001120 struct certificate_ocsp *ocsp;
1121 struct ocsp_cbk_arg *ocsp_arg;
1122 char *ssl_buf;
1123 EVP_PKEY *ssl_pkey;
1124 int key_type;
1125 int index;
1126
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001127 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -05001128
1129 ssl_pkey = SSL_get_privatekey(ssl);
1130 if (!ssl_pkey)
1131 return SSL_TLSEXT_ERR_NOACK;
1132
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001133 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001134
1135 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
1136 ocsp = ocsp_arg->s_ocsp;
1137 else {
1138 /* For multiple certs per context, we have to find the correct OCSP response based on
1139 * the certificate type
1140 */
1141 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
1142
1143 if (index < 0)
1144 return SSL_TLSEXT_ERR_NOACK;
1145
1146 ocsp = ocsp_arg->m_ocsp[index];
1147
1148 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001149
1150 if (!ocsp ||
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001151 !ocsp->response.area ||
1152 !ocsp->response.data ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001153 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001154 return SSL_TLSEXT_ERR_NOACK;
1155
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001156 ssl_buf = OPENSSL_malloc(ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001157 if (!ssl_buf)
1158 return SSL_TLSEXT_ERR_NOACK;
1159
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001160 memcpy(ssl_buf, ocsp->response.area, ocsp->response.data);
1161 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001162
1163 return SSL_TLSEXT_ERR_OK;
1164}
1165
1166/*
1167 * This function enables the handling of OCSP status extension on 'ctx' if a
1168 * file name 'cert_path' suffixed using ".ocsp" is present.
1169 * To enable OCSP status extension, the issuer's certificate is mandatory.
1170 * It should be present in the certificate's extra chain builded from file
1171 * 'cert_path'. If not found, the issuer certificate is loaded from a file
1172 * named 'cert_path' suffixed using '.issuer'.
1173 *
1174 * In addition, ".ocsp" file content is loaded as a DER format of an OCSP
1175 * response. If file is empty or content is not a valid OCSP response,
1176 * OCSP status extension is enabled but OCSP response is ignored (a warning
1177 * is displayed).
1178 *
1179 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
Joseph Herlant017b3da2018-11-15 09:07:59 -08001180 * successfully enabled, or -1 in other error case.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001181 */
1182static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
1183{
1184
1185 BIO *in = NULL;
1186 X509 *x, *xi = NULL, *issuer = NULL;
1187 STACK_OF(X509) *chain = NULL;
1188 OCSP_CERTID *cid = NULL;
1189 SSL *ssl;
1190 char ocsp_path[MAXPATHLEN+1];
1191 int i, ret = -1;
1192 struct stat st;
1193 struct certificate_ocsp *ocsp = NULL, *iocsp;
1194 char *warn = NULL;
1195 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001196 pem_password_cb *passwd_cb;
1197 void *passwd_cb_userdata;
1198 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001199
1200 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1201
1202 if (stat(ocsp_path, &st))
1203 return 1;
1204
1205 ssl = SSL_new(ctx);
1206 if (!ssl)
1207 goto out;
1208
1209 x = SSL_get_certificate(ssl);
1210 if (!x)
1211 goto out;
1212
1213 /* Try to lookup for issuer in certificate extra chain */
Emeric Brun4147b2e2014-06-16 18:36:30 +02001214 SSL_CTX_get_extra_chain_certs(ctx, &chain);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001215 for (i = 0; i < sk_X509_num(chain); i++) {
1216 issuer = sk_X509_value(chain, i);
1217 if (X509_check_issued(issuer, x) == X509_V_OK)
1218 break;
1219 else
1220 issuer = NULL;
1221 }
1222
1223 /* If not found try to load issuer from a suffixed file */
1224 if (!issuer) {
1225 char issuer_path[MAXPATHLEN+1];
1226
1227 in = BIO_new(BIO_s_file());
1228 if (!in)
1229 goto out;
1230
1231 snprintf(issuer_path, MAXPATHLEN+1, "%s.issuer", cert_path);
1232 if (BIO_read_filename(in, issuer_path) <= 0)
1233 goto out;
1234
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001235 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
1236 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
1237
1238 xi = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001239 if (!xi)
1240 goto out;
1241
1242 if (X509_check_issued(xi, x) != X509_V_OK)
1243 goto out;
1244
1245 issuer = xi;
1246 }
1247
1248 cid = OCSP_cert_to_id(0, x, issuer);
1249 if (!cid)
1250 goto out;
1251
1252 i = i2d_OCSP_CERTID(cid, NULL);
1253 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1254 goto out;
1255
Vincent Bernat02779b62016-04-03 13:48:43 +02001256 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001257 if (!ocsp)
1258 goto out;
1259
1260 p = ocsp->key_data;
1261 i2d_OCSP_CERTID(cid, &p);
1262
1263 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1264 if (iocsp == ocsp)
1265 ocsp = NULL;
1266
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001267#ifndef SSL_CTX_get_tlsext_status_cb
1268# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1269 *cb = (void (*) (void))ctx->tlsext_status_cb;
1270#endif
1271 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1272
1273 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001274 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001275 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001276
1277 cb_arg->is_single = 1;
1278 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001279
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001280 pkey = X509_get_pubkey(x);
1281 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1282 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001283
1284 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1285 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1286 } else {
1287 /*
1288 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1289 * Update that cb_arg with the new cert's staple
1290 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001291 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001292 struct certificate_ocsp *tmp_ocsp;
1293 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001294 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001295 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001296
1297#ifdef SSL_CTX_get_tlsext_status_arg
1298 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1299#else
1300 cb_arg = ctx->tlsext_status_arg;
1301#endif
yanbzhube2774d2015-12-10 15:07:30 -05001302
1303 /*
1304 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1305 * the order of operations below matter, take care when changing it
1306 */
1307 tmp_ocsp = cb_arg->s_ocsp;
1308 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1309 cb_arg->s_ocsp = NULL;
1310 cb_arg->m_ocsp[index] = tmp_ocsp;
1311 cb_arg->is_single = 0;
1312 cb_arg->single_kt = 0;
1313
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001314 pkey = X509_get_pubkey(x);
1315 key_type = EVP_PKEY_base_id(pkey);
1316 EVP_PKEY_free(pkey);
1317
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001318 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001319 if (index >= 0 && !cb_arg->m_ocsp[index])
1320 cb_arg->m_ocsp[index] = iocsp;
1321
1322 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001323
1324 ret = 0;
1325
1326 warn = NULL;
1327 if (ssl_sock_load_ocsp_response_from_file(ocsp_path, iocsp, cid, &warn)) {
1328 memprintf(&warn, "Loading '%s': %s. Content will be ignored", ocsp_path, warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001329 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001330 }
1331
1332out:
1333 if (ssl)
1334 SSL_free(ssl);
1335
1336 if (in)
1337 BIO_free(in);
1338
1339 if (xi)
1340 X509_free(xi);
1341
1342 if (cid)
1343 OCSP_CERTID_free(cid);
1344
1345 if (ocsp)
1346 free(ocsp);
1347
1348 if (warn)
1349 free(warn);
1350
1351
1352 return ret;
1353}
1354
1355#endif
1356
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001357#ifdef OPENSSL_IS_BORINGSSL
1358static int ssl_sock_set_ocsp_response_from_file(SSL_CTX *ctx, const char *cert_path)
1359{
1360 char ocsp_path[MAXPATHLEN+1];
1361 struct stat st;
1362 int fd = -1, r = 0;
1363
1364 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1365 if (stat(ocsp_path, &st))
1366 return 0;
1367
1368 fd = open(ocsp_path, O_RDONLY);
1369 if (fd == -1) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01001370 ha_warning("Error opening OCSP response file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001371 return -1;
1372 }
1373
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001374 trash.data = 0;
1375 while (trash.data < trash.size) {
1376 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001377 if (r < 0) {
1378 if (errno == EINTR)
1379 continue;
Christopher Faulet767a84b2017-11-24 16:50:31 +01001380 ha_warning("Error reading OCSP response from file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001381 close(fd);
1382 return -1;
1383 }
1384 else if (r == 0) {
1385 break;
1386 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001387 trash.data += r;
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001388 }
1389 close(fd);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001390 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *) trash.area,
1391 trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001392}
1393#endif
1394
Willy Tarreau5db847a2019-05-09 14:13:35 +02001395#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001396
1397#define CT_EXTENSION_TYPE 18
1398
1399static int sctl_ex_index = -1;
1400
1401/*
1402 * Try to parse Signed Certificate Timestamp List structure. This function
1403 * makes only basic test if the data seems like SCTL. No signature validation
1404 * is performed.
1405 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001406static int ssl_sock_parse_sctl(struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001407{
1408 int ret = 1;
1409 int len, pos, sct_len;
1410 unsigned char *data;
1411
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001412 if (sctl->data < 2)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001413 goto out;
1414
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001415 data = (unsigned char *) sctl->area;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001416 len = (data[0] << 8) | data[1];
1417
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001418 if (len + 2 != sctl->data)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001419 goto out;
1420
1421 data = data + 2;
1422 pos = 0;
1423 while (pos < len) {
1424 if (len - pos < 2)
1425 goto out;
1426
1427 sct_len = (data[pos] << 8) | data[pos + 1];
1428 if (pos + sct_len + 2 > len)
1429 goto out;
1430
1431 pos += sct_len + 2;
1432 }
1433
1434 ret = 0;
1435
1436out:
1437 return ret;
1438}
1439
Willy Tarreau83061a82018-07-13 11:56:34 +02001440static int ssl_sock_load_sctl_from_file(const char *sctl_path,
1441 struct buffer **sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001442{
1443 int fd = -1;
1444 int r = 0;
1445 int ret = 1;
1446
1447 *sctl = NULL;
1448
1449 fd = open(sctl_path, O_RDONLY);
1450 if (fd == -1)
1451 goto end;
1452
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001453 trash.data = 0;
1454 while (trash.data < trash.size) {
1455 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001456 if (r < 0) {
1457 if (errno == EINTR)
1458 continue;
1459
1460 goto end;
1461 }
1462 else if (r == 0) {
1463 break;
1464 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001465 trash.data += r;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001466 }
1467
1468 ret = ssl_sock_parse_sctl(&trash);
1469 if (ret)
1470 goto end;
1471
Vincent Bernat02779b62016-04-03 13:48:43 +02001472 *sctl = calloc(1, sizeof(**sctl));
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001473 if (!chunk_dup(*sctl, &trash)) {
1474 free(*sctl);
1475 *sctl = NULL;
1476 goto end;
1477 }
1478
1479end:
1480 if (fd != -1)
1481 close(fd);
1482
1483 return ret;
1484}
1485
1486int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1487{
Willy Tarreau83061a82018-07-13 11:56:34 +02001488 struct buffer *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001489
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001490 *out = (unsigned char *) sctl->area;
1491 *outlen = sctl->data;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001492
1493 return 1;
1494}
1495
1496int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1497{
1498 return 1;
1499}
1500
1501static int ssl_sock_load_sctl(SSL_CTX *ctx, const char *cert_path)
1502{
1503 char sctl_path[MAXPATHLEN+1];
1504 int ret = -1;
1505 struct stat st;
Willy Tarreau83061a82018-07-13 11:56:34 +02001506 struct buffer *sctl = NULL;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001507
1508 snprintf(sctl_path, MAXPATHLEN+1, "%s.sctl", cert_path);
1509
1510 if (stat(sctl_path, &st))
1511 return 1;
1512
1513 if (ssl_sock_load_sctl_from_file(sctl_path, &sctl))
1514 goto out;
1515
1516 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL)) {
1517 free(sctl);
1518 goto out;
1519 }
1520
1521 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1522
1523 ret = 0;
1524
1525out:
1526 return ret;
1527}
1528
1529#endif
1530
Emeric Brune1f38db2012-09-03 20:36:47 +02001531void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1532{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001533 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001534 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001535 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001536 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001537
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001538#ifndef SSL_OP_NO_RENEGOTIATION
1539 /* Please note that BoringSSL defines this macro to zero so don't
1540 * change this to #if and do not assign a default value to this macro!
1541 */
Emeric Brune1f38db2012-09-03 20:36:47 +02001542 if (where & SSL_CB_HANDSHAKE_START) {
1543 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001544 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001545 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001546 conn->err_code = CO_ER_SSL_RENEG;
1547 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001548 }
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001549#endif
Emeric Brund8b2bb52014-01-28 15:43:53 +01001550
1551 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001552 if (!(ctx->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
Emeric Brund8b2bb52014-01-28 15:43:53 +01001553 /* Long certificate chains optimz
1554 If write and read bios are differents, we
1555 consider that the buffering was activated,
1556 so we rise the output buffer size from 4k
1557 to 16k */
1558 write_bio = SSL_get_wbio(ssl);
1559 if (write_bio != SSL_get_rbio(ssl)) {
1560 BIO_set_write_buffer_size(write_bio, 16384);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001561 ctx->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001562 }
1563 }
1564 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001565}
1566
Emeric Brune64aef12012-09-21 13:15:06 +02001567/* Callback is called for each certificate of the chain during a verify
1568 ok is set to 1 if preverify detect no error on current certificate.
1569 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001570int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001571{
1572 SSL *ssl;
1573 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001574 struct ssl_sock_ctx *ctx;
Emeric Brun81c00f02012-09-21 14:31:21 +02001575 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001576
1577 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001578 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001579
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001580 ctx = conn->xprt_ctx;
1581
1582 ctx->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001583
Emeric Brun81c00f02012-09-21 14:31:21 +02001584 if (ok) /* no errors */
1585 return ok;
1586
1587 depth = X509_STORE_CTX_get_error_depth(x_store);
1588 err = X509_STORE_CTX_get_error(x_store);
1589
1590 /* check if CA error needs to be ignored */
1591 if (depth > 0) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001592 if (!SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st)) {
1593 ctx->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1594 ctx->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001595 }
1596
Willy Tarreau07d94e42018-09-20 10:57:52 +02001597 if (__objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001598 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001599 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001600 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001601 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001602
Willy Tarreau20879a02012-12-03 16:32:10 +01001603 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001604 return 0;
1605 }
1606
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001607 if (!SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st))
1608 ctx->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001609
Emeric Brun81c00f02012-09-21 14:31:21 +02001610 /* check if certificate error needs to be ignored */
Willy Tarreau07d94e42018-09-20 10:57:52 +02001611 if (__objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001612 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001613 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001614 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001615 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001616
Willy Tarreau20879a02012-12-03 16:32:10 +01001617 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001618 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001619}
1620
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001621static inline
1622void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001623 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001624{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001625 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001626 unsigned char *msg;
1627 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001628 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001629
1630 /* This function is called for "from client" and "to server"
1631 * connections. The combination of write_p == 0 and content_type == 22
Joseph Herlant017b3da2018-11-15 09:07:59 -08001632 * is only available during "from client" connection.
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001633 */
1634
1635 /* "write_p" is set to 0 is the bytes are received messages,
1636 * otherwise it is set to 1.
1637 */
1638 if (write_p != 0)
1639 return;
1640
1641 /* content_type contains the type of message received or sent
1642 * according with the SSL/TLS protocol spec. This message is
1643 * encoded with one byte. The value 256 (two bytes) is used
1644 * for designing the SSL/TLS record layer. According with the
1645 * rfc6101, the expected message (other than 256) are:
1646 * - change_cipher_spec(20)
1647 * - alert(21)
1648 * - handshake(22)
1649 * - application_data(23)
1650 * - (255)
1651 * We are interessed by the handshake and specially the client
1652 * hello.
1653 */
1654 if (content_type != 22)
1655 return;
1656
1657 /* The message length is at least 4 bytes, containing the
1658 * message type and the message length.
1659 */
1660 if (len < 4)
1661 return;
1662
1663 /* First byte of the handshake message id the type of
1664 * message. The konwn types are:
1665 * - hello_request(0)
1666 * - client_hello(1)
1667 * - server_hello(2)
1668 * - certificate(11)
1669 * - server_key_exchange (12)
1670 * - certificate_request(13)
1671 * - server_hello_done(14)
1672 * We are interested by the client hello.
1673 */
1674 msg = (unsigned char *)buf;
1675 if (msg[0] != 1)
1676 return;
1677
1678 /* Next three bytes are the length of the message. The total length
1679 * must be this decoded length + 4. If the length given as argument
1680 * is not the same, we abort the protocol dissector.
1681 */
1682 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1683 if (len < rec_len + 4)
1684 return;
1685 msg += 4;
1686 end = msg + rec_len;
1687 if (end < msg)
1688 return;
1689
1690 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1691 * for minor, the random, composed by 4 bytes for the unix time and
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001692 * 28 bytes for unix payload. So we jump 1 + 1 + 4 + 28.
1693 */
1694 msg += 1 + 1 + 4 + 28;
1695 if (msg > end)
1696 return;
1697
1698 /* Next, is session id:
1699 * if present, we have to jump by length + 1 for the size information
1700 * if not present, we have to jump by 1 only
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001701 */
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001702 if (msg[0] > 0)
1703 msg += msg[0];
1704 msg += 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001705 if (msg > end)
1706 return;
1707
1708 /* Next two bytes are the ciphersuite length. */
1709 if (msg + 2 > end)
1710 return;
1711 rec_len = (msg[0] << 8) + msg[1];
1712 msg += 2;
1713 if (msg + rec_len > end || msg + rec_len < msg)
1714 return;
1715
Willy Tarreaubafbe012017-11-24 17:34:44 +01001716 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001717 if (!capture)
1718 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001719 /* Compute the xxh64 of the ciphersuite. */
1720 capture->xxh64 = XXH64(msg, rec_len, 0);
1721
1722 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001723 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1724 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001725 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001726
1727 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001728}
1729
Emeric Brun29f037d2014-04-25 19:05:36 +02001730/* Callback is called for ssl protocol analyse */
1731void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1732{
Emeric Brun29f037d2014-04-25 19:05:36 +02001733#ifdef TLS1_RT_HEARTBEAT
1734 /* test heartbeat received (write_p is set to 0
1735 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001736 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001737 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
William Lallemand7e1770b2019-05-13 14:31:34 +02001738 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001739 const unsigned char *p = buf;
1740 unsigned int payload;
1741
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001742 ctx->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001743
1744 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1745 if (*p != TLS1_HB_REQUEST)
1746 return;
1747
Willy Tarreauaeed6722014-04-25 23:59:58 +02001748 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001749 goto kill_it;
1750
1751 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001752 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001753 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001754 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001755 /* We have a clear heartbleed attack (CVE-2014-0160), the
1756 * advertised payload is larger than the advertised packet
1757 * length, so we have garbage in the buffer between the
1758 * payload and the end of the buffer (p+len). We can't know
1759 * if the SSL stack is patched, and we don't know if we can
1760 * safely wipe out the area between p+3+len and payload.
1761 * So instead, we prevent the response from being sent by
1762 * setting the max_send_fragment to 0 and we report an SSL
1763 * error, which will kill this connection. It will be reported
1764 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001765 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1766 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001767 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001768 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1769 return;
1770 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001771#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001772 if (global_ssl.capture_cipherlist > 0)
1773 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001774}
1775
Bernard Spil13c53f82018-02-15 13:34:58 +01001776#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchardc7566002018-11-20 23:33:50 +01001777static int ssl_sock_srv_select_protos(SSL *s, unsigned char **out, unsigned char *outlen,
1778 const unsigned char *in, unsigned int inlen,
1779 void *arg)
1780{
1781 struct server *srv = arg;
1782
1783 if (SSL_select_next_proto(out, outlen, in, inlen, (unsigned char *)srv->ssl_ctx.npn_str,
1784 srv->ssl_ctx.npn_len) == OPENSSL_NPN_NEGOTIATED)
1785 return SSL_TLSEXT_ERR_OK;
1786 return SSL_TLSEXT_ERR_NOACK;
1787}
1788#endif
1789
1790#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001791/* This callback is used so that the server advertises the list of
1792 * negociable protocols for NPN.
1793 */
1794static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1795 unsigned int *len, void *arg)
1796{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001797 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001798
1799 *data = (const unsigned char *)conf->npn_str;
1800 *len = conf->npn_len;
1801 return SSL_TLSEXT_ERR_OK;
1802}
1803#endif
1804
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001805#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001806/* This callback is used so that the server advertises the list of
1807 * negociable protocols for ALPN.
1808 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001809static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1810 unsigned char *outlen,
1811 const unsigned char *server,
1812 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001813{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001814 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001815
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001816 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1817 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1818 return SSL_TLSEXT_ERR_NOACK;
1819 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001820 return SSL_TLSEXT_ERR_OK;
1821}
1822#endif
1823
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001824#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001825#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001826
Christopher Faulet30548802015-06-11 13:39:32 +02001827/* Create a X509 certificate with the specified servername and serial. This
1828 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001829static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001830ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001831{
Christopher Faulet7969a332015-10-09 11:15:03 +02001832 X509 *cacert = bind_conf->ca_sign_cert;
1833 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001834 SSL_CTX *ssl_ctx = NULL;
1835 X509 *newcrt = NULL;
1836 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001837 SSL *tmp_ssl = NULL;
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001838 CONF *ctmp = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001839 X509_NAME *name;
1840 const EVP_MD *digest;
1841 X509V3_CTX ctx;
1842 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001843 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001844
Christopher Faulet48a83322017-07-28 16:56:09 +02001845 /* Get the private key of the default certificate and use it */
Willy Tarreau5db847a2019-05-09 14:13:35 +02001846#if (HA_OPENSSL_VERSION_NUMBER >= 0x10002000L)
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001847 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1848#else
1849 tmp_ssl = SSL_new(bind_conf->default_ctx);
1850 if (tmp_ssl)
1851 pkey = SSL_get_privatekey(tmp_ssl);
1852#endif
1853 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001854 goto mkcert_error;
1855
1856 /* Create the certificate */
1857 if (!(newcrt = X509_new()))
1858 goto mkcert_error;
1859
1860 /* Set version number for the certificate (X509v3) and the serial
1861 * number */
1862 if (X509_set_version(newcrt, 2L) != 1)
1863 goto mkcert_error;
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01001864 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), _HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001865
1866 /* Set duration for the certificate */
Rosen Penev68185952018-12-14 08:47:02 -08001867 if (!X509_gmtime_adj(X509_getm_notBefore(newcrt), (long)-60*60*24) ||
1868 !X509_gmtime_adj(X509_getm_notAfter(newcrt),(long)60*60*24*365))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001869 goto mkcert_error;
1870
1871 /* set public key in the certificate */
1872 if (X509_set_pubkey(newcrt, pkey) != 1)
1873 goto mkcert_error;
1874
1875 /* Set issuer name from the CA */
1876 if (!(name = X509_get_subject_name(cacert)))
1877 goto mkcert_error;
1878 if (X509_set_issuer_name(newcrt, name) != 1)
1879 goto mkcert_error;
1880
1881 /* Set the subject name using the same, but the CN */
1882 name = X509_NAME_dup(name);
1883 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
1884 (const unsigned char *)servername,
1885 -1, -1, 0) != 1) {
1886 X509_NAME_free(name);
1887 goto mkcert_error;
1888 }
1889 if (X509_set_subject_name(newcrt, name) != 1) {
1890 X509_NAME_free(name);
1891 goto mkcert_error;
1892 }
1893 X509_NAME_free(name);
1894
1895 /* Add x509v3 extensions as specified */
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001896 ctmp = NCONF_new(NULL);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001897 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
1898 for (i = 0; i < X509V3_EXT_SIZE; i++) {
1899 X509_EXTENSION *ext;
1900
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001901 if (!(ext = X509V3_EXT_nconf(ctmp, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001902 goto mkcert_error;
1903 if (!X509_add_ext(newcrt, ext, -1)) {
1904 X509_EXTENSION_free(ext);
1905 goto mkcert_error;
1906 }
1907 X509_EXTENSION_free(ext);
1908 }
1909
1910 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001911
1912 key_type = EVP_PKEY_base_id(capkey);
1913
1914 if (key_type == EVP_PKEY_DSA)
1915 digest = EVP_sha1();
1916 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001917 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001918 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02001919 digest = EVP_sha256();
1920 else {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02001921#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000000fL) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet7969a332015-10-09 11:15:03 +02001922 int nid;
1923
1924 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
1925 goto mkcert_error;
1926 if (!(digest = EVP_get_digestbynid(nid)))
1927 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02001928#else
1929 goto mkcert_error;
1930#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02001931 }
1932
Christopher Faulet31af49d2015-06-09 17:29:50 +02001933 if (!(X509_sign(newcrt, capkey, digest)))
1934 goto mkcert_error;
1935
1936 /* Create and set the new SSL_CTX */
1937 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
1938 goto mkcert_error;
1939 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1940 goto mkcert_error;
1941 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
1942 goto mkcert_error;
1943 if (!SSL_CTX_check_private_key(ssl_ctx))
1944 goto mkcert_error;
1945
1946 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02001947
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001948#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001949 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001950#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001951#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
1952 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001953 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001954 EC_KEY *ecc;
1955 int nid;
1956
1957 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
1958 goto end;
1959 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
1960 goto end;
1961 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
1962 EC_KEY_free(ecc);
1963 }
1964#endif
1965 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02001966 return ssl_ctx;
1967
1968 mkcert_error:
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001969 if (ctmp) NCONF_free(ctmp);
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001970 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001971 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
1972 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001973 return NULL;
1974}
1975
Christopher Faulet7969a332015-10-09 11:15:03 +02001976SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001977ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02001978{
Willy Tarreau07d94e42018-09-20 10:57:52 +02001979 struct bind_conf *bind_conf = __objt_listener(conn->target)->bind_conf;
Olivier Houchard66ab4982019-02-26 18:37:15 +01001980 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001981
Olivier Houchard66ab4982019-02-26 18:37:15 +01001982 return ssl_sock_do_create_cert(servername, bind_conf, ctx->ssl);
Christopher Faulet7969a332015-10-09 11:15:03 +02001983}
1984
Christopher Faulet30548802015-06-11 13:39:32 +02001985/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02001986 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02001987SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02001988ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02001989{
1990 struct lru64 *lru = NULL;
1991
1992 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001993 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001994 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001995 if (lru && lru->domain) {
1996 if (ssl)
1997 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001998 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001999 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002000 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002001 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002002 }
2003 return NULL;
2004}
2005
Emeric Brun821bb9b2017-06-15 16:37:39 +02002006/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
2007 * function is not thread-safe, it should only be used to check if a certificate
2008 * exists in the lru cache (with no warranty it will not be removed by another
2009 * thread). It is kept for backward compatibility. */
2010SSL_CTX *
2011ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
2012{
2013 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
2014}
2015
Christopher Fauletd2cab922015-07-28 16:03:47 +02002016/* Set a certificate int the LRU cache used to store generated
2017 * certificate. Return 0 on success, otherwise -1 */
2018int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002019ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02002020{
2021 struct lru64 *lru = NULL;
2022
2023 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002024 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002025 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02002026 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002027 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002028 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002029 }
Christopher Faulet30548802015-06-11 13:39:32 +02002030 if (lru->domain && lru->data)
2031 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02002032 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002033 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002034 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02002035 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02002036 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02002037}
2038
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002039/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02002040unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002041ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02002042{
2043 return XXH32(data, len, ssl_ctx_lru_seed);
2044}
2045
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002046/* Generate a cert and immediately assign it to the SSL session so that the cert's
2047 * refcount is maintained regardless of the cert's presence in the LRU cache.
2048 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002049static int
Christopher Faulet7969a332015-10-09 11:15:03 +02002050ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02002051{
2052 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002053 SSL_CTX *ssl_ctx = NULL;
2054 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002055 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002056
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002057 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02002058 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002059 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002060 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002061 if (lru && lru->domain)
2062 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02002063 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002064 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002065 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002066 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002067 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002068 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002069 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002070 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002071 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002072 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002073 SSL_set_SSL_CTX(ssl, ssl_ctx);
2074 /* No LRU cache, this CTX will be released as soon as the session dies */
2075 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002076 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002077 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002078 return 0;
2079}
2080static int
2081ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
2082{
2083 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002084 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002085
2086 conn_get_to_addr(conn);
2087 if (conn->flags & CO_FL_ADDR_TO_SET) {
2088 key = ssl_sock_generated_cert_key(&conn->addr.to, get_addr_len(&conn->addr.to));
Emeric Brun821bb9b2017-06-15 16:37:39 +02002089 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002090 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002091 }
2092 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002093}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002094#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002095
Willy Tarreau9a1ab082019-05-09 13:26:41 +02002096#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002097typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
2098
2099static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002100{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002101#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002102 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002103 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
2104#endif
2105}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002106static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2107 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002108 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
2109}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002110static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002111#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002112 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002113 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
2114#endif
2115}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002116static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002117#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002118 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002119 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
2120#endif
2121}
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002122/* TLSv1.2 is the last supported version in this context. */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002123static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
2124/* Unusable in this context. */
2125static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
2126static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
2127static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
2128static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
2129static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002130#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002131typedef enum { SET_MIN, SET_MAX } set_context_func;
2132
2133static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2134 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002135 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2136}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002137static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2138 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2139 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2140}
2141static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2142 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002143 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2144}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002145static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2146 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2147 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2148}
2149static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2150 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002151 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2152}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002153static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2154 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2155 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2156}
2157static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2158 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002159 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2160}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002161static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2162 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2163 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2164}
2165static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002166#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002167 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002168 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2169#endif
2170}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002171static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2172#if SSL_OP_NO_TLSv1_3
2173 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2174 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002175#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002176}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002177#endif
2178static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2179static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002180
2181static struct {
2182 int option;
2183 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002184 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2185 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002186 const char *name;
2187} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002188 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2189 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2190 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2191 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2192 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2193 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002194};
2195
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002196static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2197{
2198 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2199 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2200 SSL_set_SSL_CTX(ssl, ctx);
2201}
2202
Willy Tarreau5db847a2019-05-09 14:13:35 +02002203#if ((HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL))
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002204
2205static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2206{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002207 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002208 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002209
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002210 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2211 return SSL_TLSEXT_ERR_OK;
2212 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002213}
2214
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002215#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002216static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2217{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002218 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002219#else
2220static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2221{
2222#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002223 struct connection *conn;
2224 struct bind_conf *s;
2225 const uint8_t *extension_data;
2226 size_t extension_len;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002227 int has_rsa_sig = 0, has_ecdsa_sig = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002228
2229 char *wildp = NULL;
2230 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002231 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002232 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002233 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002234 int i;
2235
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002236 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreaua8825522018-10-15 13:20:07 +02002237 s = __objt_listener(conn->target)->bind_conf;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002238
Olivier Houchard9679ac92017-10-27 14:58:08 +02002239 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002240 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002241#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002242 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2243 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002244#else
2245 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2246#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002247 /*
2248 * The server_name extension was given too much extensibility when it
2249 * was written, so parsing the normal case is a bit complex.
2250 */
2251 size_t len;
2252 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002253 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002254 /* Extract the length of the supplied list of names. */
2255 len = (*extension_data++) << 8;
2256 len |= *extension_data++;
2257 if (len + 2 != extension_len)
2258 goto abort;
2259 /*
2260 * The list in practice only has a single element, so we only consider
2261 * the first one.
2262 */
2263 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2264 goto abort;
2265 extension_len = len - 1;
2266 /* Now we can finally pull out the byte array with the actual hostname. */
2267 if (extension_len <= 2)
2268 goto abort;
2269 len = (*extension_data++) << 8;
2270 len |= *extension_data++;
2271 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2272 || memchr(extension_data, 0, len) != NULL)
2273 goto abort;
2274 servername = extension_data;
2275 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002276 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002277#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2278 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002279 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002280 }
2281#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002282 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002283 if (!s->strict_sni) {
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002284 ssl_sock_switchctx_set(ssl, s->default_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002285 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002286 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002287 goto abort;
2288 }
2289
2290 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002291#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002292 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002293#else
2294 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2295#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002296 uint8_t sign;
2297 size_t len;
2298 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002299 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002300 len = (*extension_data++) << 8;
2301 len |= *extension_data++;
2302 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002303 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002304 if (len % 2 != 0)
2305 goto abort;
2306 for (; len > 0; len -= 2) {
2307 extension_data++; /* hash */
2308 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002309 switch (sign) {
2310 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002311 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002312 break;
2313 case TLSEXT_signature_ecdsa:
2314 has_ecdsa_sig = 1;
2315 break;
2316 default:
2317 continue;
2318 }
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002319 if (has_ecdsa_sig && has_rsa_sig)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002320 break;
2321 }
2322 } else {
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002323 /* without TLSEXT_TYPE_signature_algorithms extension (< TLSv1.2) */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002324 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002325 }
2326 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002327 const SSL_CIPHER *cipher;
2328 size_t len;
2329 const uint8_t *cipher_suites;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002330 has_ecdsa_sig = 0;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002331#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002332 len = ctx->cipher_suites_len;
2333 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002334#else
2335 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2336#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002337 if (len % 2 != 0)
2338 goto abort;
2339 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002340#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002341 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002342 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002343#else
2344 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2345#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002346 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002347 has_ecdsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002348 break;
2349 }
2350 }
2351 }
2352
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002353 for (i = 0; i < trash.size && i < servername_len; i++) {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002354 trash.area[i] = tolower(servername[i]);
2355 if (!wildp && (trash.area[i] == '.'))
2356 wildp = &trash.area[i];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002357 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002358 trash.area[i] = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002359
2360 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002361 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002362
2363 /* lookup a not neg filter */
2364 for (n = node; n; n = ebmb_next_dup(n)) {
2365 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002366 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002367 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002368 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002369 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002370 break;
2371 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002372 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002373 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002374 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002375 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002376 if (!node_anonymous)
2377 node_anonymous = n;
2378 break;
2379 }
2380 }
2381 }
2382 if (wildp) {
2383 /* lookup in wildcards names */
2384 node = ebst_lookup(&s->sni_w_ctx, wildp);
2385 for (n = node; n; n = ebmb_next_dup(n)) {
2386 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002387 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002388 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002389 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002390 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002391 break;
2392 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002393 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002394 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002395 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002396 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002397 if (!node_anonymous)
2398 node_anonymous = n;
2399 break;
2400 }
2401 }
2402 }
2403 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002404 /* select by key_signature priority order */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002405 node = (has_ecdsa_sig && node_ecdsa) ? node_ecdsa
2406 : ((has_rsa_sig && node_rsa) ? node_rsa
2407 : (node_anonymous ? node_anonymous
2408 : (node_ecdsa ? node_ecdsa /* no ecdsa signature case (< TLSv1.2) */
2409 : node_rsa /* no rsa signature case (far far away) */
2410 )));
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002411 if (node) {
2412 /* switch ctx */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02002413 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002414 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002415 if (conf) {
2416 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2417 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2418 if (conf->early_data)
2419 allow_early = 1;
2420 }
2421 goto allow_early;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002422 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002423#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002424 if (s->generate_certs && ssl_sock_generate_certificate(trash.area, s, ssl)) {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002425 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002426 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002427 }
2428#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002429 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002430 /* no certificate match, is the default_ctx */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002431 ssl_sock_switchctx_set(ssl, s->default_ctx);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002432 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002433allow_early:
2434#ifdef OPENSSL_IS_BORINGSSL
2435 if (allow_early)
2436 SSL_set_early_data_enabled(ssl, 1);
2437#else
2438 if (!allow_early)
2439 SSL_set_max_early_data(ssl, 0);
2440#endif
2441 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002442 abort:
2443 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2444 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002445#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002446 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002447#else
2448 *al = SSL_AD_UNRECOGNIZED_NAME;
2449 return 0;
2450#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002451}
2452
2453#else /* OPENSSL_IS_BORINGSSL */
2454
Emeric Brunfc0421f2012-09-07 17:30:07 +02002455/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2456 * warning when no match is found, which implies the default (first) cert
2457 * will keep being used.
2458 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002459static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002460{
2461 const char *servername;
2462 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002463 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002464 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002465 int i;
2466 (void)al; /* shut gcc stupid warning */
2467
2468 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002469 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002470#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002471 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2472 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002473#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002474 if (s->strict_sni)
2475 return SSL_TLSEXT_ERR_ALERT_FATAL;
2476 ssl_sock_switchctx_set(ssl, s->default_ctx);
2477 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002478 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002479
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002480 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002481 if (!servername[i])
2482 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002483 trash.area[i] = tolower(servername[i]);
2484 if (!wildp && (trash.area[i] == '.'))
2485 wildp = &trash.area[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002486 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002487 trash.area[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002488
2489 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002490 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002491
2492 /* lookup a not neg filter */
2493 for (n = node; n; n = ebmb_next_dup(n)) {
2494 if (!container_of(n, struct sni_ctx, name)->neg) {
2495 node = n;
2496 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002497 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002498 }
2499 if (!node && wildp) {
2500 /* lookup in wildcards names */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002501 node = ebst_lookup(&s->sni_w_ctx, wildp);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002502 }
2503 if (!node || container_of(node, struct sni_ctx, name)->neg) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002504#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002505 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2506 /* switch ctx done in ssl_sock_generate_certificate */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002507 return SSL_TLSEXT_ERR_OK;
2508 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002509#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002510 if (s->strict_sni)
2511 return SSL_TLSEXT_ERR_ALERT_FATAL;
2512 ssl_sock_switchctx_set(ssl, s->default_ctx);
2513 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002514 }
2515
2516 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002517 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002518 return SSL_TLSEXT_ERR_OK;
2519}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002520#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002521#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2522
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002523#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002524
2525static DH * ssl_get_dh_1024(void)
2526{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002527 static unsigned char dh1024_p[]={
2528 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2529 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2530 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2531 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2532 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2533 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2534 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2535 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2536 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2537 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2538 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2539 };
2540 static unsigned char dh1024_g[]={
2541 0x02,
2542 };
2543
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002544 BIGNUM *p;
2545 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002546 DH *dh = DH_new();
2547 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002548 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2549 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002550
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002551 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002552 DH_free(dh);
2553 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002554 } else {
2555 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002556 }
2557 }
2558 return dh;
2559}
2560
2561static DH *ssl_get_dh_2048(void)
2562{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002563 static unsigned char dh2048_p[]={
2564 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2565 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2566 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2567 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2568 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2569 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2570 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2571 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2572 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2573 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2574 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2575 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2576 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2577 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2578 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2579 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2580 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2581 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2582 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2583 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2584 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2585 0xB7,0x1F,0x77,0xF3,
2586 };
2587 static unsigned char dh2048_g[]={
2588 0x02,
2589 };
2590
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002591 BIGNUM *p;
2592 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002593 DH *dh = DH_new();
2594 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002595 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2596 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002597
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002598 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002599 DH_free(dh);
2600 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002601 } else {
2602 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002603 }
2604 }
2605 return dh;
2606}
2607
2608static DH *ssl_get_dh_4096(void)
2609{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002610 static unsigned char dh4096_p[]={
2611 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2612 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2613 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2614 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2615 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2616 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2617 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2618 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2619 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2620 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2621 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2622 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2623 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2624 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2625 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2626 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2627 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2628 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2629 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2630 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2631 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2632 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2633 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2634 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2635 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2636 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2637 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2638 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2639 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2640 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2641 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2642 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2643 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2644 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2645 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2646 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2647 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2648 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2649 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2650 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2651 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2652 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2653 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002654 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002655 static unsigned char dh4096_g[]={
2656 0x02,
2657 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002658
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002659 BIGNUM *p;
2660 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002661 DH *dh = DH_new();
2662 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002663 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2664 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002665
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002666 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002667 DH_free(dh);
2668 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002669 } else {
2670 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002671 }
2672 }
2673 return dh;
2674}
2675
2676/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002677 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002678static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2679{
2680 DH *dh = NULL;
2681 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002682 int type;
2683
2684 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002685
2686 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2687 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2688 */
2689 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2690 keylen = EVP_PKEY_bits(pkey);
2691 }
2692
Willy Tarreauef934602016-12-22 23:12:01 +01002693 if (keylen > global_ssl.default_dh_param) {
2694 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002695 }
2696
Remi Gacogned3a341a2015-05-29 16:26:17 +02002697 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002698 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002699 }
2700 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002701 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002702 }
2703 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002704 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002705 }
2706
2707 return dh;
2708}
2709
Remi Gacogne47783ef2015-05-29 15:53:22 +02002710static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002711{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002712 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002713 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002714
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002715 if (in == NULL)
2716 goto end;
2717
Remi Gacogne47783ef2015-05-29 15:53:22 +02002718 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002719 goto end;
2720
Remi Gacogne47783ef2015-05-29 15:53:22 +02002721 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2722
2723end:
2724 if (in)
2725 BIO_free(in);
2726
Emeric Brune1b4ed42018-08-16 15:14:12 +02002727 ERR_clear_error();
2728
Remi Gacogne47783ef2015-05-29 15:53:22 +02002729 return dh;
2730}
2731
2732int ssl_sock_load_global_dh_param_from_file(const char *filename)
2733{
2734 global_dh = ssl_sock_get_dh_from_file(filename);
2735
2736 if (global_dh) {
2737 return 0;
2738 }
2739
2740 return -1;
2741}
2742
2743/* Loads Diffie-Hellman parameter from a file. Returns 1 if loaded, else -1
Joseph Herlant017b3da2018-11-15 09:07:59 -08002744 if an error occurred, and 0 if parameter not found. */
Remi Gacogne47783ef2015-05-29 15:53:22 +02002745int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file)
2746{
2747 int ret = -1;
2748 DH *dh = ssl_sock_get_dh_from_file(file);
2749
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002750 if (dh) {
2751 ret = 1;
2752 SSL_CTX_set_tmp_dh(ctx, dh);
Remi Gacogne4f902b82015-05-28 16:23:00 +02002753
2754 if (ssl_dh_ptr_index >= 0) {
2755 /* store a pointer to the DH params to avoid complaining about
2756 ssl-default-dh-param not being set for this SSL_CTX */
2757 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
2758 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002759 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02002760 else if (global_dh) {
2761 SSL_CTX_set_tmp_dh(ctx, global_dh);
2762 ret = 0; /* DH params not found */
2763 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002764 else {
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002765 /* Clear openssl global errors stack */
2766 ERR_clear_error();
2767
Willy Tarreauef934602016-12-22 23:12:01 +01002768 if (global_ssl.default_dh_param <= 1024) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002769 /* we are limited to DH parameter of 1024 bits anyway */
Remi Gacognec7e12632016-07-02 16:26:10 +02002770 if (local_dh_1024 == NULL)
2771 local_dh_1024 = ssl_get_dh_1024();
2772
Remi Gacogne8de54152014-07-15 11:36:40 +02002773 if (local_dh_1024 == NULL)
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002774 goto end;
Willy Tarreau6e774b42014-04-25 21:35:23 +02002775
Remi Gacogne8de54152014-07-15 11:36:40 +02002776 SSL_CTX_set_tmp_dh(ctx, local_dh_1024);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002777 }
2778 else {
2779 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
2780 }
Willy Tarreau6e774b42014-04-25 21:35:23 +02002781
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002782 ret = 0; /* DH params not found */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002783 }
Emeric Brun644cde02012-12-14 11:21:13 +01002784
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002785end:
2786 if (dh)
2787 DH_free(dh);
2788
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002789 return ret;
2790}
2791#endif
2792
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002793static int ssl_sock_add_cert_sni(SSL_CTX *ctx, struct bind_conf *s, struct ssl_bind_conf *conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002794 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002795{
2796 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002797 int wild = 0, neg = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002798 struct ebmb_node *node;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002799
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002800 if (*name == '!') {
2801 neg = 1;
2802 name++;
2803 }
2804 if (*name == '*') {
2805 wild = 1;
2806 name++;
2807 }
2808 /* !* filter is a nop */
2809 if (neg && wild)
2810 return order;
2811 if (*name) {
2812 int j, len;
2813 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002814 for (j = 0; j < len && j < trash.size; j++)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002815 trash.area[j] = tolower(name[j]);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002816 if (j >= trash.size)
2817 return order;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002818 trash.area[j] = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002819
2820 /* Check for duplicates. */
2821 if (wild)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002822 node = ebst_lookup(&s->sni_w_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002823 else
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002824 node = ebst_lookup(&s->sni_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002825 for (; node; node = ebmb_next_dup(node)) {
2826 sc = ebmb_entry(node, struct sni_ctx, name);
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002827 if (sc->ctx == ctx && sc->conf == conf && sc->neg == neg)
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002828 return order;
2829 }
2830
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002831 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002832 if (!sc)
2833 return order;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002834 memcpy(sc->name.key, trash.area, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002835 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002836 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002837 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002838 sc->order = order++;
2839 sc->neg = neg;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01002840 if (kinfo.sig != TLSEXT_signature_anonymous)
2841 SSL_CTX_set_ex_data(ctx, ssl_pkey_info_index, &sc->kinfo);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002842 if (wild)
2843 ebst_insert(&s->sni_w_ctx, &sc->name);
2844 else
2845 ebst_insert(&s->sni_ctx, &sc->name);
2846 }
2847 return order;
2848}
2849
yanbzhu488a4d22015-12-01 15:16:07 -05002850
2851/* The following code is used for loading multiple crt files into
2852 * SSL_CTX's based on CN/SAN
2853 */
Willy Tarreau5db847a2019-05-09 14:13:35 +02002854#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu488a4d22015-12-01 15:16:07 -05002855/* This is used to preload the certifcate, private key
2856 * and Cert Chain of a file passed in via the crt
2857 * argument
2858 *
2859 * This way, we do not have to read the file multiple times
2860 */
2861struct cert_key_and_chain {
2862 X509 *cert;
2863 EVP_PKEY *key;
2864 unsigned int num_chain_certs;
2865 /* This is an array of X509 pointers */
2866 X509 **chain_certs;
2867};
2868
yanbzhu08ce6ab2015-12-02 13:01:29 -05002869#define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
2870
2871struct key_combo_ctx {
2872 SSL_CTX *ctx;
2873 int order;
2874};
2875
2876/* Map used for processing multiple keypairs for a single purpose
2877 *
2878 * This maps CN/SNI name to certificate type
2879 */
2880struct sni_keytype {
2881 int keytypes; /* BITMASK for keytypes */
2882 struct ebmb_node name; /* node holding the servername value */
2883};
2884
2885
yanbzhu488a4d22015-12-01 15:16:07 -05002886/* Frees the contents of a cert_key_and_chain
2887 */
2888static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
2889{
2890 int i;
2891
2892 if (!ckch)
2893 return;
2894
2895 /* Free the certificate and set pointer to NULL */
2896 if (ckch->cert)
2897 X509_free(ckch->cert);
2898 ckch->cert = NULL;
2899
2900 /* Free the key and set pointer to NULL */
2901 if (ckch->key)
2902 EVP_PKEY_free(ckch->key);
2903 ckch->key = NULL;
2904
2905 /* Free each certificate in the chain */
2906 for (i = 0; i < ckch->num_chain_certs; i++) {
2907 if (ckch->chain_certs[i])
2908 X509_free(ckch->chain_certs[i]);
2909 }
2910
2911 /* Free the chain obj itself and set to NULL */
2912 if (ckch->num_chain_certs > 0) {
2913 free(ckch->chain_certs);
2914 ckch->num_chain_certs = 0;
2915 ckch->chain_certs = NULL;
2916 }
2917
2918}
2919
2920/* checks if a key and cert exists in the ckch
2921 */
2922static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
2923{
2924 return (ckch->cert != NULL && ckch->key != NULL);
2925}
2926
2927
2928/* Loads the contents of a crt file (path) into a cert_key_and_chain
2929 * This allows us to carry the contents of the file without having to
2930 * read the file multiple times.
2931 *
2932 * returns:
2933 * 0 on Success
2934 * 1 on SSL Failure
2935 * 2 on file not found
2936 */
2937static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
2938{
2939
2940 BIO *in;
2941 X509 *ca = NULL;
2942 int ret = 1;
2943
2944 ssl_sock_free_cert_key_and_chain_contents(ckch);
2945
2946 in = BIO_new(BIO_s_file());
2947 if (in == NULL)
2948 goto end;
2949
2950 if (BIO_read_filename(in, path) <= 0)
2951 goto end;
2952
yanbzhu488a4d22015-12-01 15:16:07 -05002953 /* Read Private Key */
2954 ckch->key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
2955 if (ckch->key == NULL) {
2956 memprintf(err, "%sunable to load private key from file '%s'.\n",
2957 err && *err ? *err : "", path);
2958 goto end;
2959 }
2960
Willy Tarreaubb137a82016-04-06 19:02:38 +02002961 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02002962 if (BIO_reset(in) == -1) {
2963 memprintf(err, "%san error occurred while reading the file '%s'.\n",
2964 err && *err ? *err : "", path);
2965 goto end;
2966 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02002967
2968 /* Read Certificate */
2969 ckch->cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
2970 if (ckch->cert == NULL) {
2971 memprintf(err, "%sunable to load certificate from file '%s'.\n",
2972 err && *err ? *err : "", path);
2973 goto end;
2974 }
2975
yanbzhu488a4d22015-12-01 15:16:07 -05002976 /* Read Certificate Chain */
2977 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
2978 /* Grow the chain certs */
2979 ckch->num_chain_certs++;
2980 ckch->chain_certs = realloc(ckch->chain_certs, (ckch->num_chain_certs * sizeof(X509 *)));
2981
2982 /* use - 1 here since we just incremented it above */
2983 ckch->chain_certs[ckch->num_chain_certs - 1] = ca;
2984 }
2985 ret = ERR_get_error();
2986 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
2987 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
2988 err && *err ? *err : "", path);
2989 ret = 1;
2990 goto end;
2991 }
2992
2993 ret = 0;
2994
2995end:
2996
2997 ERR_clear_error();
2998 if (in)
2999 BIO_free(in);
3000
3001 /* Something went wrong in one of the reads */
3002 if (ret != 0)
3003 ssl_sock_free_cert_key_and_chain_contents(ckch);
3004
3005 return ret;
3006}
3007
3008/* Loads the info in ckch into ctx
3009 * Currently, this does not process any information about ocsp, dhparams or
3010 * sctl
3011 * Returns
3012 * 0 on success
3013 * 1 on failure
3014 */
3015static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
3016{
3017 int i = 0;
3018
3019 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
3020 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
3021 err && *err ? *err : "", path);
3022 return 1;
3023 }
3024
3025 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
3026 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
3027 err && *err ? *err : "", path);
3028 return 1;
3029 }
3030
yanbzhu488a4d22015-12-01 15:16:07 -05003031 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
3032 for (i = 0; i < ckch->num_chain_certs; i++) {
3033 if (!SSL_CTX_add1_chain_cert(ctx, ckch->chain_certs[i])) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003034 memprintf(err, "%sunable to load chain certificate #%d into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
3035 err && *err ? *err : "", (i+1), path);
yanbzhu488a4d22015-12-01 15:16:07 -05003036 return 1;
3037 }
3038 }
3039
3040 if (SSL_CTX_check_private_key(ctx) <= 0) {
3041 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3042 err && *err ? *err : "", path);
3043 return 1;
3044 }
3045
3046 return 0;
3047}
3048
yanbzhu08ce6ab2015-12-02 13:01:29 -05003049
3050static void ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
3051{
3052 struct sni_keytype *s_kt = NULL;
3053 struct ebmb_node *node;
3054 int i;
3055
3056 for (i = 0; i < trash.size; i++) {
3057 if (!str[i])
3058 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003059 trash.area[i] = tolower(str[i]);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003060 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003061 trash.area[i] = 0;
3062 node = ebst_lookup(sni_keytypes, trash.area);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003063 if (!node) {
3064 /* CN not found in tree */
3065 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
3066 /* Using memcpy here instead of strncpy.
3067 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
3068 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
3069 */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003070 memcpy(s_kt->name.key, trash.area, i+1);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003071 s_kt->keytypes = 0;
3072 ebst_insert(sni_keytypes, &s_kt->name);
3073 } else {
3074 /* CN found in tree */
3075 s_kt = container_of(node, struct sni_keytype, name);
3076 }
3077
3078 /* Mark that this CN has the keytype of key_index via keytypes mask */
3079 s_kt->keytypes |= 1<<key_index;
3080
3081}
3082
3083
3084/* Given a path that does not exist, try to check for path.rsa, path.dsa and path.ecdsa files.
3085 * If any are found, group these files into a set of SSL_CTX*
3086 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
3087 *
Joseph Herlant017b3da2018-11-15 09:07:59 -08003088 * This will allow the user to explicitly group multiple cert/keys for a single purpose
yanbzhu08ce6ab2015-12-02 13:01:29 -05003089 *
3090 * Returns
3091 * 0 on success
3092 * 1 on failure
3093 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003094static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3095 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003096{
3097 char fp[MAXPATHLEN+1] = {0};
3098 int n = 0;
3099 int i = 0;
3100 struct cert_key_and_chain certs_and_keys[SSL_SOCK_NUM_KEYTYPES] = { {0} };
3101 struct eb_root sni_keytypes_map = { {0} };
3102 struct ebmb_node *node;
3103 struct ebmb_node *next;
3104 /* Array of SSL_CTX pointers corresponding to each possible combo
3105 * of keytypes
3106 */
3107 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
3108 int rv = 0;
3109 X509_NAME *xname = NULL;
3110 char *str = NULL;
3111#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3112 STACK_OF(GENERAL_NAME) *names = NULL;
3113#endif
3114
3115 /* Load all possible certs and keys */
3116 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3117 struct stat buf;
3118
3119 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3120 if (stat(fp, &buf) == 0) {
3121 if (ssl_sock_load_crt_file_into_ckch(fp, &certs_and_keys[n], err) == 1) {
3122 rv = 1;
3123 goto end;
3124 }
3125 }
3126 }
3127
3128 /* Process each ckch and update keytypes for each CN/SAN
3129 * for example, if CN/SAN www.a.com is associated with
3130 * certs with keytype 0 and 2, then at the end of the loop,
3131 * www.a.com will have:
3132 * keyindex = 0 | 1 | 4 = 5
3133 */
3134 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3135
3136 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3137 continue;
3138
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003139 if (fcount) {
Willy Tarreau24b892f2016-06-20 23:01:57 +02003140 for (i = 0; i < fcount; i++)
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003141 ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3142 } else {
3143 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3144 * so the line that contains logic is marked via comments
3145 */
3146 xname = X509_get_subject_name(certs_and_keys[n].cert);
3147 i = -1;
3148 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3149 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003150 ASN1_STRING *value;
3151 value = X509_NAME_ENTRY_get_data(entry);
3152 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003153 /* Important line is here */
3154 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003155
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003156 OPENSSL_free(str);
3157 str = NULL;
3158 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003159 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003160
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003161 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003162#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003163 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3164 if (names) {
3165 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3166 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003167
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003168 if (name->type == GEN_DNS) {
3169 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3170 /* Important line is here */
3171 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003172
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003173 OPENSSL_free(str);
3174 str = NULL;
3175 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003176 }
3177 }
3178 }
3179 }
3180#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3181 }
3182
3183 /* If no files found, return error */
3184 if (eb_is_empty(&sni_keytypes_map)) {
3185 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3186 err && *err ? *err : "", path);
3187 rv = 1;
3188 goto end;
3189 }
3190
3191 /* We now have a map of CN/SAN to keytypes that are loaded in
3192 * Iterate through the map to create the SSL_CTX's (if needed)
3193 * and add each CTX to the SNI tree
3194 *
3195 * Some math here:
Joseph Herlant017b3da2018-11-15 09:07:59 -08003196 * There are 2^n - 1 possible combinations, each unique
yanbzhu08ce6ab2015-12-02 13:01:29 -05003197 * combination is denoted by the key in the map. Each key
3198 * has a value between 1 and 2^n - 1. Conveniently, the array
3199 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3200 * entry in the array to correspond to the unique combo (key)
3201 * associated with i. This unique key combo (i) will be associated
3202 * with combos[i-1]
3203 */
3204
3205 node = ebmb_first(&sni_keytypes_map);
3206 while (node) {
3207 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003208 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003209 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003210
3211 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3212 i = container_of(node, struct sni_keytype, name)->keytypes;
3213 cur_ctx = key_combos[i-1].ctx;
3214
3215 if (cur_ctx == NULL) {
3216 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003217 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003218 if (cur_ctx == NULL) {
3219 memprintf(err, "%sunable to allocate SSL context.\n",
3220 err && *err ? *err : "");
3221 rv = 1;
3222 goto end;
3223 }
3224
yanbzhube2774d2015-12-10 15:07:30 -05003225 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003226 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3227 if (i & (1<<n)) {
3228 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003229 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3230 if (ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err) != 0) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003231 SSL_CTX_free(cur_ctx);
3232 rv = 1;
3233 goto end;
3234 }
yanbzhube2774d2015-12-10 15:07:30 -05003235
3236#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
3237 /* Load OCSP Info into context */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003238 if (ssl_sock_load_ocsp(cur_ctx, cur_file) < 0) {
yanbzhube2774d2015-12-10 15:07:30 -05003239 if (err)
3240 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
Bertrand Jacquin5424ee02016-11-13 16:37:14 +00003241 *err ? *err : "", cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003242 SSL_CTX_free(cur_ctx);
3243 rv = 1;
3244 goto end;
3245 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003246#elif (defined OPENSSL_IS_BORINGSSL)
3247 ssl_sock_set_ocsp_response_from_file(cur_ctx, cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003248#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05003249 }
3250 }
3251
3252 /* Load DH params into the ctx to support DHE keys */
3253#ifndef OPENSSL_NO_DH
3254 if (ssl_dh_ptr_index >= 0)
3255 SSL_CTX_set_ex_data(cur_ctx, ssl_dh_ptr_index, NULL);
3256
3257 rv = ssl_sock_load_dh_params(cur_ctx, NULL);
3258 if (rv < 0) {
3259 if (err)
3260 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3261 *err ? *err : "", path);
3262 rv = 1;
3263 goto end;
3264 }
3265#endif
3266
3267 /* Update key_combos */
3268 key_combos[i-1].ctx = cur_ctx;
3269 }
3270
3271 /* Update SNI Tree */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003272 key_combos[i-1].order = ssl_sock_add_cert_sni(cur_ctx, bind_conf, ssl_conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003273 kinfo, str, key_combos[i-1].order);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003274 node = ebmb_next(node);
3275 }
3276
3277
3278 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3279 if (!bind_conf->default_ctx) {
3280 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3281 if (key_combos[i].ctx) {
3282 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003283 bind_conf->default_ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003284 break;
3285 }
3286 }
3287 }
3288
3289end:
3290
3291 if (names)
3292 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
3293
3294 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
3295 ssl_sock_free_cert_key_and_chain_contents(&certs_and_keys[n]);
3296
3297 node = ebmb_first(&sni_keytypes_map);
3298 while (node) {
3299 next = ebmb_next(node);
3300 ebmb_delete(node);
3301 node = next;
3302 }
3303
3304 return rv;
3305}
3306#else
3307/* This is a dummy, that just logs an error and returns error */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003308static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3309 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003310{
3311 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3312 err && *err ? *err : "", path, strerror(errno));
3313 return 1;
3314}
3315
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003316#endif /* #if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
yanbzhu488a4d22015-12-01 15:16:07 -05003317
Emeric Brunfc0421f2012-09-07 17:30:07 +02003318/* Loads a certificate key and CA chain from a file. Returns 0 on error, -1 if
3319 * an early error happens and the caller must call SSL_CTX_free() by itelf.
3320 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003321static int ssl_sock_load_cert_chain_file(SSL_CTX *ctx, const char *file, struct bind_conf *s,
3322 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003323{
3324 BIO *in;
3325 X509 *x = NULL, *ca;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003326 int i, err;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003327 int ret = -1;
3328 int order = 0;
3329 X509_NAME *xname;
3330 char *str;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003331 pem_password_cb *passwd_cb;
3332 void *passwd_cb_userdata;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003333 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003334 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003335
Emeric Brunfc0421f2012-09-07 17:30:07 +02003336#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3337 STACK_OF(GENERAL_NAME) *names;
3338#endif
3339
3340 in = BIO_new(BIO_s_file());
3341 if (in == NULL)
3342 goto end;
3343
3344 if (BIO_read_filename(in, file) <= 0)
3345 goto end;
3346
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003347
3348 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
3349 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
3350
3351 x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003352 if (x == NULL)
3353 goto end;
3354
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003355 pkey = X509_get_pubkey(x);
3356 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003357 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003358 switch(EVP_PKEY_base_id(pkey)) {
3359 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003360 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003361 break;
3362 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003363 kinfo.sig = TLSEXT_signature_ecdsa;
3364 break;
3365 case EVP_PKEY_DSA:
3366 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003367 break;
3368 }
3369 EVP_PKEY_free(pkey);
3370 }
3371
Emeric Brun50bcecc2013-04-22 13:05:23 +02003372 if (fcount) {
3373 while (fcount--)
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003374 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, sni_filter[fcount], order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003375 }
3376 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003377#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003378 names = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
3379 if (names) {
3380 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3381 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
3382 if (name->type == GEN_DNS) {
3383 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003384 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003385 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003386 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003387 }
3388 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003389 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003390 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003391#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003392 xname = X509_get_subject_name(x);
3393 i = -1;
3394 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3395 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003396 ASN1_STRING *value;
3397
3398 value = X509_NAME_ENTRY_get_data(entry);
3399 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003400 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003401 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003402 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003403 }
3404 }
3405
3406 ret = 0; /* the caller must not free the SSL_CTX argument anymore */
3407 if (!SSL_CTX_use_certificate(ctx, x))
3408 goto end;
3409
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003410#ifdef SSL_CTX_clear_extra_chain_certs
3411 SSL_CTX_clear_extra_chain_certs(ctx);
3412#else
Emeric Brunfc0421f2012-09-07 17:30:07 +02003413 if (ctx->extra_certs != NULL) {
3414 sk_X509_pop_free(ctx->extra_certs, X509_free);
3415 ctx->extra_certs = NULL;
3416 }
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003417#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003418
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003419 while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_cb_userdata))) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003420 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3421 X509_free(ca);
3422 goto end;
3423 }
3424 }
3425
3426 err = ERR_get_error();
3427 if (!err || (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
3428 /* we successfully reached the last cert in the file */
3429 ret = 1;
3430 }
3431 ERR_clear_error();
3432
3433end:
3434 if (x)
3435 X509_free(x);
3436
3437 if (in)
3438 BIO_free(in);
3439
3440 return ret;
3441}
3442
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003443static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3444 char **sni_filter, int fcount, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003445{
3446 int ret;
3447 SSL_CTX *ctx;
3448
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003449 ctx = SSL_CTX_new(SSLv23_server_method());
Emeric Brunfc0421f2012-09-07 17:30:07 +02003450 if (!ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003451 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3452 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003453 return 1;
3454 }
3455
3456 if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003457 memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n",
3458 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003459 SSL_CTX_free(ctx);
3460 return 1;
3461 }
3462
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003463 ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, ssl_conf, sni_filter, fcount);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003464 if (ret <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003465 memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n",
3466 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003467 if (ret < 0) /* serious error, must do that ourselves */
3468 SSL_CTX_free(ctx);
3469 return 1;
3470 }
Emeric Brun61694ab2012-10-26 13:35:33 +02003471
3472 if (SSL_CTX_check_private_key(ctx) <= 0) {
3473 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3474 err && *err ? *err : "", path);
3475 return 1;
3476 }
3477
Emeric Brunfc0421f2012-09-07 17:30:07 +02003478 /* we must not free the SSL_CTX anymore below, since it's already in
3479 * the tree, so it will be discovered and cleaned in time.
3480 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003481#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +02003482 /* store a NULL pointer to indicate we have not yet loaded
3483 a custom DH param file */
3484 if (ssl_dh_ptr_index >= 0) {
3485 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3486 }
3487
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003488 ret = ssl_sock_load_dh_params(ctx, path);
3489 if (ret < 0) {
3490 if (err)
3491 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3492 *err ? *err : "", path);
3493 return 1;
3494 }
3495#endif
3496
Lukas Tribuse4e30f72014-12-09 16:32:51 +01003497#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +02003498 ret = ssl_sock_load_ocsp(ctx, path);
3499 if (ret < 0) {
3500 if (err)
3501 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3502 *err ? *err : "", path);
3503 return 1;
3504 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003505#elif (defined OPENSSL_IS_BORINGSSL)
3506 ssl_sock_set_ocsp_response_from_file(ctx, path);
Emeric Brun4147b2e2014-06-16 18:36:30 +02003507#endif
3508
Willy Tarreau5db847a2019-05-09 14:13:35 +02003509#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01003510 if (sctl_ex_index >= 0) {
3511 ret = ssl_sock_load_sctl(ctx, path);
3512 if (ret < 0) {
3513 if (err)
3514 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3515 *err ? *err : "", path);
3516 return 1;
3517 }
3518 }
3519#endif
3520
Emeric Brunfc0421f2012-09-07 17:30:07 +02003521#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003522 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003523 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
3524 err && *err ? *err : "");
Emeric Brunfc0421f2012-09-07 17:30:07 +02003525 return 1;
3526 }
3527#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003528 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003529 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003530 bind_conf->default_ssl_conf = ssl_conf;
3531 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003532
3533 return 0;
3534}
3535
Willy Tarreau03209342016-12-22 17:08:28 +01003536int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003537{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003538 struct dirent **de_list;
3539 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003540 DIR *dir;
3541 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01003542 char *end;
3543 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02003544 int cfgerr = 0;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003545#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05003546 int is_bundle;
3547 int j;
3548#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003549
yanbzhu08ce6ab2015-12-02 13:01:29 -05003550 if (stat(path, &buf) == 0) {
3551 dir = opendir(path);
3552 if (!dir)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003553 return ssl_sock_load_cert_file(path, bind_conf, NULL, NULL, 0, err);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003554
yanbzhu08ce6ab2015-12-02 13:01:29 -05003555 /* strip trailing slashes, including first one */
3556 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
3557 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003558
yanbzhu08ce6ab2015-12-02 13:01:29 -05003559 n = scandir(path, &de_list, 0, alphasort);
3560 if (n < 0) {
3561 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
3562 err && *err ? *err : "", path, strerror(errno));
3563 cfgerr++;
3564 }
3565 else {
3566 for (i = 0; i < n; i++) {
3567 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02003568
yanbzhu08ce6ab2015-12-02 13:01:29 -05003569 end = strrchr(de->d_name, '.');
3570 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
3571 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003572
yanbzhu08ce6ab2015-12-02 13:01:29 -05003573 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
3574 if (stat(fp, &buf) != 0) {
3575 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3576 err && *err ? *err : "", fp, strerror(errno));
3577 cfgerr++;
3578 goto ignore_entry;
3579 }
3580 if (!S_ISREG(buf.st_mode))
3581 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05003582
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003583#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05003584 is_bundle = 0;
3585 /* Check if current entry in directory is part of a multi-cert bundle */
3586
3587 if (end) {
3588 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
3589 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
3590 is_bundle = 1;
3591 break;
3592 }
3593 }
3594
3595 if (is_bundle) {
3596 char dp[MAXPATHLEN+1] = {0}; /* this will be the filename w/o the keytype */
3597 int dp_len;
3598
3599 dp_len = end - de->d_name;
3600 snprintf(dp, dp_len + 1, "%s", de->d_name);
3601
3602 /* increment i and free de until we get to a non-bundle cert
3603 * Note here that we look at de_list[i + 1] before freeing de
3604 * this is important since ignore_entry will free de
3605 */
3606 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, dp, dp_len)) {
3607 free(de);
3608 i++;
3609 de = de_list[i];
3610 }
3611
3612 snprintf(fp, sizeof(fp), "%s/%s", path, dp);
Emeric Bruneb155b62018-08-16 15:11:12 +02003613 cfgerr += ssl_sock_load_multi_cert(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05003614
3615 /* Successfully processed the bundle */
3616 goto ignore_entry;
3617 }
3618 }
3619
3620#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003621 cfgerr += ssl_sock_load_cert_file(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003622ignore_entry:
3623 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003624 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003625 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003626 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003627 closedir(dir);
3628 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003629 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003630
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003631 cfgerr = ssl_sock_load_multi_cert(path, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003632
Emeric Brunfc0421f2012-09-07 17:30:07 +02003633 return cfgerr;
3634}
3635
Thierry Fournier383085f2013-01-24 14:15:43 +01003636/* Make sure openssl opens /dev/urandom before the chroot. The work is only
3637 * done once. Zero is returned if the operation fails. No error is returned
3638 * if the random is said as not implemented, because we expect that openssl
3639 * will use another method once needed.
3640 */
3641static int ssl_initialize_random()
3642{
3643 unsigned char random;
3644 static int random_initialized = 0;
3645
3646 if (!random_initialized && RAND_bytes(&random, 1) != 0)
3647 random_initialized = 1;
3648
3649 return random_initialized;
3650}
3651
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003652/* release ssl bind conf */
3653void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003654{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003655 if (conf) {
Bernard Spil13c53f82018-02-15 13:34:58 +01003656#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003657 free(conf->npn_str);
3658 conf->npn_str = NULL;
3659#endif
3660#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
3661 free(conf->alpn_str);
3662 conf->alpn_str = NULL;
3663#endif
3664 free(conf->ca_file);
3665 conf->ca_file = NULL;
3666 free(conf->crl_file);
3667 conf->crl_file = NULL;
3668 free(conf->ciphers);
3669 conf->ciphers = NULL;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02003670#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02003671 free(conf->ciphersuites);
3672 conf->ciphersuites = NULL;
3673#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01003674 free(conf->curves);
3675 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003676 free(conf->ecdhe);
3677 conf->ecdhe = NULL;
3678 }
3679}
3680
3681int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
3682{
3683 char thisline[CRT_LINESIZE];
3684 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003685 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05003686 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003687 int linenum = 0;
3688 int cfgerr = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003689
Willy Tarreauad1731d2013-04-02 17:35:58 +02003690 if ((f = fopen(file, "r")) == NULL) {
3691 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003692 return 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003693 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003694
3695 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003696 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003697 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003698 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003699 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003700 char *crt_path;
3701 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003702
3703 linenum++;
3704 end = line + strlen(line);
3705 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
3706 /* Check if we reached the limit and the last char is not \n.
3707 * Watch out for the last line without the terminating '\n'!
3708 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02003709 memprintf(err, "line %d too long in file '%s', limit is %d characters",
3710 linenum, file, (int)sizeof(thisline)-1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003711 cfgerr = 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003712 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003713 }
3714
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003715 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02003716 newarg = 1;
3717 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003718 if (*line == '#' || *line == '\n' || *line == '\r') {
3719 /* end of string, end of loop */
3720 *line = 0;
3721 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003722 } else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02003723 newarg = 1;
3724 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003725 } else if (*line == '[') {
3726 if (ssl_b) {
3727 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
3728 cfgerr = 1;
3729 break;
3730 }
3731 if (!arg) {
3732 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
3733 cfgerr = 1;
3734 break;
3735 }
3736 ssl_b = arg;
3737 newarg = 1;
3738 *line = 0;
3739 } else if (*line == ']') {
3740 if (ssl_e) {
3741 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Emeric Brun50bcecc2013-04-22 13:05:23 +02003742 cfgerr = 1;
3743 break;
3744 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003745 if (!ssl_b) {
3746 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
3747 cfgerr = 1;
3748 break;
3749 }
3750 ssl_e = arg;
3751 newarg = 1;
3752 *line = 0;
3753 } else if (newarg) {
3754 if (arg == MAX_CRT_ARGS) {
3755 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
3756 cfgerr = 1;
3757 break;
3758 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003759 newarg = 0;
3760 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003761 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003762 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003763 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003764 if (cfgerr)
3765 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003766 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003767
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003768 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003769 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003770 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003771
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003772 crt_path = args[0];
3773 if (*crt_path != '/' && global_ssl.crt_base) {
3774 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
3775 memprintf(err, "'%s' : path too long on line %d in file '%s'",
3776 crt_path, linenum, file);
3777 cfgerr = 1;
3778 break;
3779 }
3780 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
3781 crt_path = path;
3782 }
3783
3784 ssl_conf = calloc(1, sizeof *ssl_conf);
3785 cur_arg = ssl_b ? ssl_b : 1;
3786 while (cur_arg < ssl_e) {
3787 newarg = 0;
3788 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
3789 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
3790 newarg = 1;
3791 cfgerr = ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
3792 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
3793 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
3794 args[cur_arg], linenum, file);
3795 cfgerr = 1;
3796 }
3797 cur_arg += 1 + ssl_bind_kws[i].skip;
3798 break;
3799 }
3800 }
3801 if (!cfgerr && !newarg) {
3802 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
3803 args[cur_arg], linenum, file);
3804 cfgerr = 1;
3805 break;
3806 }
3807 }
3808 if (cfgerr) {
3809 ssl_sock_free_ssl_conf(ssl_conf);
3810 free(ssl_conf);
3811 ssl_conf = NULL;
3812 break;
3813 }
3814
3815 if (stat(crt_path, &buf) == 0) {
3816 cfgerr = ssl_sock_load_cert_file(crt_path, bind_conf, ssl_conf,
3817 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003818 } else {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003819 cfgerr = ssl_sock_load_multi_cert(crt_path, bind_conf, ssl_conf,
3820 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003821 }
3822
Willy Tarreauad1731d2013-04-02 17:35:58 +02003823 if (cfgerr) {
3824 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003825 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003826 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003827 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003828 fclose(f);
3829 return cfgerr;
3830}
3831
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003832/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003833static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003834ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003835{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003836 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003837 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003838 SSL_OP_ALL | /* all known workarounds for bugs */
3839 SSL_OP_NO_SSLv2 |
3840 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003841 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02003842 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003843 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02003844 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003845 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003846 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003847 SSL_MODE_ENABLE_PARTIAL_WRITE |
3848 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01003849 SSL_MODE_RELEASE_BUFFERS |
3850 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02003851 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003852 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003853 int flags = MC_SSL_O_ALL;
3854 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003855
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003856 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003857 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003858
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003859 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01003860 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
3861 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3862 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003863 else
3864 flags = conf_ssl_methods->flags;
3865
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003866 min = conf_ssl_methods->min;
3867 max = conf_ssl_methods->max;
3868 /* start with TLSv10 to remove SSLv3 per default */
3869 if (!min && (!max || max >= CONF_TLSV10))
3870 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003871 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003872 if (min)
3873 flags |= (methodVersions[min].flag - 1);
3874 if (max)
3875 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003876 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003877 min = max = CONF_TLSV_NONE;
3878 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003879 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003880 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003881 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003882 if (min) {
3883 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003884 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
3885 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3886 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
3887 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003888 hole = 0;
3889 }
3890 max = i;
3891 }
3892 else {
3893 min = max = i;
3894 }
3895 }
3896 else {
3897 if (min)
3898 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003899 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003900 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003901 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
3902 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003903 cfgerr += 1;
3904 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02003905 /* save real min/max in bind_conf */
3906 conf_ssl_methods->min = min;
3907 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003908
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003909#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003910 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08003911 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003912 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003913 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003914 else
3915 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
3916 if (flags & methodVersions[i].flag)
3917 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003918#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003919 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003920 methodVersions[min].ctx_set_version(ctx, SET_MIN);
3921 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02003922#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003923
3924 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
3925 options |= SSL_OP_NO_TICKET;
3926 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
3927 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
Dirkjan Bussink526894f2019-01-21 09:35:03 -08003928
3929#ifdef SSL_OP_NO_RENEGOTIATION
3930 options |= SSL_OP_NO_RENEGOTIATION;
3931#endif
3932
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003933 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003934
Willy Tarreau5db847a2019-05-09 14:13:35 +02003935#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003936 if (global_ssl.async)
3937 mode |= SSL_MODE_ASYNC;
3938#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003939 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003940 if (global_ssl.life_time)
3941 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003942
3943#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3944#ifdef OPENSSL_IS_BORINGSSL
3945 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
3946 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Willy Tarreau5db847a2019-05-09 14:13:35 +02003947#elif (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard51088ce2019-01-02 18:46:41 +01003948 if (bind_conf->ssl_conf.early_data) {
3949 SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
3950 SSL_CTX_set_max_early_data(ctx, global.tune.bufsize - global.tune.maxrewrite);
3951 }
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02003952 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
3953 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003954#else
3955 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003956#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02003957 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003958#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003959 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003960}
3961
William Lallemand4f45bb92017-10-30 20:08:51 +01003962
3963static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
3964{
3965 if (first == block) {
3966 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
3967 if (first->len > 0)
3968 sh_ssl_sess_tree_delete(sh_ssl_sess);
3969 }
3970}
3971
3972/* return first block from sh_ssl_sess */
3973static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
3974{
3975 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
3976
3977}
3978
3979/* store a session into the cache
3980 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
3981 * data: asn1 encoded session
3982 * data_len: asn1 encoded session length
3983 * Returns 1 id session was stored (else 0)
3984 */
3985static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
3986{
3987 struct shared_block *first;
3988 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
3989
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02003990 first = shctx_row_reserve_hot(ssl_shctx, NULL, data_len + sizeof(struct sh_ssl_sess_hdr));
William Lallemand4f45bb92017-10-30 20:08:51 +01003991 if (!first) {
3992 /* Could not retrieve enough free blocks to store that session */
3993 return 0;
3994 }
3995
3996 /* STORE the key in the first elem */
3997 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
3998 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
3999 first->len = sizeof(struct sh_ssl_sess_hdr);
4000
4001 /* it returns the already existing node
4002 or current node if none, never returns null */
4003 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
4004 if (oldsh_ssl_sess != sh_ssl_sess) {
4005 /* NOTE: Row couldn't be in use because we lock read & write function */
4006 /* release the reserved row */
4007 shctx_row_dec_hot(ssl_shctx, first);
4008 /* replace the previous session already in the tree */
4009 sh_ssl_sess = oldsh_ssl_sess;
4010 /* ignore the previous session data, only use the header */
4011 first = sh_ssl_sess_first_block(sh_ssl_sess);
4012 shctx_row_inc_hot(ssl_shctx, first);
4013 first->len = sizeof(struct sh_ssl_sess_hdr);
4014 }
4015
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004016 if (shctx_row_data_append(ssl_shctx, first, NULL, data, data_len) < 0) {
William Lallemand99b90af2018-01-03 19:15:51 +01004017 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004018 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01004019 }
4020
4021 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004022
4023 return 1;
4024}
William Lallemanded0b5ad2017-10-30 19:36:36 +01004025
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004026/* SSL callback used when a new session is created while connecting to a server */
4027static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
4028{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004029 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004030 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004031
Willy Tarreau07d94e42018-09-20 10:57:52 +02004032 s = __objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004033
Olivier Houcharde6060c52017-11-16 17:42:52 +01004034 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
4035 int len;
4036 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004037
Olivier Houcharde6060c52017-11-16 17:42:52 +01004038 len = i2d_SSL_SESSION(sess, NULL);
4039 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
4040 ptr = s->ssl_ctx.reused_sess[tid].ptr;
4041 } else {
4042 free(s->ssl_ctx.reused_sess[tid].ptr);
4043 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
4044 s->ssl_ctx.reused_sess[tid].allocated_size = len;
4045 }
4046 if (s->ssl_ctx.reused_sess[tid].ptr) {
4047 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
4048 &ptr);
4049 }
4050 } else {
4051 free(s->ssl_ctx.reused_sess[tid].ptr);
4052 s->ssl_ctx.reused_sess[tid].ptr = NULL;
4053 }
4054
4055 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004056}
4057
Olivier Houcharde6060c52017-11-16 17:42:52 +01004058
William Lallemanded0b5ad2017-10-30 19:36:36 +01004059/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01004060int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004061{
4062 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
4063 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
4064 unsigned char *p;
4065 int data_len;
4066 unsigned int sid_length, sid_ctx_length;
4067 const unsigned char *sid_data;
4068 const unsigned char *sid_ctx_data;
4069
4070 /* Session id is already stored in to key and session id is known
4071 * so we dont store it to keep size.
4072 */
4073
4074 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4075 sid_ctx_data = SSL_SESSION_get0_id_context(sess, &sid_ctx_length);
4076 SSL_SESSION_set1_id(sess, sid_data, 0);
4077 SSL_SESSION_set1_id_context(sess, sid_ctx_data, 0);
4078
4079 /* check if buffer is large enough for the ASN1 encoded session */
4080 data_len = i2d_SSL_SESSION(sess, NULL);
4081 if (data_len > SHSESS_MAX_DATA_LEN)
4082 goto err;
4083
4084 p = encsess;
4085
4086 /* process ASN1 session encoding before the lock */
4087 i2d_SSL_SESSION(sess, &p);
4088
4089 memcpy(encid, sid_data, sid_length);
4090 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
4091 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
4092
William Lallemanda3c77cf2017-10-30 23:44:40 +01004093 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004094 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004095 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01004096 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004097err:
4098 /* reset original length values */
4099 SSL_SESSION_set1_id(sess, sid_data, sid_length);
4100 SSL_SESSION_set1_id_context(sess, sid_ctx_data, sid_ctx_length);
4101
4102 return 0; /* do not increment session reference count */
4103}
4104
4105/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004106SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004107{
William Lallemand4f45bb92017-10-30 20:08:51 +01004108 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004109 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
4110 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01004111 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01004112 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004113
4114 global.shctx_lookups++;
4115
4116 /* allow the session to be freed automatically by openssl */
4117 *do_copy = 0;
4118
4119 /* tree key is zeros padded sessionid */
4120 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4121 memcpy(tmpkey, key, key_len);
4122 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
4123 key = tmpkey;
4124 }
4125
4126 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004127 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004128
4129 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004130 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
4131 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004132 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004133 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004134 global.shctx_misses++;
4135 return NULL;
4136 }
4137
William Lallemand4f45bb92017-10-30 20:08:51 +01004138 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
4139 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004140
William Lallemand4f45bb92017-10-30 20:08:51 +01004141 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004142
William Lallemanda3c77cf2017-10-30 23:44:40 +01004143 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004144
4145 /* decode ASN1 session */
4146 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004147 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004148 /* Reset session id and session id contenxt */
4149 if (sess) {
4150 SSL_SESSION_set1_id(sess, key, key_len);
4151 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4152 }
4153
4154 return sess;
4155}
4156
William Lallemand4f45bb92017-10-30 20:08:51 +01004157
William Lallemanded0b5ad2017-10-30 19:36:36 +01004158/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004159void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004160{
William Lallemand4f45bb92017-10-30 20:08:51 +01004161 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004162 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4163 unsigned int sid_length;
4164 const unsigned char *sid_data;
4165 (void)ctx;
4166
4167 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4168 /* tree key is zeros padded sessionid */
4169 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4170 memcpy(tmpkey, sid_data, sid_length);
4171 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4172 sid_data = tmpkey;
4173 }
4174
William Lallemanda3c77cf2017-10-30 23:44:40 +01004175 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004176
4177 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004178 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4179 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004180 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004181 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004182 }
4183
4184 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004185 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004186}
4187
4188/* Set session cache mode to server and disable openssl internal cache.
4189 * Set shared cache callbacks on an ssl context.
4190 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004191void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004192{
4193 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4194
4195 if (!ssl_shctx) {
4196 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4197 return;
4198 }
4199
4200 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4201 SSL_SESS_CACHE_NO_INTERNAL |
4202 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4203
4204 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004205 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4206 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4207 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004208}
4209
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004210int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx)
4211{
4212 struct proxy *curproxy = bind_conf->frontend;
4213 int cfgerr = 0;
4214 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004215 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004216 const char *conf_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004217#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004218 const char *conf_ciphersuites;
4219#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004220 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004221
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004222 if (ssl_conf) {
4223 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4224 int i, min, max;
4225 int flags = MC_SSL_O_ALL;
4226
4227 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004228 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4229 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004230 if (min)
4231 flags |= (methodVersions[min].flag - 1);
4232 if (max)
4233 flags |= ~((methodVersions[max].flag << 1) - 1);
4234 min = max = CONF_TLSV_NONE;
4235 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4236 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4237 if (min)
4238 max = i;
4239 else
4240 min = max = i;
4241 }
4242 /* save real min/max */
4243 conf_ssl_methods->min = min;
4244 conf_ssl_methods->max = max;
4245 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004246 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4247 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004248 cfgerr += 1;
4249 }
4250 }
4251
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004252 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01004253 case SSL_SOCK_VERIFY_NONE:
4254 verify = SSL_VERIFY_NONE;
4255 break;
4256 case SSL_SOCK_VERIFY_OPTIONAL:
4257 verify = SSL_VERIFY_PEER;
4258 break;
4259 case SSL_SOCK_VERIFY_REQUIRED:
4260 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
4261 break;
4262 }
4263 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
4264 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004265 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
4266 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
4267 if (ca_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004268 /* load CAfile to verify */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004269 if (!SSL_CTX_load_verify_locations(ctx, ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004270 ha_alert("Proxy '%s': unable to load CA file '%s' for bind '%s' at [%s:%d].\n",
4271 curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004272 cfgerr++;
4273 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02004274 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
4275 /* set CA names for client cert request, function returns void */
4276 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(ca_file));
4277 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004278 }
Emeric Brun850efd52014-01-29 12:24:34 +01004279 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004280 ha_alert("Proxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
4281 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun850efd52014-01-29 12:24:34 +01004282 cfgerr++;
4283 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004284#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004285 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004286 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
4287
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004288 if (!store || !X509_STORE_load_locations(store, crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004289 ha_alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
4290 curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004291 cfgerr++;
4292 }
Emeric Brun561e5742012-10-02 15:20:55 +02004293 else {
4294 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4295 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004296 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004297#endif
Emeric Brun644cde02012-12-14 11:21:13 +01004298 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02004299 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004300#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02004301 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004302 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004303 ha_alert("Proxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
4304 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004305 cfgerr++;
4306 }
4307 }
4308#endif
4309
William Lallemand4f45bb92017-10-30 20:08:51 +01004310 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004311 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
4312 if (conf_ciphers &&
4313 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004314 ha_alert("Proxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
4315 curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004316 cfgerr++;
4317 }
4318
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004319#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004320 conf_ciphersuites = (ssl_conf && ssl_conf->ciphersuites) ? ssl_conf->ciphersuites : bind_conf->ssl_conf.ciphersuites;
4321 if (conf_ciphersuites &&
4322 !SSL_CTX_set_ciphersuites(ctx, conf_ciphersuites)) {
4323 ha_alert("Proxy '%s': unable to set TLS 1.3 cipher suites to '%s' for bind '%s' at [%s:%d].\n",
4324 curproxy->id, conf_ciphersuites, bind_conf->arg, bind_conf->file, bind_conf->line);
4325 cfgerr++;
4326 }
4327#endif
4328
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004329#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02004330 /* If tune.ssl.default-dh-param has not been set,
4331 neither has ssl-default-dh-file and no static DH
4332 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01004333 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02004334 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02004335 (ssl_dh_ptr_index == -1 ||
4336 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004337 STACK_OF(SSL_CIPHER) * ciphers = NULL;
4338 const SSL_CIPHER * cipher = NULL;
4339 char cipher_description[128];
4340 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
4341 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
4342 which is not ephemeral DH. */
4343 const char dhe_description[] = " Kx=DH ";
4344 const char dhe_export_description[] = " Kx=DH(";
4345 int idx = 0;
4346 int dhe_found = 0;
4347 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004348
Remi Gacogne23d5d372014-10-10 17:04:26 +02004349 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004350
Remi Gacogne23d5d372014-10-10 17:04:26 +02004351 if (ssl) {
4352 ciphers = SSL_get_ciphers(ssl);
4353
4354 if (ciphers) {
4355 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
4356 cipher = sk_SSL_CIPHER_value(ciphers, idx);
4357 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
4358 if (strstr(cipher_description, dhe_description) != NULL ||
4359 strstr(cipher_description, dhe_export_description) != NULL) {
4360 dhe_found = 1;
4361 break;
4362 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02004363 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004364 }
4365 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02004366 SSL_free(ssl);
4367 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004368 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004369
Lukas Tribus90132722014-08-18 00:56:33 +02004370 if (dhe_found) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004371 ha_warning("Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n");
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004372 }
4373
Willy Tarreauef934602016-12-22 23:12:01 +01004374 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004375 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004376
Willy Tarreauef934602016-12-22 23:12:01 +01004377 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004378 if (local_dh_1024 == NULL) {
4379 local_dh_1024 = ssl_get_dh_1024();
4380 }
Willy Tarreauef934602016-12-22 23:12:01 +01004381 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004382 if (local_dh_2048 == NULL) {
4383 local_dh_2048 = ssl_get_dh_2048();
4384 }
Willy Tarreauef934602016-12-22 23:12:01 +01004385 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004386 if (local_dh_4096 == NULL) {
4387 local_dh_4096 = ssl_get_dh_4096();
4388 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004389 }
4390 }
4391 }
4392#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004393
Emeric Brunfc0421f2012-09-07 17:30:07 +02004394 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004395#if HA_OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02004396 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004397#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02004398
Bernard Spil13c53f82018-02-15 13:34:58 +01004399#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004400 ssl_conf_cur = NULL;
4401 if (ssl_conf && ssl_conf->npn_str)
4402 ssl_conf_cur = ssl_conf;
4403 else if (bind_conf->ssl_conf.npn_str)
4404 ssl_conf_cur = &bind_conf->ssl_conf;
4405 if (ssl_conf_cur)
4406 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004407#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004408#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004409 ssl_conf_cur = NULL;
4410 if (ssl_conf && ssl_conf->alpn_str)
4411 ssl_conf_cur = ssl_conf;
4412 else if (bind_conf->ssl_conf.alpn_str)
4413 ssl_conf_cur = &bind_conf->ssl_conf;
4414 if (ssl_conf_cur)
4415 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02004416#endif
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004417#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004418 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
4419 if (conf_curves) {
4420 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004421 ha_alert("Proxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
4422 curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004423 cfgerr++;
4424 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01004425#if defined(SSL_CTX_set_ecdh_auto)
4426 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
4427#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004428 }
4429#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004430#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004431 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02004432 int i;
4433 EC_KEY *ecdh;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004434#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004435 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02004436 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4437 NULL);
4438
4439 if (ecdhe == NULL) {
4440 SSL_CTX_set_dh_auto(ctx, 1);
4441 return cfgerr;
4442 }
4443#else
4444 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
4445 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4446 ECDHE_DEFAULT_CURVE);
4447#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004448
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004449 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02004450 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004451 ha_alert("Proxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
4452 curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun2b58d042012-09-20 17:10:03 +02004453 cfgerr++;
4454 }
4455 else {
4456 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
4457 EC_KEY_free(ecdh);
4458 }
4459 }
4460#endif
4461
Emeric Brunfc0421f2012-09-07 17:30:07 +02004462 return cfgerr;
4463}
4464
Evan Broderbe554312013-06-27 00:05:25 -07004465static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
4466{
4467 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
4468 size_t prefixlen, suffixlen;
4469
4470 /* Trivial case */
4471 if (strcmp(pattern, hostname) == 0)
4472 return 1;
4473
Evan Broderbe554312013-06-27 00:05:25 -07004474 /* The rest of this logic is based on RFC 6125, section 6.4.3
4475 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
4476
Emeric Bruna848dae2013-10-08 11:27:28 +02004477 pattern_wildcard = NULL;
4478 pattern_left_label_end = pattern;
4479 while (*pattern_left_label_end != '.') {
4480 switch (*pattern_left_label_end) {
4481 case 0:
4482 /* End of label not found */
4483 return 0;
4484 case '*':
4485 /* If there is more than one wildcards */
4486 if (pattern_wildcard)
4487 return 0;
4488 pattern_wildcard = pattern_left_label_end;
4489 break;
4490 }
4491 pattern_left_label_end++;
4492 }
4493
4494 /* If it's not trivial and there is no wildcard, it can't
4495 * match */
4496 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07004497 return 0;
4498
4499 /* Make sure all labels match except the leftmost */
4500 hostname_left_label_end = strchr(hostname, '.');
4501 if (!hostname_left_label_end
4502 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
4503 return 0;
4504
4505 /* Make sure the leftmost label of the hostname is long enough
4506 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02004507 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07004508 return 0;
4509
4510 /* Finally compare the string on either side of the
4511 * wildcard */
4512 prefixlen = pattern_wildcard - pattern;
4513 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02004514 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
4515 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07004516 return 0;
4517
4518 return 1;
4519}
4520
4521static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
4522{
4523 SSL *ssl;
4524 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01004525 struct ssl_sock_ctx *ssl_ctx;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004526 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02004527 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07004528
4529 int depth;
4530 X509 *cert;
4531 STACK_OF(GENERAL_NAME) *alt_names;
4532 int i;
4533 X509_NAME *cert_subject;
4534 char *str;
4535
4536 if (ok == 0)
4537 return ok;
4538
4539 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004540 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard66ab4982019-02-26 18:37:15 +01004541 ssl_ctx = conn->xprt_ctx;
Evan Broderbe554312013-06-27 00:05:25 -07004542
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004543 /* We're checking if the provided hostnames match the desired one. The
4544 * desired hostname comes from the SNI we presented if any, or if not
4545 * provided then it may have been explicitly stated using a "verifyhost"
4546 * directive. If neither is set, we don't care about the name so the
4547 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02004548 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01004549 servername = SSL_get_servername(ssl_ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02004550 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004551 if (!servername) {
Willy Tarreau07d94e42018-09-20 10:57:52 +02004552 servername = __objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004553 if (!servername)
4554 return ok;
4555 }
Evan Broderbe554312013-06-27 00:05:25 -07004556
4557 /* We only need to verify the CN on the actual server cert,
4558 * not the indirect CAs */
4559 depth = X509_STORE_CTX_get_error_depth(ctx);
4560 if (depth != 0)
4561 return ok;
4562
4563 /* At this point, the cert is *not* OK unless we can find a
4564 * hostname match */
4565 ok = 0;
4566
4567 cert = X509_STORE_CTX_get_current_cert(ctx);
4568 /* It seems like this might happen if verify peer isn't set */
4569 if (!cert)
4570 return ok;
4571
4572 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
4573 if (alt_names) {
4574 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
4575 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
4576 if (name->type == GEN_DNS) {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004577#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Emeric Bruna33410c2013-09-17 15:47:48 +02004578 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
4579#else
Evan Broderbe554312013-06-27 00:05:25 -07004580 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004581#endif
Evan Broderbe554312013-06-27 00:05:25 -07004582 ok = ssl_sock_srv_hostcheck(str, servername);
4583 OPENSSL_free(str);
4584 }
4585 }
4586 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02004587 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07004588 }
4589
4590 cert_subject = X509_get_subject_name(cert);
4591 i = -1;
4592 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
4593 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02004594 ASN1_STRING *value;
4595 value = X509_NAME_ENTRY_get_data(entry);
4596 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07004597 ok = ssl_sock_srv_hostcheck(str, servername);
4598 OPENSSL_free(str);
4599 }
4600 }
4601
Willy Tarreau71d058c2017-07-26 20:09:56 +02004602 /* report the mismatch and indicate if SNI was used or not */
4603 if (!ok && !conn->err_code)
4604 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07004605 return ok;
4606}
4607
Emeric Brun94324a42012-10-11 14:00:19 +02004608/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01004609int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02004610{
Willy Tarreau03209342016-12-22 17:08:28 +01004611 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02004612 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004613 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02004614 SSL_OP_ALL | /* all known workarounds for bugs */
4615 SSL_OP_NO_SSLv2 |
4616 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004617 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02004618 SSL_MODE_ENABLE_PARTIAL_WRITE |
4619 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004620 SSL_MODE_RELEASE_BUFFERS |
4621 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01004622 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004623 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004624 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004625 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004626 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02004627
Thierry Fournier383085f2013-01-24 14:15:43 +01004628 /* Make sure openssl opens /dev/urandom before the chroot */
4629 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004630 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01004631 cfgerr++;
4632 }
4633
Willy Tarreaufce03112015-01-15 21:32:40 +01004634 /* Automatic memory computations need to know we use SSL there */
4635 global.ssl_used_backend = 1;
4636
4637 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02004638 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01004639 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004640 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
4641 curproxy->id, srv->id,
4642 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004643 cfgerr++;
4644 return cfgerr;
4645 }
4646 }
Emeric Brun94324a42012-10-11 14:00:19 +02004647 if (srv->use_ssl)
4648 srv->xprt = &ssl_sock;
4649 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01004650 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02004651
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004652 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004653 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004654 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
4655 proxy_type_str(curproxy), curproxy->id,
4656 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02004657 cfgerr++;
4658 return cfgerr;
4659 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004660
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004661 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004662 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
4663 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4664 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004665 else
4666 flags = conf_ssl_methods->flags;
4667
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004668 /* Real min and max should be determinate with configuration and openssl's capabilities */
4669 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004670 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004671 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004672 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004673
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004674 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004675 min = max = CONF_TLSV_NONE;
4676 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004677 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004678 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004679 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004680 if (min) {
4681 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004682 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
4683 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4684 proxy_type_str(curproxy), curproxy->id, srv->id,
4685 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004686 hole = 0;
4687 }
4688 max = i;
4689 }
4690 else {
4691 min = max = i;
4692 }
4693 }
4694 else {
4695 if (min)
4696 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004697 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004698 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004699 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
4700 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004701 cfgerr += 1;
4702 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004703
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004704#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004705 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08004706 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004707 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004708 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004709 else
4710 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4711 if (flags & methodVersions[i].flag)
4712 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004713#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004714 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004715 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4716 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004717#endif
4718
4719 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
4720 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004721 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004722
Willy Tarreau5db847a2019-05-09 14:13:35 +02004723#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004724 if (global_ssl.async)
4725 mode |= SSL_MODE_ASYNC;
4726#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004727 SSL_CTX_set_mode(ctx, mode);
4728 srv->ssl_ctx.ctx = ctx;
4729
Emeric Bruna7aa3092012-10-26 12:58:00 +02004730 if (srv->ssl_ctx.client_crt) {
4731 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004732 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
4733 proxy_type_str(curproxy), curproxy->id,
4734 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004735 cfgerr++;
4736 }
4737 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004738 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
4739 proxy_type_str(curproxy), curproxy->id,
4740 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004741 cfgerr++;
4742 }
4743 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004744 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
4745 proxy_type_str(curproxy), curproxy->id,
4746 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004747 cfgerr++;
4748 }
4749 }
Emeric Brun94324a42012-10-11 14:00:19 +02004750
Emeric Brun850efd52014-01-29 12:24:34 +01004751 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
4752 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01004753 switch (srv->ssl_ctx.verify) {
4754 case SSL_SOCK_VERIFY_NONE:
4755 verify = SSL_VERIFY_NONE;
4756 break;
4757 case SSL_SOCK_VERIFY_REQUIRED:
4758 verify = SSL_VERIFY_PEER;
4759 break;
4760 }
Evan Broderbe554312013-06-27 00:05:25 -07004761 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01004762 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02004763 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01004764 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02004765 if (srv->ssl_ctx.ca_file) {
4766 /* load CAfile to verify */
4767 if (!SSL_CTX_load_verify_locations(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004768 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to load CA file '%s'.\n",
4769 curproxy->id, srv->id,
4770 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004771 cfgerr++;
4772 }
4773 }
Emeric Brun850efd52014-01-29 12:24:34 +01004774 else {
4775 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01004776 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
4777 curproxy->id, srv->id,
4778 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004779 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01004780 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
4781 curproxy->id, srv->id,
4782 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004783 cfgerr++;
4784 }
Emeric Brunef42d922012-10-11 16:11:36 +02004785#ifdef X509_V_FLAG_CRL_CHECK
4786 if (srv->ssl_ctx.crl_file) {
4787 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
4788
4789 if (!store || !X509_STORE_load_locations(store, srv->ssl_ctx.crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004790 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
4791 curproxy->id, srv->id,
4792 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004793 cfgerr++;
4794 }
4795 else {
4796 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4797 }
4798 }
4799#endif
4800 }
4801
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004802 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
4803 SSL_SESS_CACHE_NO_INTERNAL_STORE);
4804 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02004805 if (srv->ssl_ctx.ciphers &&
4806 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004807 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
4808 curproxy->id, srv->id,
4809 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02004810 cfgerr++;
4811 }
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004812
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004813#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004814 if (srv->ssl_ctx.ciphersuites &&
Pierre Cheynierbc34cd12019-03-21 16:15:47 +00004815 !SSL_CTX_set_ciphersuites(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphersuites)) {
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004816 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set TLS 1.3 cipher suites to '%s'.\n",
4817 curproxy->id, srv->id,
4818 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphersuites);
4819 cfgerr++;
4820 }
4821#endif
Olivier Houchardc7566002018-11-20 23:33:50 +01004822#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
4823 if (srv->ssl_ctx.npn_str)
4824 SSL_CTX_set_next_proto_select_cb(ctx, ssl_sock_srv_select_protos, srv);
4825#endif
4826#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4827 if (srv->ssl_ctx.alpn_str)
4828 SSL_CTX_set_alpn_protos(ctx, (unsigned char *)srv->ssl_ctx.alpn_str, srv->ssl_ctx.alpn_len);
4829#endif
4830
Emeric Brun94324a42012-10-11 14:00:19 +02004831
4832 return cfgerr;
4833}
4834
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004835/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004836 * be NULL, in which case nothing is done. Returns the number of errors
4837 * encountered.
4838 */
Willy Tarreau03209342016-12-22 17:08:28 +01004839int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004840{
4841 struct ebmb_node *node;
4842 struct sni_ctx *sni;
4843 int err = 0;
4844
Willy Tarreaufce03112015-01-15 21:32:40 +01004845 /* Automatic memory computations need to know we use SSL there */
4846 global.ssl_used_frontend = 1;
4847
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004848 /* Make sure openssl opens /dev/urandom before the chroot */
4849 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004850 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004851 err++;
4852 }
4853 /* Create initial_ctx used to start the ssl connection before do switchctx */
4854 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004855 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004856 /* It should not be necessary to call this function, but it's
4857 necessary first to check and move all initialisation related
4858 to initial_ctx in ssl_sock_initial_ctx. */
4859 err += ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx);
4860 }
Emeric Brun0bed9942014-10-30 19:25:24 +01004861 if (bind_conf->default_ctx)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004862 err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx);
Emeric Brun0bed9942014-10-30 19:25:24 +01004863
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004864 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004865 while (node) {
4866 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004867 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4868 /* only initialize the CTX on its first occurrence and
4869 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004870 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004871 node = ebmb_next(node);
4872 }
4873
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004874 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004875 while (node) {
4876 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004877 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4878 /* only initialize the CTX on its first occurrence and
4879 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004880 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004881 node = ebmb_next(node);
4882 }
4883 return err;
4884}
4885
Willy Tarreau55d37912016-12-21 23:38:39 +01004886/* Prepares all the contexts for a bind_conf and allocates the shared SSL
4887 * context if needed. Returns < 0 on error, 0 on success. The warnings and
4888 * alerts are directly emitted since the rest of the stack does it below.
4889 */
4890int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
4891{
4892 struct proxy *px = bind_conf->frontend;
4893 int alloc_ctx;
4894 int err;
4895
4896 if (!bind_conf->is_ssl) {
4897 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004898 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
4899 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01004900 }
4901 return 0;
4902 }
4903 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004904 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004905 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
4906 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004907 }
4908 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004909 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
4910 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004911 return -1;
4912 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004913 }
William Lallemandc61c0b32017-12-04 18:46:39 +01004914 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01004915 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
Frédéric Lécailleb7838af2018-10-22 16:21:39 +02004916 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE, -1,
William Lallemandc3cd35f2017-11-28 11:04:43 +01004917 sizeof(*sh_ssl_sess_tree),
4918 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
Frédéric Lécaille4c8aa112018-10-25 20:22:46 +02004919 if (alloc_ctx <= 0) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01004920 if (alloc_ctx == SHCTX_E_INIT_LOCK)
4921 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
4922 else
4923 ha_alert("Unable to allocate SSL session cache.\n");
4924 return -1;
4925 }
4926 /* free block callback */
4927 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
4928 /* init the root tree within the extra space */
4929 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
4930 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01004931 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004932 err = 0;
4933 /* initialize all certificate contexts */
4934 err += ssl_sock_prepare_all_ctx(bind_conf);
4935
4936 /* initialize CA variables if the certificates generation is enabled */
4937 err += ssl_sock_load_ca(bind_conf);
4938
4939 return -err;
4940}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02004941
4942/* release ssl context allocated for servers. */
4943void ssl_sock_free_srv_ctx(struct server *srv)
4944{
Olivier Houchardc7566002018-11-20 23:33:50 +01004945#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4946 if (srv->ssl_ctx.alpn_str)
4947 free(srv->ssl_ctx.alpn_str);
4948#endif
Lukas Tribusda95fd92018-11-25 13:21:27 +01004949#ifdef OPENSSL_NPN_NEGOTIATED
Olivier Houchardc7566002018-11-20 23:33:50 +01004950 if (srv->ssl_ctx.npn_str)
4951 free(srv->ssl_ctx.npn_str);
Lukas Tribus7706b852018-11-26 22:57:17 +01004952#endif
Christopher Faulet77fe80c2015-07-29 13:02:40 +02004953 if (srv->ssl_ctx.ctx)
4954 SSL_CTX_free(srv->ssl_ctx.ctx);
4955}
4956
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004957/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004958 * be NULL, in which case nothing is done. The default_ctx is nullified too.
4959 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004960void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004961{
4962 struct ebmb_node *node, *back;
4963 struct sni_ctx *sni;
4964
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004965 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004966 while (node) {
4967 sni = ebmb_entry(node, struct sni_ctx, name);
4968 back = ebmb_next(node);
4969 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004970 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02004971 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004972 ssl_sock_free_ssl_conf(sni->conf);
4973 free(sni->conf);
4974 sni->conf = NULL;
4975 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004976 free(sni);
4977 node = back;
4978 }
4979
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004980 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004981 while (node) {
4982 sni = ebmb_entry(node, struct sni_ctx, name);
4983 back = ebmb_next(node);
4984 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004985 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02004986 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004987 ssl_sock_free_ssl_conf(sni->conf);
4988 free(sni->conf);
4989 sni->conf = NULL;
4990 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004991 free(sni);
4992 node = back;
4993 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004994 SSL_CTX_free(bind_conf->initial_ctx);
4995 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004996 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004997 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02004998}
4999
Willy Tarreau795cdab2016-12-22 17:30:54 +01005000/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
5001void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
5002{
5003 ssl_sock_free_ca(bind_conf);
5004 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005005 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01005006 free(bind_conf->ca_sign_file);
5007 free(bind_conf->ca_sign_pass);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02005008 if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) {
Willy Tarreau795cdab2016-12-22 17:30:54 +01005009 free(bind_conf->keys_ref->filename);
5010 free(bind_conf->keys_ref->tlskeys);
5011 LIST_DEL(&bind_conf->keys_ref->list);
5012 free(bind_conf->keys_ref);
5013 }
5014 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005015 bind_conf->ca_sign_pass = NULL;
5016 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005017}
5018
Christopher Faulet31af49d2015-06-09 17:29:50 +02005019/* Load CA cert file and private key used to generate certificates */
5020int
Willy Tarreau03209342016-12-22 17:08:28 +01005021ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005022{
Willy Tarreau03209342016-12-22 17:08:28 +01005023 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005024 FILE *fp;
5025 X509 *cacert = NULL;
5026 EVP_PKEY *capkey = NULL;
5027 int err = 0;
5028
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02005029 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005030 return err;
5031
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005032#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02005033 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01005034 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005035 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02005036 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005037 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02005038#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02005039
Christopher Faulet31af49d2015-06-09 17:29:50 +02005040 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005041 ha_alert("Proxy '%s': cannot enable certificate generation, "
5042 "no CA certificate File configured at [%s:%d].\n",
5043 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005044 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005045 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005046
5047 /* read in the CA certificate */
5048 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005049 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5050 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005051 goto load_error;
5052 }
5053 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005054 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5055 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005056 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005057 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005058 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005059 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005060 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
5061 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005062 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005063 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005064
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005065 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005066 bind_conf->ca_sign_cert = cacert;
5067 bind_conf->ca_sign_pkey = capkey;
5068 return err;
5069
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005070 read_error:
5071 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005072 if (capkey) EVP_PKEY_free(capkey);
5073 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005074 load_error:
5075 bind_conf->generate_certs = 0;
5076 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005077 return err;
5078}
5079
5080/* Release CA cert and private key used to generate certificated */
5081void
5082ssl_sock_free_ca(struct bind_conf *bind_conf)
5083{
Christopher Faulet31af49d2015-06-09 17:29:50 +02005084 if (bind_conf->ca_sign_pkey)
5085 EVP_PKEY_free(bind_conf->ca_sign_pkey);
5086 if (bind_conf->ca_sign_cert)
5087 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01005088 bind_conf->ca_sign_pkey = NULL;
5089 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005090}
5091
Emeric Brun46591952012-05-18 15:47:34 +02005092/*
5093 * This function is called if SSL * context is not yet allocated. The function
5094 * is designed to be called before any other data-layer operation and sets the
5095 * handshake flag on the connection. It is safe to call it multiple times.
5096 * It returns 0 on success and -1 in error case.
5097 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005098static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005099{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005100 struct ssl_sock_ctx *ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005101 /* already initialized */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005102 if (*xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005103 return 0;
5104
Willy Tarreau3c728722014-01-23 13:50:42 +01005105 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005106 return 0;
5107
Olivier Houchard66ab4982019-02-26 18:37:15 +01005108 ctx = pool_alloc(ssl_sock_ctx_pool);
5109 if (!ctx) {
5110 conn->err_code = CO_ER_SSL_NO_MEM;
5111 return -1;
5112 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005113 ctx->wait_event.tasklet = tasklet_new();
5114 if (!ctx->wait_event.tasklet) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005115 conn->err_code = CO_ER_SSL_NO_MEM;
5116 pool_free(ssl_sock_ctx_pool, ctx);
5117 return -1;
5118 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005119 ctx->wait_event.tasklet->process = ssl_sock_io_cb;
5120 ctx->wait_event.tasklet->context = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005121 ctx->wait_event.events = 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005122 ctx->sent_early_data = 0;
5123 ctx->tmp_early_data = -1;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005124 ctx->conn = conn;
Olivier Houchard81284e62019-06-06 13:21:23 +02005125 ctx->send_wait = NULL;
5126 ctx->recv_wait = NULL;
Emeric Brun87cfd662019-09-06 15:36:02 +02005127 ctx->xprt_st = 0;
5128 ctx->xprt_ctx = NULL;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005129
5130 /* Only work with sockets for now, this should be adapted when we'll
5131 * add QUIC support.
5132 */
5133 ctx->xprt = xprt_get(XPRT_RAW);
Olivier Houchard19afb272019-05-23 18:24:07 +02005134 if (ctx->xprt->init) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005135 if (ctx->xprt->init(conn, &ctx->xprt_ctx) != 0)
5136 goto err;
Olivier Houchard19afb272019-05-23 18:24:07 +02005137 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005138
Willy Tarreau20879a02012-12-03 16:32:10 +01005139 if (global.maxsslconn && sslconns >= global.maxsslconn) {
5140 conn->err_code = CO_ER_SSL_TOO_MANY;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005141 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005142 }
Willy Tarreau403edff2012-09-06 11:58:37 +02005143
Emeric Brun46591952012-05-18 15:47:34 +02005144 /* If it is in client mode initiate SSL session
5145 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005146 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005147 int may_retry = 1;
5148
5149 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02005150 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005151 ctx->ssl = SSL_new(__objt_server(conn->target)->ssl_ctx.ctx);
5152 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005153 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005154 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005155 goto retry_connect;
5156 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005157 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005158 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005159 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005160 ctx->bio = BIO_new(ha_meth);
5161 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005162 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005163 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005164 goto retry_connect;
5165 }
Emeric Brun55476152014-11-12 17:35:37 +01005166 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005167 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005168 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005169 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005170 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005171
Evan Broderbe554312013-06-27 00:05:25 -07005172 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005173 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5174 SSL_free(ctx->ssl);
5175 ctx->ssl = NULL;
Emeric Brun55476152014-11-12 17:35:37 +01005176 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005177 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005178 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005179 goto retry_connect;
5180 }
Emeric Brun55476152014-11-12 17:35:37 +01005181 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005182 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005183 }
5184
Olivier Houchard66ab4982019-02-26 18:37:15 +01005185 SSL_set_connect_state(ctx->ssl);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005186 if (__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5187 const unsigned char *ptr = __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
5188 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, __objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005189 if (sess && !SSL_set_session(ctx->ssl, sess)) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005190 SSL_SESSION_free(sess);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005191 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5192 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Olivier Houcharde6060c52017-11-16 17:42:52 +01005193 } else if (sess) {
5194 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01005195 }
5196 }
Evan Broderbe554312013-06-27 00:05:25 -07005197
Emeric Brun46591952012-05-18 15:47:34 +02005198 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005199 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02005200
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005201 _HA_ATOMIC_ADD(&sslconns, 1);
5202 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005203 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005204 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005205 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005206 if (conn->flags & CO_FL_ERROR)
5207 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005208 return 0;
5209 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005210 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005211 int may_retry = 1;
5212
5213 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02005214 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005215 ctx->ssl = SSL_new(__objt_listener(conn->target)->bind_conf->initial_ctx);
5216 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005217 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005218 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005219 goto retry_accept;
5220 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005221 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005222 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005223 }
Emeric Brun46591952012-05-18 15:47:34 +02005224
Olivier Houcharda8955d52019-04-07 22:00:38 +02005225 ctx->bio = BIO_new(ha_meth);
5226 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005227 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005228 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005229 goto retry_accept;
5230 }
Emeric Brun55476152014-11-12 17:35:37 +01005231 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005232 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005233 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005234 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005235 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005236
Emeric Brune1f38db2012-09-03 20:36:47 +02005237 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005238 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5239 SSL_free(ctx->ssl);
5240 ctx->ssl = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005241 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005242 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005243 goto retry_accept;
5244 }
Emeric Brun55476152014-11-12 17:35:37 +01005245 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005246 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005247 }
5248
Olivier Houchard66ab4982019-02-26 18:37:15 +01005249 SSL_set_accept_state(ctx->ssl);
Emeric Brune1f38db2012-09-03 20:36:47 +02005250
Emeric Brun46591952012-05-18 15:47:34 +02005251 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005252 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Emmanuel Hocdet510fce52019-08-05 18:04:16 +02005253#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005254 conn->flags |= CO_FL_EARLY_SSL_HS;
5255#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02005256
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005257 _HA_ATOMIC_ADD(&sslconns, 1);
5258 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005259 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005260 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005261 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005262 if (conn->flags & CO_FL_ERROR)
5263 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005264 return 0;
5265 }
5266 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01005267 conn->err_code = CO_ER_SSL_NO_TARGET;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005268err:
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005269 if (ctx && ctx->wait_event.tasklet)
5270 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005271 pool_free(ssl_sock_ctx_pool, ctx);
Emeric Brun46591952012-05-18 15:47:34 +02005272 return -1;
5273}
5274
5275
5276/* This is the callback which is used when an SSL handshake is pending. It
5277 * updates the FD status if it wants some polling before being called again.
5278 * It returns 0 if it fails in a fatal way or needs to poll to go further,
5279 * otherwise it returns non-zero and removes itself from the connection's
5280 * flags (the bit is provided in <flag> by the caller).
5281 */
Olivier Houchard000694c2019-05-23 14:45:12 +02005282static int ssl_sock_handshake(struct connection *conn, unsigned int flag)
Emeric Brun46591952012-05-18 15:47:34 +02005283{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005284 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005285 int ret;
5286
Willy Tarreau3c728722014-01-23 13:50:42 +01005287 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005288 return 0;
5289
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005290 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005291 goto out_error;
5292
Willy Tarreau5db847a2019-05-09 14:13:35 +02005293#if HA_OPENSSL_VERSION_NUMBER >= 0x10101000L
Olivier Houchardc2aae742017-09-22 18:26:28 +02005294 /*
5295 * Check if we have early data. If we do, we have to read them
5296 * before SSL_do_handshake() is called, And there's no way to
5297 * detect early data, except to try to read them
5298 */
5299 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5300 size_t read_data;
5301
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005302 ret = SSL_read_early_data(ctx->ssl, &ctx->tmp_early_data,
Olivier Houchardc2aae742017-09-22 18:26:28 +02005303 1, &read_data);
5304 if (ret == SSL_READ_EARLY_DATA_ERROR)
5305 goto check_error;
5306 if (ret == SSL_READ_EARLY_DATA_SUCCESS) {
5307 conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
5308 return 1;
5309 } else
5310 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5311 }
5312#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005313 /* If we use SSL_do_handshake to process a reneg initiated by
5314 * the remote peer, it sometimes returns SSL_ERROR_SSL.
5315 * Usually SSL_write and SSL_read are used and process implicitly
5316 * the reneg handshake.
5317 * Here we use SSL_peek as a workaround for reneg.
5318 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005319 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005320 char c;
5321
Olivier Houchard66ab4982019-02-26 18:37:15 +01005322 ret = SSL_peek(ctx->ssl, &c, 1);
Emeric Brun674b7432012-11-08 19:21:55 +01005323 if (ret <= 0) {
5324 /* handshake may have not been completed, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005325 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005326
Emeric Brun674b7432012-11-08 19:21:55 +01005327 if (ret == SSL_ERROR_WANT_WRITE) {
5328 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005329 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005330 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01005331 return 0;
5332 }
5333 else if (ret == SSL_ERROR_WANT_READ) {
5334 /* handshake may have been completed but we have
5335 * no more data to read.
5336 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005337 if (!SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005338 ret = 1;
5339 goto reneg_ok;
5340 }
5341 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005342 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005343 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01005344 return 0;
5345 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005346#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005347 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005348 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005349 return 0;
5350 }
5351#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005352 else if (ret == SSL_ERROR_SYSCALL) {
5353 /* if errno is null, then connection was successfully established */
5354 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5355 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01005356 if (!conn->err_code) {
Lukas Tribus5db881f2019-07-08 14:29:15 +02005357#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
5358 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005359 conn->err_code = CO_ER_SSL_HANDSHAKE;
5360#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005361 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005362#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus5db881f2019-07-08 14:29:15 +02005363 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005364 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)ctx->ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005365 empty_handshake = state == TLS_ST_BEFORE;
5366#else
Lukas Tribus5db881f2019-07-08 14:29:15 +02005367 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
5368 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005369#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005370 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02005371 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005372 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005373 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5374 else
5375 conn->err_code = CO_ER_SSL_EMPTY;
5376 }
5377 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005378 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005379 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5380 else
5381 conn->err_code = CO_ER_SSL_ABORT;
5382 }
5383 }
5384 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005385 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005386 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01005387 else
Emeric Brun29f037d2014-04-25 19:05:36 +02005388 conn->err_code = CO_ER_SSL_HANDSHAKE;
5389 }
Lukas Tribus5db881f2019-07-08 14:29:15 +02005390#endif /* BoringSSL or LibreSSL */
Willy Tarreau20879a02012-12-03 16:32:10 +01005391 }
Emeric Brun674b7432012-11-08 19:21:55 +01005392 goto out_error;
5393 }
5394 else {
5395 /* Fail on all other handshake errors */
5396 /* Note: OpenSSL may leave unread bytes in the socket's
5397 * buffer, causing an RST to be emitted upon close() on
5398 * TCP sockets. We first try to drain possibly pending
5399 * data to avoid this as much as possible.
5400 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005401 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005402 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005403 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02005404 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01005405 goto out_error;
5406 }
5407 }
5408 /* read some data: consider handshake completed */
5409 goto reneg_ok;
5410 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005411 ret = SSL_do_handshake(ctx->ssl);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005412check_error:
Emeric Brun46591952012-05-18 15:47:34 +02005413 if (ret != 1) {
5414 /* handshake did not complete, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005415 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005416
5417 if (ret == SSL_ERROR_WANT_WRITE) {
5418 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005419 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005420 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02005421 return 0;
5422 }
5423 else if (ret == SSL_ERROR_WANT_READ) {
5424 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchardea8dd942019-05-20 14:02:16 +02005425 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005426 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
5427 SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02005428 return 0;
5429 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005430#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005431 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005432 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005433 return 0;
5434 }
5435#endif
Willy Tarreau89230192012-09-28 20:22:13 +02005436 else if (ret == SSL_ERROR_SYSCALL) {
5437 /* if errno is null, then connection was successfully established */
5438 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5439 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005440 if (!conn->err_code) {
Lukas Tribus5db881f2019-07-08 14:29:15 +02005441#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
5442 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005443 conn->err_code = CO_ER_SSL_HANDSHAKE;
5444#else
5445 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005446#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus5db881f2019-07-08 14:29:15 +02005447 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005448 OSSL_HANDSHAKE_STATE state = SSL_get_state(ctx->ssl);
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005449 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005450#else
Lukas Tribus5db881f2019-07-08 14:29:15 +02005451 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
5452 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005453#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005454 if (empty_handshake) {
5455 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005456 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005457 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5458 else
5459 conn->err_code = CO_ER_SSL_EMPTY;
5460 }
5461 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005462 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005463 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5464 else
5465 conn->err_code = CO_ER_SSL_ABORT;
5466 }
Emeric Brun29f037d2014-04-25 19:05:36 +02005467 }
5468 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005469 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005470 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5471 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005472 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02005473 }
Lukas Tribus5db881f2019-07-08 14:29:15 +02005474#endif /* BoringSSL or LibreSSL */
Emeric Brun29f037d2014-04-25 19:05:36 +02005475 }
Willy Tarreau89230192012-09-28 20:22:13 +02005476 goto out_error;
5477 }
Emeric Brun46591952012-05-18 15:47:34 +02005478 else {
5479 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02005480 /* Note: OpenSSL may leave unread bytes in the socket's
5481 * buffer, causing an RST to be emitted upon close() on
5482 * TCP sockets. We first try to drain possibly pending
5483 * data to avoid this as much as possible.
5484 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005485 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005486 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005487 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02005488 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005489 goto out_error;
5490 }
5491 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005492#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard522eea72017-11-03 16:27:47 +01005493 else {
5494 /*
5495 * If the server refused the early data, we have to send a
5496 * 425 to the client, as we no longer have the data to sent
5497 * them again.
5498 */
5499 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005500 if (SSL_get_early_data_status(ctx->ssl) == SSL_EARLY_DATA_REJECTED) {
Olivier Houchard522eea72017-11-03 16:27:47 +01005501 conn->err_code = CO_ER_SSL_EARLY_FAILED;
5502 goto out_error;
5503 }
5504 }
5505 }
5506#endif
5507
Emeric Brun46591952012-05-18 15:47:34 +02005508
Emeric Brun674b7432012-11-08 19:21:55 +01005509reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00005510
Willy Tarreau5db847a2019-05-09 14:13:35 +02005511#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005512 /* ASYNC engine API doesn't support moving read/write
5513 * buffers. So we disable ASYNC mode right after
5514 * the handshake to avoid buffer oveflows.
5515 */
5516 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005517 SSL_clear_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005518#endif
Emeric Brun46591952012-05-18 15:47:34 +02005519 /* Handshake succeeded */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005520 if (!SSL_session_reused(ctx->ssl)) {
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005521 if (objt_server(conn->target)) {
5522 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
5523 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
5524 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02005525 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005526 else {
5527 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
5528 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
5529 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
5530 }
Emeric Brun46591952012-05-18 15:47:34 +02005531 }
5532
5533 /* The connection is now established at both layers, it's time to leave */
5534 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
5535 return 1;
5536
5537 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005538 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005539 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005540 ERR_clear_error();
5541
Emeric Brun9fa89732012-10-04 17:09:56 +02005542 /* free resumed session if exists */
Willy Tarreau07d94e42018-09-20 10:57:52 +02005543 if (objt_server(conn->target) && __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5544 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5545 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02005546 }
5547
Emeric Brun46591952012-05-18 15:47:34 +02005548 /* Fail on all other handshake errors */
5549 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01005550 if (!conn->err_code)
5551 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005552 return 0;
5553}
5554
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005555static int ssl_subscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01005556{
Olivier Houchardea8dd942019-05-20 14:02:16 +02005557 struct wait_event *sw;
5558 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005559
Olivier Houcharda37eb6a2019-06-24 18:57:39 +02005560 if (!ctx)
5561 return -1;
5562
Olivier Houchardea8dd942019-05-20 14:02:16 +02005563 if (event_type & SUB_RETRY_RECV) {
5564 sw = param;
5565 BUG_ON(ctx->recv_wait != NULL || (sw->events & SUB_RETRY_RECV));
5566 sw->events |= SUB_RETRY_RECV;
5567 ctx->recv_wait = sw;
5568 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
5569 !(ctx->wait_event.events & SUB_RETRY_RECV))
5570 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
5571 event_type &= ~SUB_RETRY_RECV;
5572 }
5573 if (event_type & SUB_RETRY_SEND) {
5574sw = param;
5575 BUG_ON(ctx->send_wait != NULL || (sw->events & SUB_RETRY_SEND));
5576 sw->events |= SUB_RETRY_SEND;
5577 ctx->send_wait = sw;
5578 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
5579 !(ctx->wait_event.events & SUB_RETRY_SEND))
5580 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
5581 event_type &= ~SUB_RETRY_SEND;
5582
5583 }
5584 if (event_type != 0)
5585 return -1;
5586 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01005587}
5588
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005589static int ssl_unsubscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01005590{
Olivier Houchardea8dd942019-05-20 14:02:16 +02005591 struct wait_event *sw;
5592 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005593
Olivier Houchardea8dd942019-05-20 14:02:16 +02005594 if (event_type & SUB_RETRY_RECV) {
5595 sw = param;
5596 BUG_ON(ctx->recv_wait != sw);
5597 ctx->recv_wait = NULL;
5598 sw->events &= ~SUB_RETRY_RECV;
5599 /* If we subscribed, and we're not doing the handshake,
5600 * then we subscribed because the upper layer asked for it,
5601 * as the upper layer is no longer interested, we can
5602 * unsubscribe too.
5603 */
5604 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
5605 (ctx->wait_event.events & SUB_RETRY_RECV))
5606 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV,
5607 &ctx->wait_event);
5608 }
5609 if (event_type & SUB_RETRY_SEND) {
5610 sw = param;
5611 BUG_ON(ctx->send_wait != sw);
5612 ctx->send_wait = NULL;
5613 sw->events &= ~SUB_RETRY_SEND;
5614 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
5615 (ctx->wait_event.events & SUB_RETRY_SEND))
5616 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND,
5617 &ctx->wait_event);
5618
5619 }
5620
5621 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01005622}
5623
Olivier Houchard2e055482019-05-27 19:50:12 +02005624/* Use the provided XPRT as an underlying XPRT, and provide the old one.
5625 * Returns 0 on success, and non-zero on failure.
5626 */
5627static int ssl_add_xprt(struct connection *conn, void *xprt_ctx, void *toadd_ctx, const struct xprt_ops *toadd_ops, void **oldxprt_ctx, const struct xprt_ops **oldxprt_ops)
5628{
5629 struct ssl_sock_ctx *ctx = xprt_ctx;
5630
5631 if (oldxprt_ops != NULL)
5632 *oldxprt_ops = ctx->xprt;
5633 if (oldxprt_ctx != NULL)
5634 *oldxprt_ctx = ctx->xprt_ctx;
5635 ctx->xprt = toadd_ops;
5636 ctx->xprt_ctx = toadd_ctx;
5637 return 0;
5638}
5639
Olivier Houchard5149b592019-05-23 17:47:36 +02005640/* Remove the specified xprt. If if it our underlying XPRT, remove it and
5641 * return 0, otherwise just call the remove_xprt method from the underlying
5642 * XPRT.
5643 */
5644static int ssl_remove_xprt(struct connection *conn, void *xprt_ctx, void *toremove_ctx, const struct xprt_ops *newops, void *newctx)
5645{
5646 struct ssl_sock_ctx *ctx = xprt_ctx;
5647
5648 if (ctx->xprt_ctx == toremove_ctx) {
5649 ctx->xprt_ctx = newctx;
5650 ctx->xprt = newops;
5651 return 0;
5652 }
5653 return (ctx->xprt->remove_xprt(conn, ctx->xprt_ctx, toremove_ctx, newops, newctx));
5654}
5655
Olivier Houchardea8dd942019-05-20 14:02:16 +02005656static struct task *ssl_sock_io_cb(struct task *t, void *context, unsigned short state)
5657{
5658 struct ssl_sock_ctx *ctx = context;
5659
5660 /* First if we're doing an handshake, try that */
5661 if (ctx->conn->flags & CO_FL_SSL_WAIT_HS)
5662 ssl_sock_handshake(ctx->conn, CO_FL_SSL_WAIT_HS);
5663 /* If we had an error, or the handshake is done and I/O is available,
5664 * let the upper layer know.
5665 * If no mux was set up yet, and nobody subscribed, then call
5666 * xprt_done_cb() ourself if it's set, or destroy the connection,
5667 * we can't be sure conn_fd_handler() will be called again.
5668 */
5669 if ((ctx->conn->flags & CO_FL_ERROR) ||
5670 !(ctx->conn->flags & CO_FL_SSL_WAIT_HS)) {
5671 int ret = 0;
5672 int woke = 0;
5673
5674 /* On error, wake any waiter */
5675 if (ctx->recv_wait) {
5676 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005677 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005678 ctx->recv_wait = NULL;
5679 woke = 1;
5680 }
5681 if (ctx->send_wait) {
5682 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005683 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005684 ctx->send_wait = NULL;
5685 woke = 1;
5686 }
5687 /* If we're the first xprt for the connection, let the
5688 * upper layers know. If xprt_done_cb() is set, call it,
5689 * otherwise, we should have a mux, so call its wake
5690 * method if we didn't woke a tasklet already.
5691 */
5692 if (ctx->conn->xprt_ctx == ctx) {
5693 if (ctx->conn->xprt_done_cb)
5694 ret = ctx->conn->xprt_done_cb(ctx->conn);
5695 if (ret >= 0 && !woke && ctx->conn->mux && ctx->conn->mux->wake)
5696 ctx->conn->mux->wake(ctx->conn);
5697 return NULL;
5698 }
5699 }
5700 return NULL;
5701}
5702
Emeric Brun46591952012-05-18 15:47:34 +02005703/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01005704 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02005705 * buffer wraps, in which case a second call may be performed. The connection's
5706 * flags are updated with whatever special event is detected (error, read0,
5707 * empty). The caller is responsible for taking care of those events and
5708 * avoiding the call if inappropriate. The function does not call the
5709 * connection's polling update function, so the caller is responsible for this.
5710 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005711static size_t ssl_sock_to_buf(struct connection *conn, void *xprt_ctx, struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005712{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005713 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreaubfc4d772018-07-18 11:22:03 +02005714 ssize_t ret;
5715 size_t try, done = 0;
Emeric Brun46591952012-05-18 15:47:34 +02005716
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005717 conn_refresh_polling_flags(conn);
5718
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005719 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005720 goto out_error;
5721
5722 if (conn->flags & CO_FL_HANDSHAKE)
5723 /* a handshake was requested */
5724 return 0;
5725
Emeric Brun46591952012-05-18 15:47:34 +02005726 /* read the largest possible block. For this, we perform only one call
5727 * to recv() unless the buffer wraps and we exactly fill the first hunk,
5728 * in which case we accept to do it once again. A new attempt is made on
5729 * EINTR too.
5730 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01005731 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005732 int need_out = 0;
5733
Willy Tarreau591d4452018-06-15 17:21:00 +02005734 try = b_contig_space(buf);
5735 if (!try)
5736 break;
5737
Willy Tarreauabf08d92014-01-14 11:31:27 +01005738 if (try > count)
5739 try = count;
Willy Tarreau591d4452018-06-15 17:21:00 +02005740
Olivier Houchardc2aae742017-09-22 18:26:28 +02005741 if (((conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_EARLY_SSL_HS) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005742 ctx->tmp_early_data != -1) {
5743 *b_tail(buf) = ctx->tmp_early_data;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005744 done++;
5745 try--;
5746 count--;
Olivier Houchardacd14032018-06-28 18:17:23 +02005747 b_add(buf, 1);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005748 ctx->tmp_early_data = -1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005749 continue;
5750 }
Willy Tarreauabf08d92014-01-14 11:31:27 +01005751
Willy Tarreau5db847a2019-05-09 14:13:35 +02005752#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005753 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5754 size_t read_length;
5755
Olivier Houchard66ab4982019-02-26 18:37:15 +01005756 ret = SSL_read_early_data(ctx->ssl,
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005757 b_tail(buf), try, &read_length);
Olivier Houchard522eea72017-11-03 16:27:47 +01005758 if (ret == SSL_READ_EARLY_DATA_SUCCESS &&
5759 read_length > 0)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005760 conn->flags |= CO_FL_EARLY_DATA;
5761 if (ret == SSL_READ_EARLY_DATA_SUCCESS ||
5762 ret == SSL_READ_EARLY_DATA_FINISH) {
5763 if (ret == SSL_READ_EARLY_DATA_FINISH) {
5764 /*
5765 * We're done reading the early data,
5766 * let's make the handshake
5767 */
5768 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5769 conn->flags |= CO_FL_SSL_WAIT_HS;
5770 need_out = 1;
Olivier Houchard965e84e2019-06-15 20:59:30 +02005771 /* Now initiate the handshake */
5772 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005773 if (read_length == 0)
5774 break;
5775 }
5776 ret = read_length;
5777 }
5778 } else
5779#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01005780 ret = SSL_read(ctx->ssl, b_tail(buf), try);
Emmanuel Hocdet510fce52019-08-05 18:04:16 +02005781
Emeric Brune1f38db2012-09-03 20:36:47 +02005782 if (conn->flags & CO_FL_ERROR) {
5783 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005784 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005785 }
Emeric Brun46591952012-05-18 15:47:34 +02005786 if (ret > 0) {
Olivier Houchardacd14032018-06-28 18:17:23 +02005787 b_add(buf, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005788 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005789 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005790 }
Emeric Brun46591952012-05-18 15:47:34 +02005791 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005792 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005793 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005794 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02005795 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005796 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02005797#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005798 /* Async mode can be re-enabled, because we're leaving data state.*/
5799 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005800 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005801#endif
Emeric Brun46591952012-05-18 15:47:34 +02005802 break;
5803 }
5804 else if (ret == SSL_ERROR_WANT_READ) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005805 if (SSL_renegotiate_pending(ctx->ssl)) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005806 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
5807 SUB_RETRY_RECV,
5808 &ctx->wait_event);
Emeric Brun282a76a2012-11-08 18:02:56 +01005809 /* handshake is running, and it may need to re-enable read */
5810 conn->flags |= CO_FL_SSL_WAIT_HS;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005811#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005812 /* Async mode can be re-enabled, because we're leaving data state.*/
5813 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005814 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005815#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005816 break;
5817 }
Emeric Brun46591952012-05-18 15:47:34 +02005818 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005819 } else if (ret == SSL_ERROR_ZERO_RETURN)
5820 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005821 /* For SSL_ERROR_SYSCALL, make sure to clear the error
5822 * stack before shutting down the connection for
5823 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005824 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
5825 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02005826 /* otherwise it's a real error */
5827 goto out_error;
5828 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005829 if (need_out)
5830 break;
Emeric Brun46591952012-05-18 15:47:34 +02005831 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005832 leave:
Emeric Brun46591952012-05-18 15:47:34 +02005833 return done;
5834
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005835 clear_ssl_error:
5836 /* Clear openssl global errors stack */
5837 ssl_sock_dump_errors(conn);
5838 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02005839 read0:
5840 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005841 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005842
Emeric Brun46591952012-05-18 15:47:34 +02005843 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005844 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01005845 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005846 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005847 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005848 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005849}
5850
5851
Willy Tarreau787db9a2018-06-14 18:31:46 +02005852/* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s
5853 * socket. <flags> may contain some CO_SFL_* flags to hint the system about
5854 * other pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02005855 * Only one call to send() is performed, unless the buffer wraps, in which case
5856 * a second call may be performed. The connection's flags are updated with
5857 * whatever special event is detected (error, empty). The caller is responsible
5858 * for taking care of those events and avoiding the call if inappropriate. The
5859 * function does not call the connection's polling update function, so the caller
Willy Tarreau787db9a2018-06-14 18:31:46 +02005860 * is responsible for this. The buffer's output is not adjusted, it's up to the
5861 * caller to take care of this. It's up to the caller to update the buffer's
5862 * contents based on the return value.
Emeric Brun46591952012-05-18 15:47:34 +02005863 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005864static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005865{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005866 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreau787db9a2018-06-14 18:31:46 +02005867 ssize_t ret;
5868 size_t try, done;
Emeric Brun46591952012-05-18 15:47:34 +02005869
5870 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005871 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005872
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005873 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005874 goto out_error;
5875
Olivier Houchard010941f2019-05-03 20:56:19 +02005876 if (conn->flags & (CO_FL_HANDSHAKE | CO_FL_EARLY_SSL_HS))
Emeric Brun46591952012-05-18 15:47:34 +02005877 /* a handshake was requested */
5878 return 0;
5879
5880 /* send the largest possible block. For this we perform only one call
5881 * to send() unless the buffer wraps and we exactly fill the first hunk,
5882 * in which case we accept to do it once again.
5883 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02005884 while (count) {
Willy Tarreau5db847a2019-05-09 14:13:35 +02005885#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005886 size_t written_data;
5887#endif
5888
Willy Tarreau787db9a2018-06-14 18:31:46 +02005889 try = b_contig_data(buf, done);
5890 if (try > count)
5891 try = count;
Willy Tarreaubfd59462013-02-21 07:46:09 +01005892
Willy Tarreau7bed9452014-02-02 02:00:24 +01005893 if (!(flags & CO_SFL_STREAMER) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005894 !(ctx->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01005895 global_ssl.max_record && try > global_ssl.max_record) {
5896 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005897 }
5898 else {
5899 /* we need to keep the information about the fact that
5900 * we're not limiting the upcoming send(), because if it
5901 * fails, we'll have to retry with at least as many data.
5902 */
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005903 ctx->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005904 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01005905
Willy Tarreau5db847a2019-05-09 14:13:35 +02005906#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard010941f2019-05-03 20:56:19 +02005907 if (!SSL_is_init_finished(ctx->ssl) && conn_is_back(conn)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005908 unsigned int max_early;
5909
Olivier Houchard522eea72017-11-03 16:27:47 +01005910 if (objt_listener(conn->target))
Olivier Houchard66ab4982019-02-26 18:37:15 +01005911 max_early = SSL_get_max_early_data(ctx->ssl);
Olivier Houchard522eea72017-11-03 16:27:47 +01005912 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005913 if (SSL_get0_session(ctx->ssl))
5914 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(ctx->ssl));
Olivier Houchard522eea72017-11-03 16:27:47 +01005915 else
5916 max_early = 0;
5917 }
5918
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005919 if (try + ctx->sent_early_data > max_early) {
5920 try -= (try + ctx->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01005921 if (try <= 0) {
Olivier Houchard010941f2019-05-03 20:56:19 +02005922 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchard965e84e2019-06-15 20:59:30 +02005923 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005924 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01005925 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005926 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005927 ret = SSL_write_early_data(ctx->ssl, b_peek(buf, done), try, &written_data);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005928 if (ret == 1) {
5929 ret = written_data;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005930 ctx->sent_early_data += ret;
Olivier Houchard965e84e2019-06-15 20:59:30 +02005931 if (objt_server(conn->target)) {
Olivier Houchard522eea72017-11-03 16:27:47 +01005932 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
Olivier Houchard965e84e2019-06-15 20:59:30 +02005933 /* Initiate the handshake, now */
5934 tasklet_wakeup(ctx->wait_event.tasklet);
5935 }
Olivier Houchard522eea72017-11-03 16:27:47 +01005936
Olivier Houchardc2aae742017-09-22 18:26:28 +02005937 }
5938
5939 } else
5940#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01005941 ret = SSL_write(ctx->ssl, b_peek(buf, done), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01005942
Emeric Brune1f38db2012-09-03 20:36:47 +02005943 if (conn->flags & CO_FL_ERROR) {
5944 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005945 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005946 }
Emeric Brun46591952012-05-18 15:47:34 +02005947 if (ret > 0) {
Olivier Houchardf24502b2019-01-17 19:09:11 +01005948 /* A send succeeded, so we can consier ourself connected */
5949 conn->flags |= CO_FL_CONNECTED;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005950 ctx->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau787db9a2018-06-14 18:31:46 +02005951 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005952 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005953 }
5954 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005955 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005956
Emeric Brun46591952012-05-18 15:47:34 +02005957 if (ret == SSL_ERROR_WANT_WRITE) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005958 if (SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005959 /* handshake is running, and it may need to re-enable write */
5960 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005961 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02005962#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005963 /* Async mode can be re-enabled, because we're leaving data state.*/
5964 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005965 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005966#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005967 break;
5968 }
Olivier Houchardea8dd942019-05-20 14:02:16 +02005969
Emeric Brun46591952012-05-18 15:47:34 +02005970 break;
5971 }
5972 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005973 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02005974 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005975 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
5976 SUB_RETRY_RECV,
5977 &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02005978#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005979 /* Async mode can be re-enabled, because we're leaving data state.*/
5980 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005981 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005982#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005983 break;
5984 }
Emeric Brun46591952012-05-18 15:47:34 +02005985 goto out_error;
5986 }
5987 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005988 leave:
Emeric Brun46591952012-05-18 15:47:34 +02005989 return done;
5990
5991 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005992 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005993 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005994 ERR_clear_error();
5995
Emeric Brun46591952012-05-18 15:47:34 +02005996 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005997 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005998}
5999
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006000static void ssl_sock_close(struct connection *conn, void *xprt_ctx) {
Emeric Brun46591952012-05-18 15:47:34 +02006001
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006002 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006003
Olivier Houchardea8dd942019-05-20 14:02:16 +02006004
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006005 if (ctx) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006006 if (ctx->wait_event.events != 0)
6007 ctx->xprt->unsubscribe(ctx->conn, ctx->xprt_ctx,
6008 ctx->wait_event.events,
6009 &ctx->wait_event);
6010 if (ctx->send_wait) {
6011 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006012 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006013 }
6014 if (ctx->recv_wait) {
6015 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006016 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006017 }
Olivier Houchard692c1d02019-05-23 18:41:47 +02006018 if (ctx->xprt->close)
6019 ctx->xprt->close(conn, ctx->xprt_ctx);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006020#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02006021 if (global_ssl.async) {
6022 OSSL_ASYNC_FD all_fd[32], afd;
6023 size_t num_all_fds = 0;
6024 int i;
6025
Olivier Houchard66ab4982019-02-26 18:37:15 +01006026 SSL_get_all_async_fds(ctx->ssl, NULL, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006027 if (num_all_fds > 32) {
6028 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
6029 return;
6030 }
6031
Olivier Houchard66ab4982019-02-26 18:37:15 +01006032 SSL_get_all_async_fds(ctx->ssl, all_fd, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006033
6034 /* If an async job is pending, we must try to
6035 to catch the end using polling before calling
6036 SSL_free */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006037 if (num_all_fds && SSL_waiting_for_async(ctx->ssl)) {
Emeric Brun3854e012017-05-17 20:42:48 +02006038 for (i=0 ; i < num_all_fds ; i++) {
6039 /* switch on an handler designed to
6040 * handle the SSL_free
6041 */
6042 afd = all_fd[i];
6043 fdtab[afd].iocb = ssl_async_fd_free;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006044 fdtab[afd].owner = ctx->ssl;
Emeric Brun3854e012017-05-17 20:42:48 +02006045 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00006046 /* To ensure that the fd cache won't be used
6047 * and we'll catch a real RD event.
6048 */
6049 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02006050 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006051 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006052 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006053 _HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006054 return;
6055 }
Emeric Brun3854e012017-05-17 20:42:48 +02006056 /* Else we can remove the fds from the fdtab
6057 * and call SSL_free.
6058 * note: we do a fd_remove and not a delete
6059 * because the fd is owned by the engine.
6060 * the engine is responsible to close
6061 */
6062 for (i=0 ; i < num_all_fds ; i++)
6063 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006064 }
6065#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006066 SSL_free(ctx->ssl);
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006067 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006068 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006069 _HA_ATOMIC_SUB(&sslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006070 }
Emeric Brun46591952012-05-18 15:47:34 +02006071}
6072
6073/* This function tries to perform a clean shutdown on an SSL connection, and in
6074 * any case, flags the connection as reusable if no handshake was in progress.
6075 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006076static void ssl_sock_shutw(struct connection *conn, void *xprt_ctx, int clean)
Emeric Brun46591952012-05-18 15:47:34 +02006077{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006078 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006079
Emeric Brun46591952012-05-18 15:47:34 +02006080 if (conn->flags & CO_FL_HANDSHAKE)
6081 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01006082 if (!clean)
6083 /* don't sent notify on SSL_shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006084 SSL_set_quiet_shutdown(ctx->ssl, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006085 /* no handshake was in progress, try a clean ssl shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006086 if (SSL_shutdown(ctx->ssl) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01006087 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006088 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006089 ERR_clear_error();
6090 }
Emeric Brun46591952012-05-18 15:47:34 +02006091}
6092
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006093/* used for ppv2 pkey alog (can be used for logging) */
Willy Tarreau83061a82018-07-13 11:56:34 +02006094int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006095{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006096 struct ssl_sock_ctx *ctx;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006097 struct pkey_info *pkinfo;
6098 int bits = 0;
6099 int sig = TLSEXT_signature_anonymous;
6100 int len = -1;
6101
6102 if (!ssl_sock_is_ssl(conn))
6103 return 0;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006104 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006105 pkinfo = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ctx->ssl), ssl_pkey_info_index);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006106 if (pkinfo) {
6107 sig = pkinfo->sig;
6108 bits = pkinfo->bits;
6109 } else {
6110 /* multicert and generated cert have no pkey info */
6111 X509 *crt;
6112 EVP_PKEY *pkey;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006113 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006114 if (!crt)
6115 return 0;
6116 pkey = X509_get_pubkey(crt);
6117 if (pkey) {
6118 bits = EVP_PKEY_bits(pkey);
6119 switch(EVP_PKEY_base_id(pkey)) {
6120 case EVP_PKEY_RSA:
6121 sig = TLSEXT_signature_rsa;
6122 break;
6123 case EVP_PKEY_EC:
6124 sig = TLSEXT_signature_ecdsa;
6125 break;
6126 case EVP_PKEY_DSA:
6127 sig = TLSEXT_signature_dsa;
6128 break;
6129 }
6130 EVP_PKEY_free(pkey);
6131 }
6132 }
6133
6134 switch(sig) {
6135 case TLSEXT_signature_rsa:
6136 len = chunk_printf(out, "RSA%d", bits);
6137 break;
6138 case TLSEXT_signature_ecdsa:
6139 len = chunk_printf(out, "EC%d", bits);
6140 break;
6141 case TLSEXT_signature_dsa:
6142 len = chunk_printf(out, "DSA%d", bits);
6143 break;
6144 default:
6145 return 0;
6146 }
6147 if (len < 0)
6148 return 0;
6149 return 1;
6150}
6151
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006152/* used for ppv2 cert signature (can be used for logging) */
6153const char *ssl_sock_get_cert_sig(struct connection *conn)
6154{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006155 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006156
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006157 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
6158 X509 *crt;
6159
6160 if (!ssl_sock_is_ssl(conn))
6161 return NULL;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006162 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006163 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006164 if (!crt)
6165 return NULL;
6166 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6167 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
6168}
6169
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006170/* used for ppv2 authority */
6171const char *ssl_sock_get_sni(struct connection *conn)
6172{
6173#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006174 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006175
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006176 if (!ssl_sock_is_ssl(conn))
6177 return NULL;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006178 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006179 return SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006180#else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006181 return NULL;
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006182#endif
6183}
6184
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006185/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006186const char *ssl_sock_get_cipher_name(struct connection *conn)
6187{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006188 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006189
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006190 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006191 return NULL;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006192 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006193 return SSL_get_cipher_name(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006194}
6195
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006196/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006197const char *ssl_sock_get_proto_version(struct connection *conn)
6198{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006199 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006200
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006201 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006202 return NULL;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006203 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006204 return SSL_get_version(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006205}
6206
Willy Tarreau8d598402012-10-22 17:58:39 +02006207/* Extract a serial from a cert, and copy it to a chunk.
6208 * Returns 1 if serial is found and copied, 0 if no serial found and
6209 * -1 if output is not large enough.
6210 */
6211static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006212ssl_sock_get_serial(X509 *crt, struct buffer *out)
Willy Tarreau8d598402012-10-22 17:58:39 +02006213{
6214 ASN1_INTEGER *serial;
6215
6216 serial = X509_get_serialNumber(crt);
6217 if (!serial)
6218 return 0;
6219
6220 if (out->size < serial->length)
6221 return -1;
6222
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006223 memcpy(out->area, serial->data, serial->length);
6224 out->data = serial->length;
Willy Tarreau8d598402012-10-22 17:58:39 +02006225 return 1;
6226}
6227
Emeric Brun43e79582014-10-29 19:03:26 +01006228/* Extract a cert to der, and copy it to a chunk.
Joseph Herlant017b3da2018-11-15 09:07:59 -08006229 * Returns 1 if the cert is found and copied, 0 on der conversion failure
6230 * and -1 if the output is not large enough.
Emeric Brun43e79582014-10-29 19:03:26 +01006231 */
6232static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006233ssl_sock_crt2der(X509 *crt, struct buffer *out)
Emeric Brun43e79582014-10-29 19:03:26 +01006234{
6235 int len;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006236 unsigned char *p = (unsigned char *) out->area;;
Emeric Brun43e79582014-10-29 19:03:26 +01006237
6238 len =i2d_X509(crt, NULL);
6239 if (len <= 0)
6240 return 1;
6241
6242 if (out->size < len)
6243 return -1;
6244
6245 i2d_X509(crt,&p);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006246 out->data = len;
Emeric Brun43e79582014-10-29 19:03:26 +01006247 return 1;
6248}
6249
Emeric Brunce5ad802012-10-22 14:11:22 +02006250
Willy Tarreau83061a82018-07-13 11:56:34 +02006251/* Copy Date in ASN1_UTCTIME format in struct buffer out.
Emeric Brunce5ad802012-10-22 14:11:22 +02006252 * Returns 1 if serial is found and copied, 0 if no valid time found
6253 * and -1 if output is not large enough.
6254 */
6255static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006256ssl_sock_get_time(ASN1_TIME *tm, struct buffer *out)
Emeric Brunce5ad802012-10-22 14:11:22 +02006257{
6258 if (tm->type == V_ASN1_GENERALIZEDTIME) {
6259 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
6260
6261 if (gentm->length < 12)
6262 return 0;
6263 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
6264 return 0;
6265 if (out->size < gentm->length-2)
6266 return -1;
6267
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006268 memcpy(out->area, gentm->data+2, gentm->length-2);
6269 out->data = gentm->length-2;
Emeric Brunce5ad802012-10-22 14:11:22 +02006270 return 1;
6271 }
6272 else if (tm->type == V_ASN1_UTCTIME) {
6273 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
6274
6275 if (utctm->length < 10)
6276 return 0;
6277 if (utctm->data[0] >= 0x35)
6278 return 0;
6279 if (out->size < utctm->length)
6280 return -1;
6281
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006282 memcpy(out->area, utctm->data, utctm->length);
6283 out->data = utctm->length;
Emeric Brunce5ad802012-10-22 14:11:22 +02006284 return 1;
6285 }
6286
6287 return 0;
6288}
6289
Emeric Brun87855892012-10-17 17:39:35 +02006290/* Extract an entry from a X509_NAME and copy its value to an output chunk.
6291 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
6292 */
6293static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006294ssl_sock_get_dn_entry(X509_NAME *a, const struct buffer *entry, int pos,
6295 struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006296{
6297 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006298 ASN1_OBJECT *obj;
6299 ASN1_STRING *data;
6300 const unsigned char *data_ptr;
6301 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006302 int i, j, n;
6303 int cur = 0;
6304 const char *s;
6305 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006306 int name_count;
6307
6308 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006309
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006310 out->data = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006311 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02006312 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006313 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02006314 else
6315 j = i;
6316
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006317 ne = X509_NAME_get_entry(a, j);
6318 obj = X509_NAME_ENTRY_get_object(ne);
6319 data = X509_NAME_ENTRY_get_data(ne);
6320 data_ptr = ASN1_STRING_get0_data(data);
6321 data_len = ASN1_STRING_length(data);
6322 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006323 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006324 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006325 s = tmp;
6326 }
6327
6328 if (chunk_strcasecmp(entry, s) != 0)
6329 continue;
6330
6331 if (pos < 0)
6332 cur--;
6333 else
6334 cur++;
6335
6336 if (cur != pos)
6337 continue;
6338
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006339 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02006340 return -1;
6341
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006342 memcpy(out->area, data_ptr, data_len);
6343 out->data = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006344 return 1;
6345 }
6346
6347 return 0;
6348
6349}
6350
6351/* Extract and format full DN from a X509_NAME and copy result into a chunk
6352 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
6353 */
6354static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006355ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006356{
6357 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006358 ASN1_OBJECT *obj;
6359 ASN1_STRING *data;
6360 const unsigned char *data_ptr;
6361 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006362 int i, n, ln;
6363 int l = 0;
6364 const char *s;
6365 char *p;
6366 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006367 int name_count;
6368
6369
6370 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006371
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006372 out->data = 0;
6373 p = out->area;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006374 for (i = 0; i < name_count; i++) {
6375 ne = X509_NAME_get_entry(a, i);
6376 obj = X509_NAME_ENTRY_get_object(ne);
6377 data = X509_NAME_ENTRY_get_data(ne);
6378 data_ptr = ASN1_STRING_get0_data(data);
6379 data_len = ASN1_STRING_length(data);
6380 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006381 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006382 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006383 s = tmp;
6384 }
6385 ln = strlen(s);
6386
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006387 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006388 if (l > out->size)
6389 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006390 out->data = l;
Emeric Brun87855892012-10-17 17:39:35 +02006391
6392 *(p++)='/';
6393 memcpy(p, s, ln);
6394 p += ln;
6395 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006396 memcpy(p, data_ptr, data_len);
6397 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006398 }
6399
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006400 if (!out->data)
Emeric Brun87855892012-10-17 17:39:35 +02006401 return 0;
6402
6403 return 1;
6404}
6405
Olivier Houchardab28a322018-12-21 19:45:40 +01006406void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int len)
6407{
6408#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006409 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006410
Olivier Houchardaa2ecea2019-06-28 14:10:33 +02006411 if (!ssl_sock_is_ssl(conn))
6412 return;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006413 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006414 SSL_set_alpn_protos(ctx->ssl, alpn, len);
Olivier Houchardab28a322018-12-21 19:45:40 +01006415#endif
6416}
6417
Willy Tarreau119a4082016-12-22 21:58:38 +01006418/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
6419 * to disable SNI.
6420 */
Willy Tarreau63076412015-07-10 11:33:32 +02006421void ssl_sock_set_servername(struct connection *conn, const char *hostname)
6422{
6423#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006424 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006425
Willy Tarreau119a4082016-12-22 21:58:38 +01006426 char *prev_name;
6427
Willy Tarreau63076412015-07-10 11:33:32 +02006428 if (!ssl_sock_is_ssl(conn))
6429 return;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006430 ctx = conn->xprt_ctx;
Willy Tarreau63076412015-07-10 11:33:32 +02006431
Willy Tarreau119a4082016-12-22 21:58:38 +01006432 /* if the SNI changes, we must destroy the reusable context so that a
6433 * new connection will present a new SNI. As an optimization we could
6434 * later imagine having a small cache of ssl_ctx to hold a few SNI per
6435 * server.
6436 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006437 prev_name = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau119a4082016-12-22 21:58:38 +01006438 if ((!prev_name && hostname) ||
6439 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
Olivier Houchard66ab4982019-02-26 18:37:15 +01006440 SSL_set_session(ctx->ssl, NULL);
Willy Tarreau119a4082016-12-22 21:58:38 +01006441
Olivier Houchard66ab4982019-02-26 18:37:15 +01006442 SSL_set_tlsext_host_name(ctx->ssl, hostname);
Willy Tarreau63076412015-07-10 11:33:32 +02006443#endif
6444}
6445
Emeric Brun0abf8362014-06-24 18:26:41 +02006446/* Extract peer certificate's common name into the chunk dest
6447 * Returns
6448 * the len of the extracted common name
6449 * or 0 if no CN found in DN
6450 * or -1 on error case (i.e. no peer certificate)
6451 */
Willy Tarreau83061a82018-07-13 11:56:34 +02006452int ssl_sock_get_remote_common_name(struct connection *conn,
6453 struct buffer *dest)
David Safb76832014-05-08 23:42:08 -04006454{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006455 struct ssl_sock_ctx *ctx;
David Safb76832014-05-08 23:42:08 -04006456 X509 *crt = NULL;
6457 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04006458 const char find_cn[] = "CN";
Willy Tarreau83061a82018-07-13 11:56:34 +02006459 const struct buffer find_cn_chunk = {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006460 .area = (char *)&find_cn,
6461 .data = sizeof(find_cn)-1
David Safb76832014-05-08 23:42:08 -04006462 };
Emeric Brun0abf8362014-06-24 18:26:41 +02006463 int result = -1;
David Safb76832014-05-08 23:42:08 -04006464
6465 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02006466 goto out;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006467 ctx = conn->xprt_ctx;
David Safb76832014-05-08 23:42:08 -04006468
6469 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006470 crt = SSL_get_peer_certificate(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04006471 if (!crt)
6472 goto out;
6473
6474 name = X509_get_subject_name(crt);
6475 if (!name)
6476 goto out;
David Safb76832014-05-08 23:42:08 -04006477
Emeric Brun0abf8362014-06-24 18:26:41 +02006478 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
6479out:
David Safb76832014-05-08 23:42:08 -04006480 if (crt)
6481 X509_free(crt);
6482
6483 return result;
6484}
6485
Dave McCowan328fb582014-07-30 10:39:13 -04006486/* returns 1 if client passed a certificate for this session, 0 if not */
6487int ssl_sock_get_cert_used_sess(struct connection *conn)
6488{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006489 struct ssl_sock_ctx *ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04006490 X509 *crt = NULL;
6491
6492 if (!ssl_sock_is_ssl(conn))
6493 return 0;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006494 ctx = conn->xprt_ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04006495
6496 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006497 crt = SSL_get_peer_certificate(ctx->ssl);
Dave McCowan328fb582014-07-30 10:39:13 -04006498 if (!crt)
6499 return 0;
6500
6501 X509_free(crt);
6502 return 1;
6503}
6504
6505/* returns 1 if client passed a certificate for this connection, 0 if not */
6506int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04006507{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006508 struct ssl_sock_ctx *ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006509
David Safb76832014-05-08 23:42:08 -04006510 if (!ssl_sock_is_ssl(conn))
6511 return 0;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006512 ctx = conn->xprt_ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006513 return SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
David Safb76832014-05-08 23:42:08 -04006514}
6515
6516/* returns result from SSL verify */
6517unsigned int ssl_sock_get_verify_result(struct connection *conn)
6518{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006519 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006520
David Safb76832014-05-08 23:42:08 -04006521 if (!ssl_sock_is_ssl(conn))
6522 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006523 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006524 return (unsigned int)SSL_get_verify_result(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04006525}
6526
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006527/* Returns the application layer protocol name in <str> and <len> when known.
6528 * Zero is returned if the protocol name was not found, otherwise non-zero is
6529 * returned. The string is allocated in the SSL context and doesn't have to be
6530 * freed by the caller. NPN is also checked if available since older versions
6531 * of openssl (1.0.1) which are more common in field only support this one.
6532 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006533static int ssl_sock_get_alpn(const struct connection *conn, void *xprt_ctx, const char **str, int *len)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006534{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006535#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) || \
6536 defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006537 struct ssl_sock_ctx *ctx = xprt_ctx;
6538 if (!ctx)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006539 return 0;
6540
6541 *str = NULL;
6542
6543#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Olivier Houchard66ab4982019-02-26 18:37:15 +01006544 SSL_get0_alpn_selected(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006545 if (*str)
6546 return 1;
6547#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01006548#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006549 SSL_get0_next_proto_negotiated(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006550 if (*str)
6551 return 1;
6552#endif
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006553#endif
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006554 return 0;
6555}
6556
Willy Tarreau7875d092012-09-10 08:20:03 +02006557/***** Below are some sample fetching functions for ACL/patterns *****/
6558
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006559static int
6560smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
6561{
6562 struct connection *conn;
6563
6564 conn = objt_conn(smp->sess->origin);
6565 if (!conn || conn->xprt != &ssl_sock)
6566 return 0;
6567
6568 smp->flags = 0;
6569 smp->data.type = SMP_T_BOOL;
Emmanuel Hocdetbb8643c2019-08-07 14:44:49 +02006570#ifdef OPENSSL_IS_BORINGSSL
6571 {
6572 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6573 smp->data.u.sint = (SSL_in_early_data(ctx->ssl) &&
6574 SSL_early_data_accepted(ctx->ssl));
6575 }
6576#else
Olivier Houchard25ae45a2017-11-29 19:51:19 +01006577 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
6578 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_HANDSHAKE))) ? 1 : 0;
Emmanuel Hocdetbb8643c2019-08-07 14:44:49 +02006579#endif
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006580 return 1;
6581}
6582
Emeric Brune64aef12012-09-21 13:15:06 +02006583/* boolean, returns true if client cert was present */
6584static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006585smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02006586{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006587 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006588 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006589
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006590 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006591 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02006592 return 0;
6593
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006594 ctx = conn->xprt_ctx;
6595
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006596 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02006597 smp->flags |= SMP_F_MAY_CHANGE;
6598 return 0;
6599 }
6600
6601 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006602 smp->data.type = SMP_T_BOOL;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006603 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02006604
6605 return 1;
6606}
6607
Emeric Brun43e79582014-10-29 19:03:26 +01006608/* binary, returns a certificate in a binary chunk (der/raw).
6609 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6610 * should be use.
6611 */
6612static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006613smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01006614{
6615 int cert_peer = (kw[4] == 'c') ? 1 : 0;
6616 X509 *crt = NULL;
6617 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006618 struct buffer *smp_trash;
Emeric Brun43e79582014-10-29 19:03:26 +01006619 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006620 struct ssl_sock_ctx *ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01006621
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006622 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01006623 if (!conn || conn->xprt != &ssl_sock)
6624 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006625 ctx = conn->xprt_ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01006626
6627 if (!(conn->flags & CO_FL_CONNECTED)) {
6628 smp->flags |= SMP_F_MAY_CHANGE;
6629 return 0;
6630 }
6631
6632 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006633 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01006634 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006635 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01006636
6637 if (!crt)
6638 goto out;
6639
6640 smp_trash = get_trash_chunk();
6641 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
6642 goto out;
6643
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006644 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006645 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01006646 ret = 1;
6647out:
6648 /* SSL_get_peer_certificate, it increase X509 * ref count */
6649 if (cert_peer && crt)
6650 X509_free(crt);
6651 return ret;
6652}
6653
Emeric Brunba841a12014-04-30 17:05:08 +02006654/* binary, returns serial of certificate in a binary chunk.
6655 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6656 * should be use.
6657 */
Willy Tarreau8d598402012-10-22 17:58:39 +02006658static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006659smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02006660{
Emeric Brunba841a12014-04-30 17:05:08 +02006661 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02006662 X509 *crt = NULL;
6663 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006664 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006665 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006666 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006667
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006668 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006669 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02006670 return 0;
6671
Olivier Houchard66ab4982019-02-26 18:37:15 +01006672 ctx = conn->xprt_ctx;
6673
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006674 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02006675 smp->flags |= SMP_F_MAY_CHANGE;
6676 return 0;
6677 }
6678
Emeric Brunba841a12014-04-30 17:05:08 +02006679 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006680 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006681 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006682 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006683
Willy Tarreau8d598402012-10-22 17:58:39 +02006684 if (!crt)
6685 goto out;
6686
Willy Tarreau47ca5452012-12-23 20:22:19 +01006687 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02006688 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
6689 goto out;
6690
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006691 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006692 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02006693 ret = 1;
6694out:
Emeric Brunba841a12014-04-30 17:05:08 +02006695 /* SSL_get_peer_certificate, it increase X509 * ref count */
6696 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02006697 X509_free(crt);
6698 return ret;
6699}
Emeric Brune64aef12012-09-21 13:15:06 +02006700
Emeric Brunba841a12014-04-30 17:05:08 +02006701/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
6702 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6703 * should be use.
6704 */
James Votha051b4a2013-05-14 20:37:59 +02006705static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006706smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02006707{
Emeric Brunba841a12014-04-30 17:05:08 +02006708 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02006709 X509 *crt = NULL;
6710 const EVP_MD *digest;
6711 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006712 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006713 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006714 struct ssl_sock_ctx *ctx;
James Votha051b4a2013-05-14 20:37:59 +02006715
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006716 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006717 if (!conn || conn->xprt != &ssl_sock)
6718 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006719 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006720
6721 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02006722 smp->flags |= SMP_F_MAY_CHANGE;
6723 return 0;
6724 }
6725
Emeric Brunba841a12014-04-30 17:05:08 +02006726 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006727 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006728 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006729 crt = SSL_get_certificate(ctx->ssl);
James Votha051b4a2013-05-14 20:37:59 +02006730 if (!crt)
6731 goto out;
6732
6733 smp_trash = get_trash_chunk();
6734 digest = EVP_sha1();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006735 X509_digest(crt, digest, (unsigned char *) smp_trash->area,
6736 (unsigned int *)&smp_trash->data);
James Votha051b4a2013-05-14 20:37:59 +02006737
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006738 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006739 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02006740 ret = 1;
6741out:
Emeric Brunba841a12014-04-30 17:05:08 +02006742 /* SSL_get_peer_certificate, it increase X509 * ref count */
6743 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02006744 X509_free(crt);
6745 return ret;
6746}
6747
Emeric Brunba841a12014-04-30 17:05:08 +02006748/* string, returns certificate's notafter date in ASN1_UTCTIME format.
6749 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6750 * should be use.
6751 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006752static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006753smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006754{
Emeric Brunba841a12014-04-30 17:05:08 +02006755 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006756 X509 *crt = NULL;
6757 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006758 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006759 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006760 struct ssl_sock_ctx *ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02006761
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006762 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006763 if (!conn || conn->xprt != &ssl_sock)
6764 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006765 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006766
6767 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006768 smp->flags |= SMP_F_MAY_CHANGE;
6769 return 0;
6770 }
6771
Emeric Brunba841a12014-04-30 17:05:08 +02006772 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006773 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006774 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006775 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02006776 if (!crt)
6777 goto out;
6778
Willy Tarreau47ca5452012-12-23 20:22:19 +01006779 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08006780 if (ssl_sock_get_time(X509_getm_notAfter(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02006781 goto out;
6782
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006783 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006784 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006785 ret = 1;
6786out:
Emeric Brunba841a12014-04-30 17:05:08 +02006787 /* SSL_get_peer_certificate, it increase X509 * ref count */
6788 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006789 X509_free(crt);
6790 return ret;
6791}
6792
Emeric Brunba841a12014-04-30 17:05:08 +02006793/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
6794 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6795 * should be use.
6796 */
Emeric Brun87855892012-10-17 17:39:35 +02006797static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006798smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006799{
Emeric Brunba841a12014-04-30 17:05:08 +02006800 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006801 X509 *crt = NULL;
6802 X509_NAME *name;
6803 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006804 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006805 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006806 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02006807
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006808 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006809 if (!conn || conn->xprt != &ssl_sock)
6810 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006811 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006812
6813 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006814 smp->flags |= SMP_F_MAY_CHANGE;
6815 return 0;
6816 }
6817
Emeric Brunba841a12014-04-30 17:05:08 +02006818 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006819 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006820 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006821 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02006822 if (!crt)
6823 goto out;
6824
6825 name = X509_get_issuer_name(crt);
6826 if (!name)
6827 goto out;
6828
Willy Tarreau47ca5452012-12-23 20:22:19 +01006829 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006830 if (args && args[0].type == ARGT_STR) {
6831 int pos = 1;
6832
6833 if (args[1].type == ARGT_SINT)
6834 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006835
6836 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6837 goto out;
6838 }
6839 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6840 goto out;
6841
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006842 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006843 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006844 ret = 1;
6845out:
Emeric Brunba841a12014-04-30 17:05:08 +02006846 /* SSL_get_peer_certificate, it increase X509 * ref count */
6847 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006848 X509_free(crt);
6849 return ret;
6850}
6851
Emeric Brunba841a12014-04-30 17:05:08 +02006852/* string, returns notbefore date in ASN1_UTCTIME format.
6853 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6854 * should be use.
6855 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006856static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006857smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006858{
Emeric Brunba841a12014-04-30 17:05:08 +02006859 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006860 X509 *crt = NULL;
6861 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006862 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006863 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006864 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006865
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006866 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006867 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02006868 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006869 ctx = conn->xprt_ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02006870
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006871 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006872 smp->flags |= SMP_F_MAY_CHANGE;
6873 return 0;
6874 }
6875
Emeric Brunba841a12014-04-30 17:05:08 +02006876 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006877 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006878 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006879 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02006880 if (!crt)
6881 goto out;
6882
Willy Tarreau47ca5452012-12-23 20:22:19 +01006883 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08006884 if (ssl_sock_get_time(X509_getm_notBefore(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02006885 goto out;
6886
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006887 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006888 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006889 ret = 1;
6890out:
Emeric Brunba841a12014-04-30 17:05:08 +02006891 /* SSL_get_peer_certificate, it increase X509 * ref count */
6892 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006893 X509_free(crt);
6894 return ret;
6895}
6896
Emeric Brunba841a12014-04-30 17:05:08 +02006897/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
6898 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6899 * should be use.
6900 */
Emeric Brun87855892012-10-17 17:39:35 +02006901static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006902smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006903{
Emeric Brunba841a12014-04-30 17:05:08 +02006904 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006905 X509 *crt = NULL;
6906 X509_NAME *name;
6907 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006908 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006909 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006910 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02006911
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006912 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006913 if (!conn || conn->xprt != &ssl_sock)
6914 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006915 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006916
6917 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006918 smp->flags |= SMP_F_MAY_CHANGE;
6919 return 0;
6920 }
6921
Emeric Brunba841a12014-04-30 17:05:08 +02006922 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006923 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006924 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006925 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02006926 if (!crt)
6927 goto out;
6928
6929 name = X509_get_subject_name(crt);
6930 if (!name)
6931 goto out;
6932
Willy Tarreau47ca5452012-12-23 20:22:19 +01006933 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006934 if (args && args[0].type == ARGT_STR) {
6935 int pos = 1;
6936
6937 if (args[1].type == ARGT_SINT)
6938 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006939
6940 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6941 goto out;
6942 }
6943 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6944 goto out;
6945
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006946 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006947 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006948 ret = 1;
6949out:
Emeric Brunba841a12014-04-30 17:05:08 +02006950 /* SSL_get_peer_certificate, it increase X509 * ref count */
6951 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006952 X509_free(crt);
6953 return ret;
6954}
Emeric Brun9143d372012-12-20 15:44:16 +01006955
6956/* integer, returns true if current session use a client certificate */
6957static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006958smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01006959{
6960 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006961 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006962 struct ssl_sock_ctx *ctx;
Emeric Brun9143d372012-12-20 15:44:16 +01006963
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006964 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006965 if (!conn || conn->xprt != &ssl_sock)
6966 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006967 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006968
6969 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01006970 smp->flags |= SMP_F_MAY_CHANGE;
6971 return 0;
6972 }
6973
6974 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006975 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun9143d372012-12-20 15:44:16 +01006976 if (crt) {
6977 X509_free(crt);
6978 }
6979
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006980 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006981 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01006982 return 1;
6983}
6984
Emeric Brunba841a12014-04-30 17:05:08 +02006985/* integer, returns the certificate version
6986 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6987 * should be use.
6988 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02006989static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006990smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006991{
Emeric Brunba841a12014-04-30 17:05:08 +02006992 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006993 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006994 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006995 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006996
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006997 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006998 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006999 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007000 ctx = conn->xprt_ctx;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007001
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007002 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02007003 smp->flags |= SMP_F_MAY_CHANGE;
7004 return 0;
7005 }
7006
Emeric Brunba841a12014-04-30 17:05:08 +02007007 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007008 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007009 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007010 crt = SSL_get_certificate(ctx->ssl);
Emeric Bruna7359fd2012-10-17 15:03:11 +02007011 if (!crt)
7012 return 0;
7013
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007014 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02007015 /* SSL_get_peer_certificate increase X509 * ref count */
7016 if (cert_peer)
7017 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007018 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007019
7020 return 1;
7021}
7022
Emeric Brunba841a12014-04-30 17:05:08 +02007023/* string, returns the certificate's signature algorithm.
7024 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7025 * should be use.
7026 */
Emeric Brun7f56e742012-10-19 18:15:40 +02007027static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007028smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02007029{
Emeric Brunba841a12014-04-30 17:05:08 +02007030 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02007031 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007032 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02007033 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007034 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007035 struct ssl_sock_ctx *ctx;
Emeric Brun7f56e742012-10-19 18:15:40 +02007036
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007037 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007038 if (!conn || conn->xprt != &ssl_sock)
7039 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007040 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007041
7042 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02007043 smp->flags |= SMP_F_MAY_CHANGE;
7044 return 0;
7045 }
7046
Emeric Brunba841a12014-04-30 17:05:08 +02007047 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007048 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007049 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007050 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun7f56e742012-10-19 18:15:40 +02007051 if (!crt)
7052 return 0;
7053
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007054 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
7055 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02007056
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007057 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7058 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007059 /* SSL_get_peer_certificate increase X509 * ref count */
7060 if (cert_peer)
7061 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007062 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007063 }
Emeric Brun7f56e742012-10-19 18:15:40 +02007064
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007065 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007066 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007067 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007068 /* SSL_get_peer_certificate increase X509 * ref count */
7069 if (cert_peer)
7070 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007071
7072 return 1;
7073}
7074
Emeric Brunba841a12014-04-30 17:05:08 +02007075/* string, returns the certificate's key algorithm.
7076 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7077 * should be use.
7078 */
Emeric Brun521a0112012-10-22 12:22:55 +02007079static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007080smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02007081{
Emeric Brunba841a12014-04-30 17:05:08 +02007082 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02007083 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007084 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02007085 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007086 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007087 struct ssl_sock_ctx *ctx;
Emeric Brun521a0112012-10-22 12:22:55 +02007088
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007089 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007090 if (!conn || conn->xprt != &ssl_sock)
7091 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007092 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007093
7094 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02007095 smp->flags |= SMP_F_MAY_CHANGE;
7096 return 0;
7097 }
7098
Emeric Brunba841a12014-04-30 17:05:08 +02007099 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007100 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007101 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007102 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun521a0112012-10-22 12:22:55 +02007103 if (!crt)
7104 return 0;
7105
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007106 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
7107 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02007108
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007109 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7110 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007111 /* SSL_get_peer_certificate increase X509 * ref count */
7112 if (cert_peer)
7113 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007114 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007115 }
Emeric Brun521a0112012-10-22 12:22:55 +02007116
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007117 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007118 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007119 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007120 if (cert_peer)
7121 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007122
7123 return 1;
7124}
7125
Emeric Brun645ae792014-04-30 14:21:06 +02007126/* boolean, returns true if front conn. transport layer is SSL.
7127 * This function is also usable on backend conn if the fetch keyword 5th
7128 * char is 'b'.
7129 */
Willy Tarreau7875d092012-09-10 08:20:03 +02007130static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007131smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007132{
Emeric Bruneb8def92018-02-19 15:59:48 +01007133 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7134 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007135
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007136 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007137 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02007138 return 1;
7139}
7140
Emeric Brun2525b6b2012-10-18 15:59:43 +02007141/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02007142static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007143smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007144{
7145#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007146 struct connection *conn = objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007147 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007148
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007149 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007150 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007151 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007152 SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02007153 return 1;
7154#else
7155 return 0;
7156#endif
7157}
7158
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007159/* boolean, returns true if client session has been resumed.
7160 * This function is also usable on backend conn if the fetch keyword 5th
7161 * char is 'b'.
7162 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007163static int
7164smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
7165{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007166 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7167 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007168 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007169
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007170
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007171 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007172 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007173 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007174 SSL_session_reused(ctx->ssl);
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007175 return 1;
7176}
7177
Emeric Brun645ae792014-04-30 14:21:06 +02007178/* string, returns the used cipher if front conn. transport layer is SSL.
7179 * This function is also usable on backend conn if the fetch keyword 5th
7180 * char is 'b'.
7181 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007182static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007183smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007184{
Emeric Bruneb8def92018-02-19 15:59:48 +01007185 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7186 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007187 struct ssl_sock_ctx *ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007188
Willy Tarreaube508f12016-03-10 11:47:01 +01007189 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007190 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007191 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007192 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007193
Olivier Houchard66ab4982019-02-26 18:37:15 +01007194 smp->data.u.str.area = (char *)SSL_get_cipher_name(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007195 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007196 return 0;
7197
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007198 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007199 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007200 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007201
7202 return 1;
7203}
7204
Emeric Brun645ae792014-04-30 14:21:06 +02007205/* integer, returns the algoritm's keysize if front conn. transport layer
7206 * is SSL.
7207 * This function is also usable on backend conn if the fetch keyword 5th
7208 * char is 'b'.
7209 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007210static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007211smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007212{
Emeric Bruneb8def92018-02-19 15:59:48 +01007213 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7214 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007215 struct ssl_sock_ctx *ctx;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007216 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01007217
Emeric Brun589fcad2012-10-16 14:13:26 +02007218 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007219 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007220 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007221 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007222
Olivier Houchard66ab4982019-02-26 18:37:15 +01007223 if (!SSL_get_cipher_bits(ctx->ssl, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007224 return 0;
7225
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007226 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007227 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007228
7229 return 1;
7230}
7231
Emeric Brun645ae792014-04-30 14:21:06 +02007232/* integer, returns the used keysize if front conn. transport layer is SSL.
7233 * This function is also usable on backend conn if the fetch keyword 5th
7234 * char is 'b'.
7235 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007236static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007237smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007238{
Emeric Bruneb8def92018-02-19 15:59:48 +01007239 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7240 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007241 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007242
Emeric Brun589fcad2012-10-16 14:13:26 +02007243 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007244 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7245 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007246 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007247
Olivier Houchard66ab4982019-02-26 18:37:15 +01007248 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(ctx->ssl, NULL);
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007249 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02007250 return 0;
7251
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007252 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007253
7254 return 1;
7255}
7256
Bernard Spil13c53f82018-02-15 13:34:58 +01007257#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau7875d092012-09-10 08:20:03 +02007258static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007259smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007260{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007261 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007262 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007263
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007264 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007265 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007266
Olivier Houchard6b77f492018-11-22 18:18:29 +01007267 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7268 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007269 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7270 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007271 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007272
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007273 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007274 SSL_get0_next_proto_negotiated(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007275 (const unsigned char **)&smp->data.u.str.area,
7276 (unsigned *)&smp->data.u.str.data);
Willy Tarreaua33c6542012-10-15 13:19:06 +02007277
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007278 if (!smp->data.u.str.area)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007279 return 0;
7280
7281 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007282}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007283#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02007284
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01007285#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02007286static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007287smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02007288{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007289 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007290 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007291
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007292 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007293 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02007294
Olivier Houchard6b77f492018-11-22 18:18:29 +01007295 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7296 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7297
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007298 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02007299 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007300 ctx = conn->xprt_ctx;
Willy Tarreauab861d32013-04-02 02:30:41 +02007301
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007302 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007303 SSL_get0_alpn_selected(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007304 (const unsigned char **)&smp->data.u.str.area,
7305 (unsigned *)&smp->data.u.str.data);
Willy Tarreauab861d32013-04-02 02:30:41 +02007306
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007307 if (!smp->data.u.str.area)
Willy Tarreauab861d32013-04-02 02:30:41 +02007308 return 0;
7309
7310 return 1;
7311}
7312#endif
7313
Emeric Brun645ae792014-04-30 14:21:06 +02007314/* string, returns the used protocol if front conn. transport layer is SSL.
7315 * This function is also usable on backend conn if the fetch keyword 5th
7316 * char is 'b'.
7317 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02007318static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007319smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007320{
Emeric Bruneb8def92018-02-19 15:59:48 +01007321 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7322 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007323 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007324
Emeric Brun589fcad2012-10-16 14:13:26 +02007325 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007326 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7327 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007328 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007329
Olivier Houchard66ab4982019-02-26 18:37:15 +01007330 smp->data.u.str.area = (char *)SSL_get_version(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007331 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007332 return 0;
7333
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007334 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007335 smp->flags = SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007336 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007337
7338 return 1;
7339}
7340
Willy Tarreau87b09662015-04-03 00:22:06 +02007341/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02007342 * This function is also usable on backend conn if the fetch keyword 5th
7343 * char is 'b'.
7344 */
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007345#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun589fcad2012-10-16 14:13:26 +02007346static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007347smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02007348{
Emeric Bruneb8def92018-02-19 15:59:48 +01007349 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7350 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007351 SSL_SESSION *ssl_sess;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007352 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007353
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007354 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007355 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02007356
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007357 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7358 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007359 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007360
Olivier Houchard66ab4982019-02-26 18:37:15 +01007361 ssl_sess = SSL_get_session(ctx->ssl);
Willy Tarreau192252e2015-04-04 01:47:55 +02007362 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02007363 return 0;
7364
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007365 smp->data.u.str.area = (char *)SSL_SESSION_get_id(ssl_sess,
7366 (unsigned int *)&smp->data.u.str.data);
7367 if (!smp->data.u.str.area || !smp->data.u.str.data)
Emeric Brunfe68f682012-10-16 14:59:28 +02007368 return 0;
7369
7370 return 1;
Emeric Brunfe68f682012-10-16 14:59:28 +02007371}
Patrick Hemmer41966772018-04-28 19:15:48 -04007372#endif
7373
Emeric Brunfe68f682012-10-16 14:59:28 +02007374
Emmanuel Hocdet839af572019-05-14 16:27:35 +02007375#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmere0275472018-04-28 19:15:51 -04007376static int
Patrick Hemmer65674662019-06-04 08:13:03 -04007377smp_fetch_ssl_fc_random(const struct arg *args, struct sample *smp, const char *kw, void *private)
7378{
7379 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7380 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7381 struct buffer *data;
7382 struct ssl_sock_ctx *ctx;
7383
7384 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7385 return 0;
7386 ctx = conn->xprt_ctx;
7387
7388 data = get_trash_chunk();
7389 if (kw[7] == 'c')
7390 data->data = SSL_get_client_random(ctx->ssl,
7391 (unsigned char *) data->area,
7392 data->size);
7393 else
7394 data->data = SSL_get_server_random(ctx->ssl,
7395 (unsigned char *) data->area,
7396 data->size);
7397 if (!data->data)
7398 return 0;
7399
7400 smp->flags = 0;
7401 smp->data.type = SMP_T_BIN;
7402 smp->data.u.str = *data;
7403
7404 return 1;
7405}
7406
7407static int
Patrick Hemmere0275472018-04-28 19:15:51 -04007408smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
7409{
7410 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7411 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7412 SSL_SESSION *ssl_sess;
Willy Tarreau83061a82018-07-13 11:56:34 +02007413 struct buffer *data;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007414 struct ssl_sock_ctx *ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04007415
7416 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7417 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007418 ctx = conn->xprt_ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04007419
Olivier Houchard66ab4982019-02-26 18:37:15 +01007420 ssl_sess = SSL_get_session(ctx->ssl);
Patrick Hemmere0275472018-04-28 19:15:51 -04007421 if (!ssl_sess)
7422 return 0;
7423
7424 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007425 data->data = SSL_SESSION_get_master_key(ssl_sess,
7426 (unsigned char *) data->area,
7427 data->size);
7428 if (!data->data)
Patrick Hemmere0275472018-04-28 19:15:51 -04007429 return 0;
7430
7431 smp->flags = 0;
7432 smp->data.type = SMP_T_BIN;
7433 smp->data.u.str = *data;
7434
7435 return 1;
7436}
7437#endif
7438
Patrick Hemmer41966772018-04-28 19:15:48 -04007439#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emeric Brunfe68f682012-10-16 14:59:28 +02007440static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007441smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007442{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007443 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007444 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007445
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007446 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007447 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02007448
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007449 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007450 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7451 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007452 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007453
Olivier Houchard66ab4982019-02-26 18:37:15 +01007454 smp->data.u.str.area = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007455 if (!smp->data.u.str.area)
Willy Tarreau3e394c92012-09-14 23:56:58 +02007456 return 0;
7457
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007458 smp->data.u.str.data = strlen(smp->data.u.str.area);
Willy Tarreau7875d092012-09-10 08:20:03 +02007459 return 1;
Willy Tarreau7875d092012-09-10 08:20:03 +02007460}
Patrick Hemmer41966772018-04-28 19:15:48 -04007461#endif
Willy Tarreau7875d092012-09-10 08:20:03 +02007462
David Sc1ad52e2014-04-08 18:48:47 -04007463static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007464smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
7465{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007466 struct connection *conn;
7467 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007468 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007469
7470 conn = objt_conn(smp->sess->origin);
7471 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7472 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007473 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007474
Olivier Houchard66ab4982019-02-26 18:37:15 +01007475 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007476 if (!capture)
7477 return 0;
7478
7479 smp->flags = SMP_F_CONST;
7480 smp->data.type = SMP_T_BIN;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007481 smp->data.u.str.area = capture->ciphersuite;
7482 smp->data.u.str.data = capture->ciphersuite_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007483 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007484}
7485
7486static int
7487smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
7488{
Willy Tarreau83061a82018-07-13 11:56:34 +02007489 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007490
7491 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7492 return 0;
7493
7494 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007495 dump_binary(data, smp->data.u.str.area, smp->data.u.str.data);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007496 smp->data.type = SMP_T_BIN;
7497 smp->data.u.str = *data;
7498 return 1;
7499}
7500
7501static int
7502smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
7503{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007504 struct connection *conn;
7505 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007506 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007507
7508 conn = objt_conn(smp->sess->origin);
7509 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7510 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007511 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007512
Olivier Houchard66ab4982019-02-26 18:37:15 +01007513 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007514 if (!capture)
7515 return 0;
7516
7517 smp->data.type = SMP_T_SINT;
7518 smp->data.u.sint = capture->xxh64;
7519 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007520}
7521
7522static int
7523smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
7524{
Willy Tarreau5db847a2019-05-09 14:13:35 +02007525#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL)
Willy Tarreau83061a82018-07-13 11:56:34 +02007526 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007527 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007528
7529 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7530 return 0;
7531
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007532 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007533 for (i = 0; i + 1 < smp->data.u.str.data; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007534 const char *str;
7535 const SSL_CIPHER *cipher;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007536 const unsigned char *bin = (const unsigned char *) smp->data.u.str.area + i;
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007537 uint16_t id = (bin[0] << 8) | bin[1];
7538#if defined(OPENSSL_IS_BORINGSSL)
7539 cipher = SSL_get_cipher_by_value(id);
7540#else
Willy Tarreaub7290772018-10-15 11:01:59 +02007541 struct connection *conn = __objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007542 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
7543 cipher = SSL_CIPHER_find(ctx->ssl, bin);
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007544#endif
7545 str = SSL_CIPHER_get_name(cipher);
7546 if (!str || strcmp(str, "(NONE)") == 0)
7547 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007548 else
7549 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
7550 }
7551 smp->data.type = SMP_T_STR;
7552 smp->data.u.str = *data;
7553 return 1;
7554#else
7555 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
7556#endif
7557}
7558
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007559#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007560static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007561smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04007562{
Emeric Bruneb8def92018-02-19 15:59:48 +01007563 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7564 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04007565 int finished_len;
Willy Tarreau83061a82018-07-13 11:56:34 +02007566 struct buffer *finished_trash;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007567 struct ssl_sock_ctx *ctx;
David Sc1ad52e2014-04-08 18:48:47 -04007568
7569 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04007570 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7571 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007572 ctx = conn->xprt_ctx;
David Sc1ad52e2014-04-08 18:48:47 -04007573
7574 if (!(conn->flags & CO_FL_CONNECTED)) {
7575 smp->flags |= SMP_F_MAY_CHANGE;
7576 return 0;
7577 }
7578
7579 finished_trash = get_trash_chunk();
Olivier Houchard66ab4982019-02-26 18:37:15 +01007580 if (!SSL_session_reused(ctx->ssl))
7581 finished_len = SSL_get_peer_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007582 finished_trash->area,
7583 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007584 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007585 finished_len = SSL_get_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007586 finished_trash->area,
7587 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007588
7589 if (!finished_len)
7590 return 0;
7591
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007592 finished_trash->data = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007593 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007594 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04007595
7596 return 1;
David Sc1ad52e2014-04-08 18:48:47 -04007597}
Patrick Hemmer41966772018-04-28 19:15:48 -04007598#endif
David Sc1ad52e2014-04-08 18:48:47 -04007599
Emeric Brun2525b6b2012-10-18 15:59:43 +02007600/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007601static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007602smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007603{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007604 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007605 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007606
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007607 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007608 if (!conn || conn->xprt != &ssl_sock)
7609 return 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007610 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007611
7612 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007613 smp->flags = SMP_F_MAY_CHANGE;
7614 return 0;
7615 }
7616
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007617 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007618 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007619 smp->flags = 0;
7620
7621 return 1;
7622}
7623
Emeric Brun2525b6b2012-10-18 15:59:43 +02007624/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007625static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007626smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007627{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007628 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007629 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007630
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007631 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007632 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02007633 return 0;
7634
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007635 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007636 smp->flags = SMP_F_MAY_CHANGE;
7637 return 0;
7638 }
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007639 ctx = conn->xprt_ctx;
Emeric Brunf282a812012-09-21 15:27:54 +02007640
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007641 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007642 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007643 smp->flags = 0;
7644
7645 return 1;
7646}
7647
Emeric Brun2525b6b2012-10-18 15:59:43 +02007648/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02007649static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007650smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007651{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007652 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007653 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007654
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007655 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007656 if (!conn || conn->xprt != &ssl_sock)
7657 return 0;
7658
7659 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007660 smp->flags = SMP_F_MAY_CHANGE;
7661 return 0;
7662 }
7663
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007664 ctx = conn->xprt_ctx;
7665
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007666 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007667 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007668 smp->flags = 0;
7669
7670 return 1;
7671}
7672
Emeric Brun2525b6b2012-10-18 15:59:43 +02007673/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007674static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007675smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007676{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007677 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007678 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007679
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007680 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007681 if (!conn || conn->xprt != &ssl_sock)
7682 return 0;
7683
7684 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007685 smp->flags = SMP_F_MAY_CHANGE;
7686 return 0;
7687 }
7688
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007689 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007690 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007691 ctx = conn->xprt_ctx;
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007692
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007693 smp->data.type = SMP_T_SINT;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007694 smp->data.u.sint = (long long int)SSL_get_verify_result(ctx->ssl);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007695 smp->flags = 0;
7696
7697 return 1;
7698}
7699
Emeric Brunfb510ea2012-10-05 12:00:26 +02007700/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007701static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007702{
7703 if (!*args[cur_arg + 1]) {
7704 if (err)
7705 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7706 return ERR_ALERT | ERR_FATAL;
7707 }
7708
Willy Tarreauef934602016-12-22 23:12:01 +01007709 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7710 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007711 else
7712 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007713
Emeric Brund94b3fe2012-09-20 18:23:56 +02007714 return 0;
7715}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007716static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7717{
7718 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
7719}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007720
Christopher Faulet31af49d2015-06-09 17:29:50 +02007721/* parse the "ca-sign-file" bind keyword */
7722static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7723{
7724 if (!*args[cur_arg + 1]) {
7725 if (err)
7726 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7727 return ERR_ALERT | ERR_FATAL;
7728 }
7729
Willy Tarreauef934602016-12-22 23:12:01 +01007730 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7731 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02007732 else
7733 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
7734
7735 return 0;
7736}
7737
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007738/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02007739static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7740{
7741 if (!*args[cur_arg + 1]) {
7742 if (err)
7743 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
7744 return ERR_ALERT | ERR_FATAL;
7745 }
7746 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
7747 return 0;
7748}
7749
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007750/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007751static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007752{
7753 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007754 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007755 return ERR_ALERT | ERR_FATAL;
7756 }
7757
Emeric Brun76d88952012-10-05 15:47:31 +02007758 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02007759 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007760 return 0;
7761}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007762static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7763{
7764 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
7765}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02007766
Emmanuel Hocdet839af572019-05-14 16:27:35 +02007767#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02007768/* parse the "ciphersuites" bind keyword */
7769static int ssl_bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7770{
7771 if (!*args[cur_arg + 1]) {
7772 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
7773 return ERR_ALERT | ERR_FATAL;
7774 }
7775
7776 free(conf->ciphersuites);
7777 conf->ciphersuites = strdup(args[cur_arg + 1]);
7778 return 0;
7779}
7780static int bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7781{
7782 return ssl_bind_parse_ciphersuites(args, cur_arg, px, &conf->ssl_conf, err);
7783}
7784#endif
7785
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007786/* parse the "crt" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007787static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007788{
Willy Tarreau38011032013-08-13 16:59:39 +02007789 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02007790
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007791 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007792 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007793 return ERR_ALERT | ERR_FATAL;
7794 }
7795
Willy Tarreauef934602016-12-22 23:12:01 +01007796 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
7797 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02007798 memprintf(err, "'%s' : path too long", args[cur_arg]);
7799 return ERR_ALERT | ERR_FATAL;
7800 }
Willy Tarreauef934602016-12-22 23:12:01 +01007801 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreau03209342016-12-22 17:08:28 +01007802 if (ssl_sock_load_cert(path, conf, err) > 0)
Emeric Brunc8e8d122012-10-02 18:42:10 +02007803 return ERR_ALERT | ERR_FATAL;
7804
7805 return 0;
7806 }
7807
Willy Tarreau03209342016-12-22 17:08:28 +01007808 if (ssl_sock_load_cert(args[cur_arg + 1], conf, err) > 0)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007809 return ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007810
7811 return 0;
7812}
7813
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007814/* parse the "crt-list" bind keyword */
7815static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7816{
7817 if (!*args[cur_arg + 1]) {
7818 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
7819 return ERR_ALERT | ERR_FATAL;
7820 }
7821
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007822 if (ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err) > 0) {
Willy Tarreauad1731d2013-04-02 17:35:58 +02007823 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007824 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02007825 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007826
7827 return 0;
7828}
7829
Emeric Brunfb510ea2012-10-05 12:00:26 +02007830/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007831static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007832{
Emeric Brun051cdab2012-10-02 19:25:50 +02007833#ifndef X509_V_FLAG_CRL_CHECK
7834 if (err)
7835 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
7836 return ERR_ALERT | ERR_FATAL;
7837#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02007838 if (!*args[cur_arg + 1]) {
7839 if (err)
7840 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
7841 return ERR_ALERT | ERR_FATAL;
7842 }
Emeric Brun2b58d042012-09-20 17:10:03 +02007843
Willy Tarreauef934602016-12-22 23:12:01 +01007844 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7845 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007846 else
7847 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007848
Emeric Brun2b58d042012-09-20 17:10:03 +02007849 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02007850#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02007851}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007852static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7853{
7854 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
7855}
Emeric Brun2b58d042012-09-20 17:10:03 +02007856
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007857/* parse the "curves" bind keyword keyword */
7858static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7859{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007860#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007861 if (!*args[cur_arg + 1]) {
7862 if (err)
7863 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
7864 return ERR_ALERT | ERR_FATAL;
7865 }
7866 conf->curves = strdup(args[cur_arg + 1]);
7867 return 0;
7868#else
7869 if (err)
7870 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
7871 return ERR_ALERT | ERR_FATAL;
7872#endif
7873}
7874static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7875{
7876 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
7877}
7878
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007879/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007880static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02007881{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007882#if HA_OPENSSL_VERSION_NUMBER < 0x0090800fL
Emeric Brun2b58d042012-09-20 17:10:03 +02007883 if (err)
7884 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
7885 return ERR_ALERT | ERR_FATAL;
7886#elif defined(OPENSSL_NO_ECDH)
7887 if (err)
7888 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
7889 return ERR_ALERT | ERR_FATAL;
7890#else
7891 if (!*args[cur_arg + 1]) {
7892 if (err)
7893 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
7894 return ERR_ALERT | ERR_FATAL;
7895 }
7896
7897 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007898
7899 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02007900#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007901}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007902static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7903{
7904 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
7905}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007906
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007907/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02007908static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7909{
7910 int code;
7911 char *p = args[cur_arg + 1];
7912 unsigned long long *ignerr = &conf->crt_ignerr;
7913
7914 if (!*p) {
7915 if (err)
7916 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
7917 return ERR_ALERT | ERR_FATAL;
7918 }
7919
7920 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
7921 ignerr = &conf->ca_ignerr;
7922
7923 if (strcmp(p, "all") == 0) {
7924 *ignerr = ~0ULL;
7925 return 0;
7926 }
7927
7928 while (p) {
7929 code = atoi(p);
7930 if ((code <= 0) || (code > 63)) {
7931 if (err)
7932 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
7933 args[cur_arg], code, args[cur_arg + 1]);
7934 return ERR_ALERT | ERR_FATAL;
7935 }
7936 *ignerr |= 1ULL << code;
7937 p = strchr(p, ',');
7938 if (p)
7939 p++;
7940 }
7941
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007942 return 0;
7943}
7944
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007945/* parse tls_method_options "no-xxx" and "force-xxx" */
7946static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007947{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007948 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007949 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007950 p = strchr(arg, '-');
7951 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007952 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007953 p++;
7954 if (!strcmp(p, "sslv3"))
7955 v = CONF_SSLV3;
7956 else if (!strcmp(p, "tlsv10"))
7957 v = CONF_TLSV10;
7958 else if (!strcmp(p, "tlsv11"))
7959 v = CONF_TLSV11;
7960 else if (!strcmp(p, "tlsv12"))
7961 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02007962 else if (!strcmp(p, "tlsv13"))
7963 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007964 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007965 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007966 if (!strncmp(arg, "no-", 3))
7967 methods->flags |= methodVersions[v].flag;
7968 else if (!strncmp(arg, "force-", 6))
7969 methods->min = methods->max = v;
7970 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007971 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007972 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007973 fail:
7974 if (err)
7975 memprintf(err, "'%s' : option not implemented", arg);
7976 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007977}
7978
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007979static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007980{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007981 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007982}
7983
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007984static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007985{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007986 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
7987}
7988
7989/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
7990static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
7991{
7992 uint16_t i, v = 0;
7993 char *argv = args[cur_arg + 1];
7994 if (!*argv) {
7995 if (err)
7996 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
7997 return ERR_ALERT | ERR_FATAL;
7998 }
7999 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
8000 if (!strcmp(argv, methodVersions[i].name))
8001 v = i;
8002 if (!v) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008003 if (err)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008004 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008005 return ERR_ALERT | ERR_FATAL;
8006 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008007 if (!strcmp("ssl-min-ver", args[cur_arg]))
8008 methods->min = v;
8009 else if (!strcmp("ssl-max-ver", args[cur_arg]))
8010 methods->max = v;
8011 else {
8012 if (err)
8013 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
8014 return ERR_ALERT | ERR_FATAL;
8015 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008016 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008017}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008018
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008019static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8020{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008021#if (HA_OPENSSL_VERSION_NUMBER < 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01008022 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008023#endif
8024 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
8025}
8026
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008027static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8028{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008029 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008030}
8031
8032static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8033{
8034 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
8035}
8036
Emeric Brun2d0c4822012-10-02 13:45:20 +02008037/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008038static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02008039{
Emeric Brun89675492012-10-05 13:48:26 +02008040 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02008041 return 0;
8042}
Emeric Brun2d0c4822012-10-02 13:45:20 +02008043
Olivier Houchardc2aae742017-09-22 18:26:28 +02008044/* parse the "allow-0rtt" bind keyword */
8045static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8046{
8047 conf->early_data = 1;
8048 return 0;
8049}
8050
8051static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8052{
Olivier Houchard9679ac92017-10-27 14:58:08 +02008053 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02008054 return 0;
8055}
8056
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008057/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008058static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008059{
Bernard Spil13c53f82018-02-15 13:34:58 +01008060#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008061 char *p1, *p2;
8062
8063 if (!*args[cur_arg + 1]) {
8064 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
8065 return ERR_ALERT | ERR_FATAL;
8066 }
8067
8068 free(conf->npn_str);
8069
Willy Tarreau3724da12016-02-12 17:11:12 +01008070 /* the NPN string is built as a suite of (<len> <name>)*,
8071 * so we reuse each comma to store the next <len> and need
8072 * one more for the end of the string.
8073 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008074 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01008075 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008076 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
8077
8078 /* replace commas with the name length */
8079 p1 = conf->npn_str;
8080 p2 = p1 + 1;
8081 while (1) {
8082 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
8083 if (!p2)
8084 p2 = p1 + 1 + strlen(p1 + 1);
8085
8086 if (p2 - (p1 + 1) > 255) {
8087 *p2 = '\0';
8088 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8089 return ERR_ALERT | ERR_FATAL;
8090 }
8091
8092 *p1 = p2 - (p1 + 1);
8093 p1 = p2;
8094
8095 if (!*p2)
8096 break;
8097
8098 *(p2++) = '\0';
8099 }
8100 return 0;
8101#else
8102 if (err)
8103 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
8104 return ERR_ALERT | ERR_FATAL;
8105#endif
8106}
8107
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008108static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8109{
8110 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
8111}
8112
Willy Tarreauab861d32013-04-02 02:30:41 +02008113/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008114static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02008115{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008116#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02008117 char *p1, *p2;
8118
8119 if (!*args[cur_arg + 1]) {
8120 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
8121 return ERR_ALERT | ERR_FATAL;
8122 }
8123
8124 free(conf->alpn_str);
8125
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008126 /* the ALPN string is built as a suite of (<len> <name>)*,
8127 * so we reuse each comma to store the next <len> and need
8128 * one more for the end of the string.
8129 */
Willy Tarreauab861d32013-04-02 02:30:41 +02008130 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008131 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02008132 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
8133
8134 /* replace commas with the name length */
8135 p1 = conf->alpn_str;
8136 p2 = p1 + 1;
8137 while (1) {
8138 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
8139 if (!p2)
8140 p2 = p1 + 1 + strlen(p1 + 1);
8141
8142 if (p2 - (p1 + 1) > 255) {
8143 *p2 = '\0';
8144 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8145 return ERR_ALERT | ERR_FATAL;
8146 }
8147
8148 *p1 = p2 - (p1 + 1);
8149 p1 = p2;
8150
8151 if (!*p2)
8152 break;
8153
8154 *(p2++) = '\0';
8155 }
8156 return 0;
8157#else
8158 if (err)
8159 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
8160 return ERR_ALERT | ERR_FATAL;
8161#endif
8162}
8163
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008164static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8165{
8166 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
8167}
8168
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008169/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02008170static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008171{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01008172 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02008173 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02008174
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008175 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
8176 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008177#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008178 if (global_ssl.listen_default_ciphersuites && !conf->ssl_conf.ciphersuites)
8179 conf->ssl_conf.ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
8180#endif
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008181 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008182 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
8183 if (!conf->ssl_conf.ssl_methods.min)
8184 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
8185 if (!conf->ssl_conf.ssl_methods.max)
8186 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02008187
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008188 return 0;
8189}
8190
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008191/* parse the "prefer-client-ciphers" bind keyword */
8192static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8193{
8194 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
8195 return 0;
8196}
8197
Christopher Faulet31af49d2015-06-09 17:29:50 +02008198/* parse the "generate-certificates" bind keyword */
8199static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8200{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008201#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02008202 conf->generate_certs = 1;
8203#else
8204 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
8205 err && *err ? *err : "");
8206#endif
8207 return 0;
8208}
8209
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008210/* parse the "strict-sni" bind keyword */
8211static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8212{
8213 conf->strict_sni = 1;
8214 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008215}
8216
8217/* parse the "tls-ticket-keys" bind keyword */
8218static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8219{
8220#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8221 FILE *f;
8222 int i = 0;
8223 char thisline[LINESIZE];
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008224 struct tls_keys_ref *keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008225
8226 if (!*args[cur_arg + 1]) {
8227 if (err)
8228 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
8229 return ERR_ALERT | ERR_FATAL;
8230 }
8231
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008232 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008233 if (keys_ref) {
8234 keys_ref->refcount++;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008235 conf->keys_ref = keys_ref;
8236 return 0;
8237 }
8238
Vincent Bernat02779b62016-04-03 13:48:43 +02008239 keys_ref = malloc(sizeof(*keys_ref));
Emeric Brun09852f72019-01-10 10:51:13 +01008240 if (!keys_ref) {
8241 if (err)
8242 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
8243 return ERR_ALERT | ERR_FATAL;
8244 }
8245
Emeric Brun9e754772019-01-10 17:51:55 +01008246 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(union tls_sess_key));
Emeric Brun09852f72019-01-10 10:51:13 +01008247 if (!keys_ref->tlskeys) {
8248 free(keys_ref);
8249 if (err)
8250 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
8251 return ERR_ALERT | ERR_FATAL;
8252 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008253
8254 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
Emeric Brun09852f72019-01-10 10:51:13 +01008255 free(keys_ref->tlskeys);
8256 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008257 if (err)
8258 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
8259 return ERR_ALERT | ERR_FATAL;
8260 }
8261
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008262 keys_ref->filename = strdup(args[cur_arg + 1]);
Emeric Brun09852f72019-01-10 10:51:13 +01008263 if (!keys_ref->filename) {
8264 free(keys_ref->tlskeys);
8265 free(keys_ref);
8266 if (err)
8267 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
8268 return ERR_ALERT | ERR_FATAL;
8269 }
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008270
Emeric Brun9e754772019-01-10 17:51:55 +01008271 keys_ref->key_size_bits = 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008272 while (fgets(thisline, sizeof(thisline), f) != NULL) {
8273 int len = strlen(thisline);
Emeric Brun9e754772019-01-10 17:51:55 +01008274 int dec_size;
8275
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008276 /* Strip newline characters from the end */
8277 if(thisline[len - 1] == '\n')
8278 thisline[--len] = 0;
8279
8280 if(thisline[len - 1] == '\r')
8281 thisline[--len] = 0;
8282
Emeric Brun9e754772019-01-10 17:51:55 +01008283 dec_size = base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(union tls_sess_key));
8284 if (dec_size < 0) {
Emeric Brun09852f72019-01-10 10:51:13 +01008285 free(keys_ref->filename);
8286 free(keys_ref->tlskeys);
8287 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008288 if (err)
8289 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
mildis16aa0152016-06-22 17:46:29 +02008290 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008291 return ERR_ALERT | ERR_FATAL;
8292 }
Emeric Brun9e754772019-01-10 17:51:55 +01008293 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_128))) {
8294 keys_ref->key_size_bits = 128;
8295 }
8296 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_256))) {
8297 keys_ref->key_size_bits = 256;
8298 }
8299 else if (((dec_size != sizeof(struct tls_sess_key_128)) && (dec_size != sizeof(struct tls_sess_key_256)))
8300 || ((dec_size == sizeof(struct tls_sess_key_128) && (keys_ref->key_size_bits != 128)))
8301 || ((dec_size == sizeof(struct tls_sess_key_256) && (keys_ref->key_size_bits != 256)))) {
8302 free(keys_ref->filename);
8303 free(keys_ref->tlskeys);
8304 free(keys_ref);
8305 if (err)
8306 memprintf(err, "'%s' : wrong sized key on line %d", args[cur_arg+1], i + 1);
8307 fclose(f);
8308 return ERR_ALERT | ERR_FATAL;
8309 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008310 i++;
8311 }
8312
8313 if (i < TLS_TICKETS_NO) {
Emeric Brun09852f72019-01-10 10:51:13 +01008314 free(keys_ref->filename);
8315 free(keys_ref->tlskeys);
8316 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008317 if (err)
8318 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
mildis16aa0152016-06-22 17:46:29 +02008319 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008320 return ERR_ALERT | ERR_FATAL;
8321 }
8322
8323 fclose(f);
8324
8325 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01008326 i -= 2;
8327 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008328 keys_ref->unique_id = -1;
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008329 keys_ref->refcount = 1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01008330 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008331 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008332
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008333 LIST_ADD(&tlskeys_reference, &keys_ref->list);
8334
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008335 return 0;
8336#else
8337 if (err)
8338 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
8339 return ERR_ALERT | ERR_FATAL;
8340#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008341}
8342
Emeric Brund94b3fe2012-09-20 18:23:56 +02008343/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008344static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008345{
8346 if (!*args[cur_arg + 1]) {
8347 if (err)
8348 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
8349 return ERR_ALERT | ERR_FATAL;
8350 }
8351
8352 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008353 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008354 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008355 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008356 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008357 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008358 else {
8359 if (err)
8360 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
8361 args[cur_arg], args[cur_arg + 1]);
8362 return ERR_ALERT | ERR_FATAL;
8363 }
8364
8365 return 0;
8366}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008367static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8368{
8369 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
8370}
Emeric Brund94b3fe2012-09-20 18:23:56 +02008371
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008372/* parse the "no-ca-names" bind keyword */
8373static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8374{
8375 conf->no_ca_names = 1;
8376 return 0;
8377}
8378static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8379{
8380 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
8381}
8382
Willy Tarreau92faadf2012-10-10 23:04:25 +02008383/************** "server" keywords ****************/
8384
Olivier Houchardc7566002018-11-20 23:33:50 +01008385/* parse the "npn" bind keyword */
8386static int srv_parse_npn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8387{
8388#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
8389 char *p1, *p2;
8390
8391 if (!*args[*cur_arg + 1]) {
8392 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[*cur_arg]);
8393 return ERR_ALERT | ERR_FATAL;
8394 }
8395
8396 free(newsrv->ssl_ctx.npn_str);
8397
8398 /* the NPN string is built as a suite of (<len> <name>)*,
8399 * so we reuse each comma to store the next <len> and need
8400 * one more for the end of the string.
8401 */
8402 newsrv->ssl_ctx.npn_len = strlen(args[*cur_arg + 1]) + 1;
8403 newsrv->ssl_ctx.npn_str = calloc(1, newsrv->ssl_ctx.npn_len + 1);
8404 memcpy(newsrv->ssl_ctx.npn_str + 1, args[*cur_arg + 1],
8405 newsrv->ssl_ctx.npn_len);
8406
8407 /* replace commas with the name length */
8408 p1 = newsrv->ssl_ctx.npn_str;
8409 p2 = p1 + 1;
8410 while (1) {
8411 p2 = memchr(p1 + 1, ',', newsrv->ssl_ctx.npn_str +
8412 newsrv->ssl_ctx.npn_len - (p1 + 1));
8413 if (!p2)
8414 p2 = p1 + 1 + strlen(p1 + 1);
8415
8416 if (p2 - (p1 + 1) > 255) {
8417 *p2 = '\0';
8418 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8419 return ERR_ALERT | ERR_FATAL;
8420 }
8421
8422 *p1 = p2 - (p1 + 1);
8423 p1 = p2;
8424
8425 if (!*p2)
8426 break;
8427
8428 *(p2++) = '\0';
8429 }
8430 return 0;
8431#else
8432 if (err)
8433 memprintf(err, "'%s' : library does not support TLS NPN extension", args[*cur_arg]);
8434 return ERR_ALERT | ERR_FATAL;
8435#endif
8436}
8437
Olivier Houchard92150142018-12-21 19:47:01 +01008438/* parse the "alpn" or the "check-alpn" server keyword */
Olivier Houchardc7566002018-11-20 23:33:50 +01008439static int srv_parse_alpn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8440{
8441#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
8442 char *p1, *p2;
Olivier Houchard92150142018-12-21 19:47:01 +01008443 char **alpn_str;
8444 int *alpn_len;
Olivier Houchardc7566002018-11-20 23:33:50 +01008445
Olivier Houchard92150142018-12-21 19:47:01 +01008446 if (*args[*cur_arg] == 'c') {
8447 alpn_str = &newsrv->check.alpn_str;
8448 alpn_len = &newsrv->check.alpn_len;
8449 } else {
8450 alpn_str = &newsrv->ssl_ctx.alpn_str;
8451 alpn_len = &newsrv->ssl_ctx.alpn_len;
8452
8453 }
Olivier Houchardc7566002018-11-20 23:33:50 +01008454 if (!*args[*cur_arg + 1]) {
8455 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[*cur_arg]);
8456 return ERR_ALERT | ERR_FATAL;
8457 }
8458
Olivier Houchard92150142018-12-21 19:47:01 +01008459 free(*alpn_str);
Olivier Houchardc7566002018-11-20 23:33:50 +01008460
8461 /* the ALPN string is built as a suite of (<len> <name>)*,
8462 * so we reuse each comma to store the next <len> and need
8463 * one more for the end of the string.
8464 */
Olivier Houchard92150142018-12-21 19:47:01 +01008465 *alpn_len = strlen(args[*cur_arg + 1]) + 1;
8466 *alpn_str = calloc(1, *alpn_len + 1);
8467 memcpy(*alpn_str + 1, args[*cur_arg + 1], *alpn_len);
Olivier Houchardc7566002018-11-20 23:33:50 +01008468
8469 /* replace commas with the name length */
Olivier Houchard92150142018-12-21 19:47:01 +01008470 p1 = *alpn_str;
Olivier Houchardc7566002018-11-20 23:33:50 +01008471 p2 = p1 + 1;
8472 while (1) {
Olivier Houchard92150142018-12-21 19:47:01 +01008473 p2 = memchr(p1 + 1, ',', *alpn_str + *alpn_len - (p1 + 1));
Olivier Houchardc7566002018-11-20 23:33:50 +01008474 if (!p2)
8475 p2 = p1 + 1 + strlen(p1 + 1);
8476
8477 if (p2 - (p1 + 1) > 255) {
8478 *p2 = '\0';
8479 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8480 return ERR_ALERT | ERR_FATAL;
8481 }
8482
8483 *p1 = p2 - (p1 + 1);
8484 p1 = p2;
8485
8486 if (!*p2)
8487 break;
8488
8489 *(p2++) = '\0';
8490 }
8491 return 0;
8492#else
8493 if (err)
8494 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[*cur_arg]);
8495 return ERR_ALERT | ERR_FATAL;
8496#endif
8497}
8498
Emeric Brunef42d922012-10-11 16:11:36 +02008499/* parse the "ca-file" server keyword */
8500static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8501{
8502 if (!*args[*cur_arg + 1]) {
8503 if (err)
8504 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
8505 return ERR_ALERT | ERR_FATAL;
8506 }
8507
Willy Tarreauef934602016-12-22 23:12:01 +01008508 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8509 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008510 else
8511 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
8512
8513 return 0;
8514}
8515
Olivier Houchard9130a962017-10-17 17:33:43 +02008516/* parse the "check-sni" server keyword */
8517static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8518{
8519 if (!*args[*cur_arg + 1]) {
8520 if (err)
8521 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
8522 return ERR_ALERT | ERR_FATAL;
8523 }
8524
8525 newsrv->check.sni = strdup(args[*cur_arg + 1]);
8526 if (!newsrv->check.sni) {
8527 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
8528 return ERR_ALERT | ERR_FATAL;
8529 }
8530 return 0;
8531
8532}
8533
Willy Tarreau92faadf2012-10-10 23:04:25 +02008534/* parse the "check-ssl" server keyword */
8535static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8536{
8537 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008538 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8539 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008540#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008541 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8542 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8543#endif
Willy Tarreauef934602016-12-22 23:12:01 +01008544 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008545 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
8546 if (!newsrv->ssl_ctx.methods.min)
8547 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
8548 if (!newsrv->ssl_ctx.methods.max)
8549 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
8550
Willy Tarreau92faadf2012-10-10 23:04:25 +02008551 return 0;
8552}
8553
8554/* parse the "ciphers" server keyword */
8555static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8556{
8557 if (!*args[*cur_arg + 1]) {
8558 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8559 return ERR_ALERT | ERR_FATAL;
8560 }
8561
8562 free(newsrv->ssl_ctx.ciphers);
8563 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
8564 return 0;
8565}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008566
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008567#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008568/* parse the "ciphersuites" server keyword */
8569static int srv_parse_ciphersuites(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8570{
8571 if (!*args[*cur_arg + 1]) {
8572 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8573 return ERR_ALERT | ERR_FATAL;
8574 }
8575
8576 free(newsrv->ssl_ctx.ciphersuites);
8577 newsrv->ssl_ctx.ciphersuites = strdup(args[*cur_arg + 1]);
8578 return 0;
8579}
8580#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02008581
Emeric Brunef42d922012-10-11 16:11:36 +02008582/* parse the "crl-file" server keyword */
8583static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8584{
8585#ifndef X509_V_FLAG_CRL_CHECK
8586 if (err)
8587 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
8588 return ERR_ALERT | ERR_FATAL;
8589#else
8590 if (!*args[*cur_arg + 1]) {
8591 if (err)
8592 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
8593 return ERR_ALERT | ERR_FATAL;
8594 }
8595
Willy Tarreauef934602016-12-22 23:12:01 +01008596 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8597 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008598 else
8599 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
8600
8601 return 0;
8602#endif
8603}
8604
Emeric Bruna7aa3092012-10-26 12:58:00 +02008605/* parse the "crt" server keyword */
8606static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8607{
8608 if (!*args[*cur_arg + 1]) {
8609 if (err)
8610 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
8611 return ERR_ALERT | ERR_FATAL;
8612 }
8613
Willy Tarreauef934602016-12-22 23:12:01 +01008614 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01008615 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02008616 else
8617 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
8618
8619 return 0;
8620}
Emeric Brunef42d922012-10-11 16:11:36 +02008621
Frédéric Lécaille340ae602017-03-13 10:38:04 +01008622/* parse the "no-check-ssl" server keyword */
8623static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8624{
8625 newsrv->check.use_ssl = 0;
8626 free(newsrv->ssl_ctx.ciphers);
8627 newsrv->ssl_ctx.ciphers = NULL;
8628 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
8629 return 0;
8630}
8631
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01008632/* parse the "no-send-proxy-v2-ssl" server keyword */
8633static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8634{
8635 newsrv->pp_opts &= ~SRV_PP_V2;
8636 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8637 return 0;
8638}
8639
8640/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
8641static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8642{
8643 newsrv->pp_opts &= ~SRV_PP_V2;
8644 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8645 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
8646 return 0;
8647}
8648
Frédéric Lécaillee381d762017-03-13 11:54:17 +01008649/* parse the "no-ssl" server keyword */
8650static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8651{
8652 newsrv->use_ssl = 0;
8653 free(newsrv->ssl_ctx.ciphers);
8654 newsrv->ssl_ctx.ciphers = NULL;
8655 return 0;
8656}
8657
Olivier Houchard522eea72017-11-03 16:27:47 +01008658/* parse the "allow-0rtt" server keyword */
8659static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8660{
8661 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
8662 return 0;
8663}
8664
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01008665/* parse the "no-ssl-reuse" server keyword */
8666static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8667{
8668 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
8669 return 0;
8670}
8671
Emeric Brunf9c5c472012-10-11 15:28:34 +02008672/* parse the "no-tls-tickets" server keyword */
8673static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8674{
8675 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
8676 return 0;
8677}
David Safb76832014-05-08 23:42:08 -04008678/* parse the "send-proxy-v2-ssl" server keyword */
8679static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8680{
8681 newsrv->pp_opts |= SRV_PP_V2;
8682 newsrv->pp_opts |= SRV_PP_V2_SSL;
8683 return 0;
8684}
8685
8686/* parse the "send-proxy-v2-ssl-cn" server keyword */
8687static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8688{
8689 newsrv->pp_opts |= SRV_PP_V2;
8690 newsrv->pp_opts |= SRV_PP_V2_SSL;
8691 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
8692 return 0;
8693}
Emeric Brunf9c5c472012-10-11 15:28:34 +02008694
Willy Tarreau732eac42015-07-09 11:40:25 +02008695/* parse the "sni" server keyword */
8696static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8697{
8698#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
8699 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
8700 return ERR_ALERT | ERR_FATAL;
8701#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008702 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02008703
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008704 arg = args[*cur_arg + 1];
8705 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02008706 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
8707 return ERR_ALERT | ERR_FATAL;
8708 }
8709
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008710 free(newsrv->sni_expr);
8711 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02008712
Willy Tarreau732eac42015-07-09 11:40:25 +02008713 return 0;
8714#endif
8715}
8716
Willy Tarreau92faadf2012-10-10 23:04:25 +02008717/* parse the "ssl" server keyword */
8718static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8719{
8720 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008721 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8722 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008723#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008724 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8725 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8726#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02008727 return 0;
8728}
8729
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008730/* parse the "ssl-reuse" server keyword */
8731static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8732{
8733 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
8734 return 0;
8735}
8736
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008737/* parse the "tls-tickets" server keyword */
8738static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8739{
8740 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
8741 return 0;
8742}
8743
Emeric Brunef42d922012-10-11 16:11:36 +02008744/* parse the "verify" server keyword */
8745static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8746{
8747 if (!*args[*cur_arg + 1]) {
8748 if (err)
8749 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
8750 return ERR_ALERT | ERR_FATAL;
8751 }
8752
8753 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008754 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02008755 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008756 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02008757 else {
8758 if (err)
8759 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
8760 args[*cur_arg], args[*cur_arg + 1]);
8761 return ERR_ALERT | ERR_FATAL;
8762 }
8763
Evan Broderbe554312013-06-27 00:05:25 -07008764 return 0;
8765}
8766
8767/* parse the "verifyhost" server keyword */
8768static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8769{
8770 if (!*args[*cur_arg + 1]) {
8771 if (err)
8772 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
8773 return ERR_ALERT | ERR_FATAL;
8774 }
8775
Frédéric Lécaille273f3212017-03-13 15:52:01 +01008776 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07008777 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
8778
Emeric Brunef42d922012-10-11 16:11:36 +02008779 return 0;
8780}
8781
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008782/* parse the "ssl-default-bind-options" keyword in global section */
8783static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
8784 struct proxy *defpx, const char *file, int line,
8785 char **err) {
8786 int i = 1;
8787
8788 if (*(args[i]) == 0) {
8789 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8790 return -1;
8791 }
8792 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008793 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008794 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008795 else if (!strcmp(args[i], "prefer-client-ciphers"))
8796 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008797 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8798 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
8799 i++;
8800 else {
8801 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8802 return -1;
8803 }
8804 }
8805 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008806 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8807 return -1;
8808 }
8809 i++;
8810 }
8811 return 0;
8812}
8813
8814/* parse the "ssl-default-server-options" keyword in global section */
8815static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
8816 struct proxy *defpx, const char *file, int line,
8817 char **err) {
8818 int i = 1;
8819
8820 if (*(args[i]) == 0) {
8821 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8822 return -1;
8823 }
8824 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008825 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008826 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008827 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8828 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
8829 i++;
8830 else {
8831 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8832 return -1;
8833 }
8834 }
8835 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008836 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8837 return -1;
8838 }
8839 i++;
8840 }
8841 return 0;
8842}
8843
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008844/* parse the "ca-base" / "crt-base" keywords in global section.
8845 * Returns <0 on alert, >0 on warning, 0 on success.
8846 */
8847static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
8848 struct proxy *defpx, const char *file, int line,
8849 char **err)
8850{
8851 char **target;
8852
Willy Tarreauef934602016-12-22 23:12:01 +01008853 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008854
8855 if (too_many_args(1, args, err, NULL))
8856 return -1;
8857
8858 if (*target) {
8859 memprintf(err, "'%s' already specified.", args[0]);
8860 return -1;
8861 }
8862
8863 if (*(args[1]) == 0) {
8864 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
8865 return -1;
8866 }
8867 *target = strdup(args[1]);
8868 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008869}
8870
8871/* parse the "ssl-mode-async" keyword in global section.
8872 * Returns <0 on alert, >0 on warning, 0 on success.
8873 */
8874static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
8875 struct proxy *defpx, const char *file, int line,
8876 char **err)
8877{
Willy Tarreau5db847a2019-05-09 14:13:35 +02008878#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008879 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01008880 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008881 return 0;
8882#else
8883 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
8884 return -1;
8885#endif
8886}
8887
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008888#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008889static int ssl_check_async_engine_count(void) {
8890 int err_code = 0;
8891
Emeric Brun3854e012017-05-17 20:42:48 +02008892 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01008893 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008894 err_code = ERR_ABORT;
8895 }
8896 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008897}
8898
Grant Zhang872f9c22017-01-21 01:10:18 +00008899/* parse the "ssl-engine" keyword in global section.
8900 * Returns <0 on alert, >0 on warning, 0 on success.
8901 */
8902static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
8903 struct proxy *defpx, const char *file, int line,
8904 char **err)
8905{
8906 char *algo;
8907 int ret = -1;
8908
8909 if (*(args[1]) == 0) {
8910 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
8911 return ret;
8912 }
8913
8914 if (*(args[2]) == 0) {
8915 /* if no list of algorithms is given, it defaults to ALL */
8916 algo = strdup("ALL");
8917 goto add_engine;
8918 }
8919
8920 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
8921 if (strcmp(args[2], "algo") != 0) {
8922 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
8923 return ret;
8924 }
8925
8926 if (*(args[3]) == 0) {
8927 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
8928 return ret;
8929 }
8930 algo = strdup(args[3]);
8931
8932add_engine:
8933 if (ssl_init_single_engine(args[1], algo)==0) {
8934 openssl_engines_initialized++;
8935 ret = 0;
8936 }
8937 free(algo);
8938 return ret;
8939}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008940#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00008941
Willy Tarreauf22e9682016-12-21 23:23:19 +01008942/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
8943 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
8944 */
8945static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
8946 struct proxy *defpx, const char *file, int line,
8947 char **err)
8948{
8949 char **target;
8950
Willy Tarreauef934602016-12-22 23:12:01 +01008951 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01008952
8953 if (too_many_args(1, args, err, NULL))
8954 return -1;
8955
8956 if (*(args[1]) == 0) {
8957 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
8958 return -1;
8959 }
8960
8961 free(*target);
8962 *target = strdup(args[1]);
8963 return 0;
8964}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008965
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008966#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008967/* parse the "ssl-default-bind-ciphersuites" / "ssl-default-server-ciphersuites" keywords
8968 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
8969 */
8970static int ssl_parse_global_ciphersuites(char **args, int section_type, struct proxy *curpx,
8971 struct proxy *defpx, const char *file, int line,
8972 char **err)
8973{
8974 char **target;
8975
8976 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphersuites : &global_ssl.connect_default_ciphersuites;
8977
8978 if (too_many_args(1, args, err, NULL))
8979 return -1;
8980
8981 if (*(args[1]) == 0) {
8982 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
8983 return -1;
8984 }
8985
8986 free(*target);
8987 *target = strdup(args[1]);
8988 return 0;
8989}
8990#endif
Willy Tarreauf22e9682016-12-21 23:23:19 +01008991
Willy Tarreau9ceda382016-12-21 23:13:03 +01008992/* parse various global tune.ssl settings consisting in positive integers.
8993 * Returns <0 on alert, >0 on warning, 0 on success.
8994 */
8995static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
8996 struct proxy *defpx, const char *file, int line,
8997 char **err)
8998{
8999 int *target;
9000
9001 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
9002 target = &global.tune.sslcachesize;
9003 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009004 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009005 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009006 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009007 else if (strcmp(args[0], "maxsslconn") == 0)
9008 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009009 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
9010 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009011 else {
9012 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
9013 return -1;
9014 }
9015
9016 if (too_many_args(1, args, err, NULL))
9017 return -1;
9018
9019 if (*(args[1]) == 0) {
9020 memprintf(err, "'%s' expects an integer argument.", args[0]);
9021 return -1;
9022 }
9023
9024 *target = atoi(args[1]);
9025 if (*target < 0) {
9026 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
9027 return -1;
9028 }
9029 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009030}
9031
9032static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
9033 struct proxy *defpx, const char *file, int line,
9034 char **err)
9035{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009036 int ret;
9037
9038 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
9039 if (ret != 0)
9040 return ret;
9041
Willy Tarreaubafbe012017-11-24 17:34:44 +01009042 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009043 memprintf(err, "'%s' is already configured.", args[0]);
9044 return -1;
9045 }
9046
Willy Tarreaubafbe012017-11-24 17:34:44 +01009047 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
9048 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009049 memprintf(err, "Out of memory error.");
9050 return -1;
9051 }
9052 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009053}
9054
9055/* parse "ssl.force-private-cache".
9056 * Returns <0 on alert, >0 on warning, 0 on success.
9057 */
9058static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
9059 struct proxy *defpx, const char *file, int line,
9060 char **err)
9061{
9062 if (too_many_args(0, args, err, NULL))
9063 return -1;
9064
Willy Tarreauef934602016-12-22 23:12:01 +01009065 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009066 return 0;
9067}
9068
9069/* parse "ssl.lifetime".
9070 * Returns <0 on alert, >0 on warning, 0 on success.
9071 */
9072static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
9073 struct proxy *defpx, const char *file, int line,
9074 char **err)
9075{
9076 const char *res;
9077
9078 if (too_many_args(1, args, err, NULL))
9079 return -1;
9080
9081 if (*(args[1]) == 0) {
9082 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
9083 return -1;
9084 }
9085
Willy Tarreauef934602016-12-22 23:12:01 +01009086 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9faebe32019-06-07 19:00:37 +02009087 if (res == PARSE_TIME_OVER) {
9088 memprintf(err, "timer overflow in argument '%s' to <%s> (maximum value is 2147483647 s or ~68 years).",
9089 args[1], args[0]);
9090 return -1;
9091 }
9092 else if (res == PARSE_TIME_UNDER) {
9093 memprintf(err, "timer underflow in argument '%s' to <%s> (minimum non-null value is 1 s).",
9094 args[1], args[0]);
9095 return -1;
9096 }
9097 else if (res) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009098 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
9099 return -1;
9100 }
9101 return 0;
9102}
9103
9104#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01009105/* parse "ssl-dh-param-file".
9106 * Returns <0 on alert, >0 on warning, 0 on success.
9107 */
9108static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
9109 struct proxy *defpx, const char *file, int line,
9110 char **err)
9111{
9112 if (too_many_args(1, args, err, NULL))
9113 return -1;
9114
9115 if (*(args[1]) == 0) {
9116 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
9117 return -1;
9118 }
9119
9120 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
9121 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
9122 return -1;
9123 }
9124 return 0;
9125}
9126
Willy Tarreau9ceda382016-12-21 23:13:03 +01009127/* parse "ssl.default-dh-param".
9128 * Returns <0 on alert, >0 on warning, 0 on success.
9129 */
9130static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
9131 struct proxy *defpx, const char *file, int line,
9132 char **err)
9133{
9134 if (too_many_args(1, args, err, NULL))
9135 return -1;
9136
9137 if (*(args[1]) == 0) {
9138 memprintf(err, "'%s' expects an integer argument.", args[0]);
9139 return -1;
9140 }
9141
Willy Tarreauef934602016-12-22 23:12:01 +01009142 global_ssl.default_dh_param = atoi(args[1]);
9143 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009144 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
9145 return -1;
9146 }
9147 return 0;
9148}
9149#endif
9150
9151
William Lallemand32af2032016-10-29 18:09:35 +02009152/* This function is used with TLS ticket keys management. It permits to browse
9153 * each reference. The variable <getnext> must contain the current node,
9154 * <end> point to the root node.
9155 */
9156#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9157static inline
9158struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
9159{
9160 struct tls_keys_ref *ref = getnext;
9161
9162 while (1) {
9163
9164 /* Get next list entry. */
9165 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
9166
9167 /* If the entry is the last of the list, return NULL. */
9168 if (&ref->list == end)
9169 return NULL;
9170
9171 return ref;
9172 }
9173}
9174
9175static inline
9176struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
9177{
9178 int id;
9179 char *error;
9180
9181 /* If the reference starts by a '#', this is numeric id. */
9182 if (reference[0] == '#') {
9183 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
9184 id = strtol(reference + 1, &error, 10);
9185 if (*error != '\0')
9186 return NULL;
9187
9188 /* Perform the unique id lookup. */
9189 return tlskeys_ref_lookupid(id);
9190 }
9191
9192 /* Perform the string lookup. */
9193 return tlskeys_ref_lookup(reference);
9194}
9195#endif
9196
9197
9198#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9199
9200static int cli_io_handler_tlskeys_files(struct appctx *appctx);
9201
9202static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
9203 return cli_io_handler_tlskeys_files(appctx);
9204}
9205
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009206/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
9207 * (next index to be dumped), and cli.p0 (next key reference).
9208 */
William Lallemand32af2032016-10-29 18:09:35 +02009209static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
9210
9211 struct stream_interface *si = appctx->owner;
9212
9213 switch (appctx->st2) {
9214 case STAT_ST_INIT:
9215 /* Display the column headers. If the message cannot be sent,
Joseph Herlant017b3da2018-11-15 09:07:59 -08009216 * quit the function with returning 0. The function is called
William Lallemand32af2032016-10-29 18:09:35 +02009217 * later and restart at the state "STAT_ST_INIT".
9218 */
9219 chunk_reset(&trash);
9220
9221 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
9222 chunk_appendf(&trash, "# id secret\n");
9223 else
9224 chunk_appendf(&trash, "# id (file)\n");
9225
Willy Tarreau06d80a92017-10-19 14:32:15 +02009226 if (ci_putchk(si_ic(si), &trash) == -1) {
Willy Tarreaudb398432018-11-15 11:08:52 +01009227 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009228 return 0;
9229 }
9230
William Lallemand32af2032016-10-29 18:09:35 +02009231 /* Now, we start the browsing of the references lists.
9232 * Note that the following call to LIST_ELEM return bad pointer. The only
9233 * available field of this pointer is <list>. It is used with the function
9234 * tlskeys_list_get_next() for retruning the first available entry
9235 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009236 if (appctx->ctx.cli.p0 == NULL) {
9237 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
9238 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009239 }
9240
9241 appctx->st2 = STAT_ST_LIST;
9242 /* fall through */
9243
9244 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009245 while (appctx->ctx.cli.p0) {
9246 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +02009247
9248 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009249 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +02009250 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009251
9252 if (appctx->ctx.cli.i1 == 0)
9253 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
9254
William Lallemand32af2032016-10-29 18:09:35 +02009255 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +01009256 int head;
9257
9258 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
9259 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009260 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
Willy Tarreau83061a82018-07-13 11:56:34 +02009261 struct buffer *t2 = get_trash_chunk();
William Lallemand32af2032016-10-29 18:09:35 +02009262
9263 chunk_reset(t2);
9264 /* should never fail here because we dump only a key in the t2 buffer */
Emeric Brun9e754772019-01-10 17:51:55 +01009265 if (ref->key_size_bits == 128) {
9266 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9267 sizeof(struct tls_sess_key_128),
9268 t2->area, t2->size);
9269 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9270 t2->area);
9271 }
9272 else if (ref->key_size_bits == 256) {
9273 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9274 sizeof(struct tls_sess_key_256),
9275 t2->area, t2->size);
9276 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9277 t2->area);
9278 }
9279 else {
9280 /* This case should never happen */
9281 chunk_appendf(&trash, "%d.%d <unknown>\n", ref->unique_id, appctx->ctx.cli.i1);
9282 }
William Lallemand32af2032016-10-29 18:09:35 +02009283
Willy Tarreau06d80a92017-10-19 14:32:15 +02009284 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009285 /* let's try again later from this stream. We add ourselves into
9286 * this stream's users so that it can remove us upon termination.
9287 */
Christopher Faulet16f45c82018-02-16 11:23:49 +01009288 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreaudb398432018-11-15 11:08:52 +01009289 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009290 return 0;
9291 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009292 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +02009293 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01009294 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009295 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009296 }
Willy Tarreau06d80a92017-10-19 14:32:15 +02009297 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009298 /* let's try again later from this stream. We add ourselves into
9299 * this stream's users so that it can remove us upon termination.
9300 */
Willy Tarreaudb398432018-11-15 11:08:52 +01009301 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009302 return 0;
9303 }
9304
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009305 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +02009306 break;
9307
9308 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009309 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009310 }
9311
9312 appctx->st2 = STAT_ST_FIN;
9313 /* fall through */
9314
9315 default:
9316 appctx->st2 = STAT_ST_FIN;
9317 return 1;
9318 }
9319 return 0;
9320}
9321
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009322/* sets cli.i0 to non-zero if only file lists should be dumped */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009323static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009324{
William Lallemand32af2032016-10-29 18:09:35 +02009325 /* no parameter, shows only file list */
9326 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009327 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009328 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009329 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009330 }
9331
9332 if (args[2][0] == '*') {
9333 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009334 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009335 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009336 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
9337 if (!appctx->ctx.cli.p0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009338 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009339 appctx->ctx.cli.msg = "'show tls-keys' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009340 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009341 return 1;
9342 }
9343 }
William Lallemand32af2032016-10-29 18:09:35 +02009344 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009345 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009346}
9347
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009348static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009349{
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009350 struct tls_keys_ref *ref;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009351 int ret;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009352
William Lallemand32af2032016-10-29 18:09:35 +02009353 /* Expect two parameters: the filename and the new new TLS key in encoding */
9354 if (!*args[3] || !*args[4]) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009355 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009356 appctx->ctx.cli.msg = "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009357 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009358 return 1;
9359 }
9360
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009361 ref = tlskeys_ref_lookup_ref(args[3]);
9362 if (!ref) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009363 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009364 appctx->ctx.cli.msg = "'set ssl tls-key' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009365 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009366 return 1;
9367 }
9368
Willy Tarreau1c913e42018-08-22 05:26:57 +02009369 ret = base64dec(args[4], strlen(args[4]), trash.area, trash.size);
Emeric Brun9e754772019-01-10 17:51:55 +01009370 if (ret < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009371 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009372 appctx->ctx.cli.msg = "'set ssl tls-key' received invalid base64 encoded TLS key.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009373 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009374 return 1;
9375 }
Emeric Brun9e754772019-01-10 17:51:55 +01009376
Willy Tarreau1c913e42018-08-22 05:26:57 +02009377 trash.data = ret;
Emeric Brun9e754772019-01-10 17:51:55 +01009378 if (ssl_sock_update_tlskey_ref(ref, &trash) < 0) {
9379 appctx->ctx.cli.severity = LOG_ERR;
9380 appctx->ctx.cli.msg = "'set ssl tls-key' received a key of wrong size.\n";
9381 appctx->st0 = CLI_ST_PRINT;
9382 return 1;
9383 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009384 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01009385 appctx->ctx.cli.msg = "TLS ticket key updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009386 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009387 return 1;
9388
9389}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009390#endif
William Lallemand32af2032016-10-29 18:09:35 +02009391
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009392static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009393{
9394#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
9395 char *err = NULL;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009396 int i, j, ret;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009397
9398 if (!payload)
9399 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +02009400
9401 /* Expect one parameter: the new response in base64 encoding */
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009402 if (!*payload) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009403 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009404 appctx->ctx.cli.msg = "'set ssl ocsp-response' expects response in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009405 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009406 return 1;
9407 }
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009408
9409 /* remove \r and \n from the payload */
9410 for (i = 0, j = 0; payload[i]; i++) {
9411 if (payload[i] == '\r' || payload[i] == '\n')
9412 continue;
9413 payload[j++] = payload[i];
9414 }
9415 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009416
Willy Tarreau1c913e42018-08-22 05:26:57 +02009417 ret = base64dec(payload, j, trash.area, trash.size);
9418 if (ret < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009419 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009420 appctx->ctx.cli.msg = "'set ssl ocsp-response' received invalid base64 encoded response.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009421 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009422 return 1;
9423 }
9424
Willy Tarreau1c913e42018-08-22 05:26:57 +02009425 trash.data = ret;
William Lallemand32af2032016-10-29 18:09:35 +02009426 if (ssl_sock_update_ocsp_response(&trash, &err)) {
9427 if (err) {
9428 memprintf(&err, "%s.\n", err);
9429 appctx->ctx.cli.err = err;
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009430 appctx->st0 = CLI_ST_PRINT_FREE;
William Lallemand32af2032016-10-29 18:09:35 +02009431 }
Aurélien Nephtali9a4da682018-04-16 19:02:42 +02009432 else {
9433 appctx->ctx.cli.severity = LOG_ERR;
9434 appctx->ctx.cli.msg = "Failed to update OCSP response.\n";
9435 appctx->st0 = CLI_ST_PRINT;
9436 }
William Lallemand32af2032016-10-29 18:09:35 +02009437 return 1;
9438 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009439 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01009440 appctx->ctx.cli.msg = "OCSP Response updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009441 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009442 return 1;
9443#else
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009444 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009445 appctx->ctx.cli.msg = "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009446 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009447 return 1;
9448#endif
9449
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009450}
9451
Willy Tarreau86a394e2019-05-09 14:15:32 +02009452#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009453static inline int sample_conv_var2smp_str(const struct arg *arg, struct sample *smp)
9454{
9455 switch (arg->type) {
9456 case ARGT_STR:
9457 smp->data.type = SMP_T_STR;
9458 smp->data.u.str = arg->data.str;
9459 return 1;
9460 case ARGT_VAR:
9461 if (!vars_get_by_desc(&arg->data.var, smp))
9462 return 0;
9463 if (!sample_casts[smp->data.type][SMP_T_STR])
9464 return 0;
9465 if (!sample_casts[smp->data.type][SMP_T_STR](smp))
9466 return 0;
9467 return 1;
9468 default:
9469 return 0;
9470 }
9471}
9472
9473static int check_aes_gcm(struct arg *args, struct sample_conv *conv,
9474 const char *file, int line, char **err)
9475{
9476 switch(args[0].data.sint) {
9477 case 128:
9478 case 192:
9479 case 256:
9480 break;
9481 default:
9482 memprintf(err, "key size must be 128, 192 or 256 (bits).");
9483 return 0;
9484 }
9485 /* Try to decode a variable. */
9486 vars_check_arg(&args[1], NULL);
9487 vars_check_arg(&args[2], NULL);
9488 vars_check_arg(&args[3], NULL);
9489 return 1;
9490}
9491
9492/* Arguements: AES size in bits, nonce, key, tag. The last three arguments are base64 encoded */
9493static int sample_conv_aes_gcm_dec(const struct arg *arg_p, struct sample *smp, void *private)
9494{
9495 struct sample nonce, key, aead_tag;
9496 struct buffer *smp_trash, *smp_trash_alloc;
9497 EVP_CIPHER_CTX *ctx;
9498 int dec_size, ret;
9499
9500 smp_set_owner(&nonce, smp->px, smp->sess, smp->strm, smp->opt);
9501 if (!sample_conv_var2smp_str(&arg_p[1], &nonce))
9502 return 0;
9503
9504 smp_set_owner(&key, smp->px, smp->sess, smp->strm, smp->opt);
9505 if (!sample_conv_var2smp_str(&arg_p[2], &key))
9506 return 0;
9507
9508 smp_set_owner(&aead_tag, smp->px, smp->sess, smp->strm, smp->opt);
9509 if (!sample_conv_var2smp_str(&arg_p[3], &aead_tag))
9510 return 0;
9511
9512 smp_trash = get_trash_chunk();
9513 smp_trash_alloc = alloc_trash_chunk();
9514 if (!smp_trash_alloc)
9515 return 0;
9516
9517 ctx = EVP_CIPHER_CTX_new();
9518
9519 if (!ctx)
9520 goto err;
9521
9522 dec_size = base64dec(nonce.data.u.str.area, nonce.data.u.str.data, smp_trash->area, smp_trash->size);
9523 if (dec_size < 0)
9524 goto err;
9525 smp_trash->data = dec_size;
9526
9527 /* Set cipher type and mode */
9528 switch(arg_p[0].data.sint) {
9529 case 128:
9530 EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
9531 break;
9532 case 192:
9533 EVP_DecryptInit_ex(ctx, EVP_aes_192_gcm(), NULL, NULL, NULL);
9534 break;
9535 case 256:
9536 EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
9537 break;
9538 }
9539
9540 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, smp_trash->data, NULL);
9541
9542 /* Initialise IV */
9543 if(!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, (unsigned char *) smp_trash->area))
9544 goto err;
9545
9546 dec_size = base64dec(key.data.u.str.area, key.data.u.str.data, smp_trash->area, smp_trash->size);
9547 if (dec_size < 0)
9548 goto err;
9549 smp_trash->data = dec_size;
9550
9551 /* Initialise key */
9552 if (!EVP_DecryptInit_ex(ctx, NULL, NULL, (unsigned char *) smp_trash->area, NULL))
9553 goto err;
9554
9555 if (!EVP_DecryptUpdate(ctx, (unsigned char *) smp_trash->area, (int *) &smp_trash->data,
9556 (unsigned char *) smp->data.u.str.area, (int) smp->data.u.str.data))
9557 goto err;
9558
9559 dec_size = base64dec(aead_tag.data.u.str.area, aead_tag.data.u.str.data, smp_trash_alloc->area, smp_trash_alloc->size);
9560 if (dec_size < 0)
9561 goto err;
9562 smp_trash_alloc->data = dec_size;
9563 dec_size = smp_trash->data;
9564
9565 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, smp_trash_alloc->data, (void *) smp_trash_alloc->area);
9566 ret = EVP_DecryptFinal_ex(ctx, (unsigned char *) smp_trash->area + smp_trash->data, (int *) &smp_trash->data);
9567
9568 if (ret <= 0)
9569 goto err;
9570
9571 smp->data.u.str.data = dec_size + smp_trash->data;
9572 smp->data.u.str.area = smp_trash->area;
9573 smp->data.type = SMP_T_BIN;
9574 smp->flags &= ~SMP_F_CONST;
9575 free_trash_chunk(smp_trash_alloc);
9576 return 1;
9577
9578err:
9579 free_trash_chunk(smp_trash_alloc);
9580 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009581}
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009582# endif
William Lallemand32af2032016-10-29 18:09:35 +02009583
9584/* register cli keywords */
9585static struct cli_kw_list cli_kws = {{ },{
9586#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9587 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +02009588 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009589#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009590 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009591 { { NULL }, NULL, NULL, NULL }
9592}};
9593
Willy Tarreau0108d902018-11-25 19:14:37 +01009594INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);
William Lallemand32af2032016-10-29 18:09:35 +02009595
Willy Tarreau7875d092012-09-10 08:20:03 +02009596/* Note: must not be declared <const> as its list will be overwritten.
9597 * Please take care of keeping this list alphabetically sorted.
9598 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009599static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +02009600 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009601 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009602#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Jérôme Magnine064a802018-12-03 22:21:04 +01009603 { "ssl_bc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009604#endif
Emeric Brun645ae792014-04-30 14:21:06 +02009605 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009606#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
9607 { "ssl_bc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
9608#endif
Emeric Brun74f7ffa2018-02-19 16:14:12 +01009609 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02009610 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +02009611 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009612 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009613#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +02009614 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04009615#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009616#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -04009617 { "ssl_bc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
9618 { "ssl_bc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmere0275472018-04-28 19:15:51 -04009619 { "ssl_bc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
9620#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009621 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9622 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009623 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009624 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009625 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9626 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9627 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9628 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9629 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9630 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9631 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9632 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009633 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009634 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9635 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009636 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009637 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9638 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9639 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9640 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9641 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9642 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9643 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +02009644 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009645 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009646 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009647 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009648 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009649 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009650 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009651 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02009652 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Bernard Spil13c53f82018-02-15 13:34:58 +01009653#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009654 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +02009655#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01009656#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009657 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +02009658#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009659 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009660#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brunb73a9b02014-04-30 18:49:19 +02009661 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009662#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009663 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009664#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009665 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009666#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009667#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -04009668 { "ssl_fc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9669 { "ssl_fc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmere0275472018-04-28 19:15:51 -04009670 { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9671#endif
Patrick Hemmer41966772018-04-28 19:15:48 -04009672#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009673 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009674#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009675 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9676 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9677 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9678 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +02009679 { NULL, NULL, 0, 0, 0 },
9680}};
9681
Willy Tarreau0108d902018-11-25 19:14:37 +01009682INITCALL1(STG_REGISTER, sample_register_fetches, &sample_fetch_keywords);
9683
Willy Tarreau7875d092012-09-10 08:20:03 +02009684/* Note: must not be declared <const> as its list will be overwritten.
9685 * Please take care of keeping this list alphabetically sorted.
9686 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009687static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +01009688 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
9689 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +01009690 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +02009691}};
9692
Willy Tarreau0108d902018-11-25 19:14:37 +01009693INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
9694
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009695/* Note: must not be declared <const> as its list will be overwritten.
9696 * Please take care of keeping this list alphabetically sorted, doing so helps
9697 * all code contributors.
9698 * Optional keywords are also declared with a NULL ->parse() function so that
9699 * the config parser can report an appropriate error when a known keyword was
9700 * not enabled.
9701 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009702static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009703 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009704 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9705 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9706 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009707#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009708 { "ciphersuites", ssl_bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9709#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009710 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01009711 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009712 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009713 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009714 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02009715 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
9716 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009717 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
9718 { NULL, NULL, 0 },
9719};
9720
Willy Tarreau0108d902018-11-25 19:14:37 +01009721/* no initcall for ssl_bind_kws, these ones are parsed in the parser loop */
9722
Willy Tarreau51fb7652012-09-18 18:24:39 +02009723static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009724 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009725 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9726 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9727 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
9728 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
9729 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
9730 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009731#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009732 { "ciphersuites", bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9733#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009734 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
9735 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
9736 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
9737 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
9738 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
9739 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
9740 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
9741 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
9742 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
9743 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009744 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009745 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009746 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009747 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
9748 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
9749 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
9750 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009751 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009752 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
9753 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009754 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
9755 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009756 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
9757 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
9758 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
9759 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
9760 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009761 { NULL, NULL, 0 },
9762}};
Emeric Brun46591952012-05-18 15:47:34 +02009763
Willy Tarreau0108d902018-11-25 19:14:37 +01009764INITCALL1(STG_REGISTER, bind_register_keywords, &bind_kws);
9765
Willy Tarreau92faadf2012-10-10 23:04:25 +02009766/* Note: must not be declared <const> as its list will be overwritten.
9767 * Please take care of keeping this list alphabetically sorted, doing so helps
9768 * all code contributors.
9769 * Optional keywords are also declared with a NULL ->parse() function so that
9770 * the config parser can report an appropriate error when a known keyword was
9771 * not enabled.
9772 */
9773static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +01009774 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Olivier Houchardc7566002018-11-20 23:33:50 +01009775 { "alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009776 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard92150142018-12-21 19:47:01 +01009777 { "check-alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN used for checks */
Olivier Houchard9130a962017-10-17 17:33:43 +02009778 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009779 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
9780 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009781#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009782 { "ciphersuites", srv_parse_ciphersuites, 1, 1 }, /* select the cipher suite */
9783#endif
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009784 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
9785 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
9786 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
9787 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
9788 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
9789 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
9790 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
9791 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
9792 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
9793 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
9794 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
9795 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
9796 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
9797 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
9798 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
9799 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
9800 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
9801 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
Olivier Houchardc7566002018-11-20 23:33:50 +01009802 { "npn", srv_parse_npn, 1, 1 }, /* Set NPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009803 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
9804 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
9805 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
9806 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
9807 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
9808 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
9809 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
9810 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
9811 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
9812 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +02009813 { NULL, NULL, 0, 0 },
9814}};
9815
Willy Tarreau0108d902018-11-25 19:14:37 +01009816INITCALL1(STG_REGISTER, srv_register_keywords, &srv_kws);
9817
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009818static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009819 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
9820 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009821 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009822 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
9823 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +01009824#ifndef OPENSSL_NO_DH
9825 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
9826#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009827 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009828#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009829 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009830#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +01009831 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
9832#ifndef OPENSSL_NO_DH
9833 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
9834#endif
9835 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
9836 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
9837 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
9838 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009839 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +01009840 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
9841 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009842#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009843 { CFG_GLOBAL, "ssl-default-bind-ciphersuites", ssl_parse_global_ciphersuites },
9844 { CFG_GLOBAL, "ssl-default-server-ciphersuites", ssl_parse_global_ciphersuites },
9845#endif
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009846 { 0, NULL, NULL },
9847}};
9848
Willy Tarreau0108d902018-11-25 19:14:37 +01009849INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws);
9850
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009851/* Note: must not be declared <const> as its list will be overwritten */
9852static struct sample_conv_kw_list conv_kws = {ILH, {
Willy Tarreau86a394e2019-05-09 14:15:32 +02009853#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009854 { "aes_gcm_dec", sample_conv_aes_gcm_dec, ARG4(4,SINT,STR,STR,STR), check_aes_gcm, SMP_T_BIN, SMP_T_BIN },
9855#endif
9856 { NULL, NULL, 0, 0, 0 },
9857}};
9858
9859INITCALL1(STG_REGISTER, sample_register_convs, &conv_kws);
9860
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02009861/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +01009862static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +02009863 .snd_buf = ssl_sock_from_buf,
9864 .rcv_buf = ssl_sock_to_buf,
Olivier Houcharddf357842019-03-21 16:30:07 +01009865 .subscribe = ssl_subscribe,
9866 .unsubscribe = ssl_unsubscribe,
Olivier Houchard5149b592019-05-23 17:47:36 +02009867 .remove_xprt = ssl_remove_xprt,
Olivier Houchard2e055482019-05-27 19:50:12 +02009868 .add_xprt = ssl_add_xprt,
Emeric Brun46591952012-05-18 15:47:34 +02009869 .rcv_pipe = NULL,
9870 .snd_pipe = NULL,
9871 .shutr = NULL,
9872 .shutw = ssl_sock_shutw,
9873 .close = ssl_sock_close,
9874 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +01009875 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +01009876 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +01009877 .prepare_srv = ssl_sock_prepare_srv_ctx,
9878 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +01009879 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +01009880 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +02009881};
9882
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009883enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
9884 struct session *sess, struct stream *s, int flags)
9885{
9886 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009887 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009888
9889 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009890 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009891
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009892 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009893 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009894 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009895 s->req.flags |= CF_READ_NULL;
9896 return ACT_RET_YIELD;
9897 }
9898 }
9899 return (ACT_RET_CONT);
9900}
9901
9902static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
9903{
9904 rule->action_ptr = ssl_action_wait_for_hs;
9905
9906 return ACT_RET_PRS_OK;
9907}
9908
9909static struct action_kw_list http_req_actions = {ILH, {
9910 { "wait-for-handshake", ssl_parse_wait_for_hs },
9911 { /* END */ }
9912}};
9913
Willy Tarreau0108d902018-11-25 19:14:37 +01009914INITCALL1(STG_REGISTER, http_req_keywords_register, &http_req_actions);
9915
Willy Tarreau5db847a2019-05-09 14:13:35 +02009916#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009917
9918static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
9919{
9920 if (ptr) {
9921 chunk_destroy(ptr);
9922 free(ptr);
9923 }
9924}
9925
9926#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01009927static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
9928{
Willy Tarreaubafbe012017-11-24 17:34:44 +01009929 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01009930}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009931
Emeric Brun46591952012-05-18 15:47:34 +02009932__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +02009933static void __ssl_sock_init(void)
9934{
Ilya Shipitsin0590f442019-05-25 19:30:50 +05009935#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +02009936 STACK_OF(SSL_COMP)* cm;
Ilya Shipitsine242f3d2019-05-25 03:38:14 +05009937 int n;
Ilya Shipitsin0590f442019-05-25 19:30:50 +05009938#endif
Emeric Brun46591952012-05-18 15:47:34 +02009939
Willy Tarreauef934602016-12-22 23:12:01 +01009940 if (global_ssl.listen_default_ciphers)
9941 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
9942 if (global_ssl.connect_default_ciphers)
9943 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009944#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009945 if (global_ssl.listen_default_ciphersuites)
9946 global_ssl.listen_default_ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
9947 if (global_ssl.connect_default_ciphersuites)
9948 global_ssl.connect_default_ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
9949#endif
Willy Tarreau610f04b2014-02-13 11:36:41 +01009950
Willy Tarreau13e14102016-12-22 20:25:26 +01009951 xprt_register(XPRT_SSL, &ssl_sock);
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009952#if HA_OPENSSL_VERSION_NUMBER < 0x10100000L
Emeric Brun46591952012-05-18 15:47:34 +02009953 SSL_library_init();
Rosen Penev68185952018-12-14 08:47:02 -08009954#endif
Ilya Shipitsin0590f442019-05-25 19:30:50 +05009955#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +02009956 cm = SSL_COMP_get_compression_methods();
Ilya Shipitsine242f3d2019-05-25 03:38:14 +05009957 n = sk_SSL_COMP_num(cm);
9958 while (n--) {
9959 (void) sk_SSL_COMP_pop(cm);
9960 }
Ilya Shipitsin0590f442019-05-25 19:30:50 +05009961#endif
Ilya Shipitsine242f3d2019-05-25 03:38:14 +05009962
Willy Tarreau5db847a2019-05-09 14:13:35 +02009963#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Emeric Brun821bb9b2017-06-15 16:37:39 +02009964 ssl_locking_init();
9965#endif
Willy Tarreau5db847a2019-05-09 14:13:35 +02009966#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009967 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
9968#endif
Thierry FOURNIER28962c92018-06-17 21:37:05 +02009969 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +02009970 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01009971 ssl_pkey_info_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009972#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009973 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009974 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009975#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +01009976#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9977 hap_register_post_check(tlskeys_finalize_config);
9978#endif
Willy Tarreau80713382018-11-26 10:19:54 +01009979
9980 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
9981 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
9982
9983#ifndef OPENSSL_NO_DH
9984 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
9985 hap_register_post_deinit(ssl_free_dh);
9986#endif
9987#ifndef OPENSSL_NO_ENGINE
9988 hap_register_post_deinit(ssl_free_engines);
9989#endif
9990 /* Load SSL string for the verbose & debug mode. */
9991 ERR_load_SSL_strings();
Olivier Houcharda8955d52019-04-07 22:00:38 +02009992 ha_meth = BIO_meth_new(0x666, "ha methods");
9993 BIO_meth_set_write(ha_meth, ha_ssl_write);
9994 BIO_meth_set_read(ha_meth, ha_ssl_read);
9995 BIO_meth_set_ctrl(ha_meth, ha_ssl_ctrl);
9996 BIO_meth_set_create(ha_meth, ha_ssl_new);
9997 BIO_meth_set_destroy(ha_meth, ha_ssl_free);
9998 BIO_meth_set_puts(ha_meth, ha_ssl_puts);
9999 BIO_meth_set_gets(ha_meth, ha_ssl_gets);
Willy Tarreau80713382018-11-26 10:19:54 +010010000}
Willy Tarreaud92aa5c2015-01-15 21:34:39 +010010001
Willy Tarreau80713382018-11-26 10:19:54 +010010002/* Compute and register the version string */
10003static void ssl_register_build_options()
10004{
10005 char *ptr = NULL;
10006 int i;
10007
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010008 memprintf(&ptr, "Built with OpenSSL version : "
10009#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010010010 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010011#else /* OPENSSL_IS_BORINGSSL */
10012 OPENSSL_VERSION_TEXT
10013 "\nRunning on OpenSSL version : %s%s",
Rosen Penev68185952018-12-14 08:47:02 -080010014 OpenSSL_version(OPENSSL_VERSION),
Willy Tarreau1d158ab2019-05-09 13:41:45 +020010015 ((OPENSSL_VERSION_NUMBER ^ OpenSSL_version_num()) >> 8) ? " (VERSIONS DIFFER!)" : "");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010016#endif
10017 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010018#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010019 "no (library version too old)"
10020#elif defined(OPENSSL_NO_TLSEXT)
10021 "no (disabled via OPENSSL_NO_TLSEXT)"
10022#else
10023 "yes"
10024#endif
10025 "", ptr);
10026
10027 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
10028#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
10029 "yes"
10030#else
10031#ifdef OPENSSL_NO_TLSEXT
10032 "no (because of OPENSSL_NO_TLSEXT)"
10033#else
10034 "no (version might be too old, 0.9.8f min needed)"
10035#endif
10036#endif
10037 "", ptr);
10038
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +020010039 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
10040 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
10041 if (methodVersions[i].option)
10042 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010010043
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010044 hap_register_build_opts(ptr, 1);
Willy Tarreau80713382018-11-26 10:19:54 +010010045}
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010046
Willy Tarreau80713382018-11-26 10:19:54 +010010047INITCALL0(STG_REGISTER, ssl_register_build_options);
Remi Gacogne4f902b82015-05-28 16:23:00 +020010048
Emeric Brun46591952012-05-18 15:47:34 +020010049
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010050#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000010051void ssl_free_engines(void) {
10052 struct ssl_engine_list *wl, *wlb;
10053 /* free up engine list */
10054 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
10055 ENGINE_finish(wl->e);
10056 ENGINE_free(wl->e);
10057 LIST_DEL(&wl->list);
10058 free(wl);
10059 }
10060}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010061#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +020010062
Remi Gacogned3a23c32015-05-28 16:39:47 +020010063#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +000010064void ssl_free_dh(void) {
10065 if (local_dh_1024) {
10066 DH_free(local_dh_1024);
10067 local_dh_1024 = NULL;
10068 }
10069 if (local_dh_2048) {
10070 DH_free(local_dh_2048);
10071 local_dh_2048 = NULL;
10072 }
10073 if (local_dh_4096) {
10074 DH_free(local_dh_4096);
10075 local_dh_4096 = NULL;
10076 }
Remi Gacogne47783ef2015-05-29 15:53:22 +020010077 if (global_dh) {
10078 DH_free(global_dh);
10079 global_dh = NULL;
10080 }
Grant Zhang872f9c22017-01-21 01:10:18 +000010081}
10082#endif
10083
10084__attribute__((destructor))
10085static void __ssl_sock_deinit(void)
10086{
10087#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +020010088 if (ssl_ctx_lru_tree) {
10089 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +010010090 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +020010091 }
Remi Gacogned3a23c32015-05-28 16:39:47 +020010092#endif
10093
Willy Tarreau5db847a2019-05-09 14:13:35 +020010094#if (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020010095 ERR_remove_state(0);
10096 ERR_free_strings();
10097
10098 EVP_cleanup();
Rosen Penev68185952018-12-14 08:47:02 -080010099#endif
Remi Gacogned3a23c32015-05-28 16:39:47 +020010100
Willy Tarreau5db847a2019-05-09 14:13:35 +020010101#if (HA_OPENSSL_VERSION_NUMBER >= 0x00907000L) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020010102 CRYPTO_cleanup_all_ex_data();
10103#endif
Olivier Houcharda8955d52019-04-07 22:00:38 +020010104 BIO_meth_free(ha_meth);
Remi Gacogned3a23c32015-05-28 16:39:47 +020010105}
10106
10107
Emeric Brun46591952012-05-18 15:47:34 +020010108/*
10109 * Local variables:
10110 * c-indent-level: 8
10111 * c-basic-offset: 8
10112 * End:
10113 */